-
December 15th, 2007, 03:21 AM
#1
how to implement the "remember password" feature
hey,
i have a questions concerning C#.
i have a program that requires logging in.
people have to enter their username and password and then login.
the problem is that i want to add a "remember password" feature where if checked, the password entered will be saved along with the username.
if it is not checked then the username will only be saved but not the password.
when the user opens the program again, all the usernames will be fetched and loaded and he can choose the one he wants and the password will be automatically added (that's if he previously checked the "remember password").
it's just like the msn, aim and all programs that require logging in.
But the question is: where do i save the password? and how do i do it?
what is the best way to do this?
Thank You.
-
December 15th, 2007, 04:45 AM
#2
Re: how to implement the "remember password" feature
web? windows? sort of makes a difference.
you can store that in a cookie for the web (encrypted of course), or in a seperate file for windows (encrypted as well). most apps that save user info usually save them in some config type file inside the app's program files directory, or somewhere in the user directory.
-
December 15th, 2007, 08:14 PM
#3
Re: how to implement the "remember password" feature
It is a windows form, not a web application, how to implement?
what is the details?
do you have sample code or project?
-
December 16th, 2007, 10:25 AM
#4
Re: how to implement the "remember password" feature
you can just add user id and psswrd
to the application config xml file
and check if it's there when you start your program
if it have to be more secret than that but not really scary evil genious secret
just do a good old rot13 on the chars
-
December 16th, 2007, 01:23 PM
#5
Re: how to implement the "remember password" feature
From .NET Framework 2.0 or higher you can use Data Protection API (DPAPI) in Windows. It encrypts secrets based on currently logged on user, so the security is as good as it gets in Windows.
It is really easy to use:
http://msdn2.microsoft.com/en-us/lib...ecteddata.aspx
-
December 20th, 2007, 09:26 PM
#6
Re: how to implement the "remember password" feature
Originally Posted by j0nas
From .NET Framework 2.0 or higher you can use Data Protection API (DPAPI) in Windows. It encrypts secrets based on currently logged on user, so the security is as good as it gets in Windows.
It is really easy to use:
http://msdn2.microsoft.com/en-us/lib...ecteddata.aspx
It is a good way to encrypt data, but i need to store the username, password and there relation, when the current selected item of the username combbox was changged, the corresponding password shoul be filled in the textbox of password if the user had checked the "remember password" option.
how to implement?
thank you.
-
December 21st, 2007, 02:53 PM
#7
Re: how to implement the "remember password" feature
-
December 21st, 2007, 10:03 PM
#8
Re: how to implement the "remember password" feature
This is a very difficult feature to implement correctly.
Theses were the options I came up with but they all have a flaw:
- Encrypt all usernames and passwords and store into a file (Xml, Binary Serialization, whatever). Unfortunately this means you also have to decrypt them which means either the user specifying a password or the key to be embedded in the application (which means it's not secure).
- Use DPAPI. While it's a great API, you cannot take your data to other machines. Many browsers, like Firefox, have portable versions of their application and yet their remember password feature still works. This would render it useless. This also makes it impossible to import your data to another install.
- Store as plain text (or Properties.Settings as the visibility is the same). This is, of course vulnerable but I believe Firefox uses a similar technique with light encryption which, I believe is easy to break (I never read up on anything regarding it).
All techniques have flaws making this virtually impossible to implement. If anyone has any other ideas I'd definately be interested as well.
-
December 21st, 2007, 10:09 PM
#9
Re: how to implement the "remember password" feature
Originally Posted by aniskhan
It seems cannot create settings at run time.
the username should be added to username combbox when a rightful user has logged in.
-
December 21st, 2007, 10:59 PM
#10
Re: how to implement the "remember password" feature
Helping my dad, and comcast mail, it seems that Firefox 2 and IE 7 both have lost their "Remember Me" checkbox. I had nothing remembered before, but turned it back on. For 2 days, he had to type his username and password, then the dropdown worked.
Today, it remembered his username and password and I just clicked. He may have been on a while before though.
My point, is that it didn't work with IE or FX. Something has changed with comcast mail
-
December 22nd, 2007, 12:06 AM
#11
Re: how to implement the "remember password" feature
you don't have to store an encryption key in your application. there are other ways. you can create a web service and store the information there, or request an encryption key (and if your web service runs over SSL then you're pretty much sound as a pound), you can ship your app with a dummy dll that is used for nothing else except to CRC / MD5, then use the checksum from that file as your key...
point being, be creative and I'm sure you can safely store encrypted info for your users to use without shipping some encryption key with your software, that the layman could discover.
nothings foolproof, but it can be overly difficult.
-
December 22nd, 2007, 12:27 PM
#12
Re: how to implement the "remember password" feature
Originally Posted by lue wenboo
It seems cannot create settings at run time.
the username should be added to username combbox when a rightful user has logged in.
change any value in default settings at runtime
Code:
Properties.Settings.Default.UserName = "NewUserName";
call Save method to save the changes
Code:
Properties.Settings.Default.Save();
-
December 23rd, 2007, 12:24 AM
#13
Re: how to implement the "remember password" feature
to aniskhan :
i see, you can modify any setting at run time.
yet there is no username at first, the user have to type correct username and password to login. if succeed, the app store the username.when the app was run again, the usernam recently succeed login was appeared at the combbox control of username. the user can type a new username and password or select the original username to login and so on
so, the amount of username to be stored is protean
-
December 23rd, 2007, 12:44 AM
#14
Re: how to implement the "remember password" feature
Just check, if the first entry is NewUserName, then don't display anything.
Also, when it's NewUserName would be the ONLY time that you'd overwrite the entry. Otherwise, you'd have to remember to add another user (as many as you need)
-
December 28th, 2007, 11:36 PM
#15
Re: how to implement the "remember password" feature
i am waiting for a good idea!
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|