CodeGuru Home VC++ / MFC / C++ .NET / C# Visual Basic VB Forums Developer.com
Page 1 of 2 12 LastLast
Results 1 to 15 of 16
  1. #1
    Join Date
    Dec 2004
    Posts
    9

    how to implement the "remember password" feature

    hey,

    i have a questions concerning C#.

    i have a program that requires logging in.
    people have to enter their username and password and then login.
    the problem is that i want to add a "remember password" feature where if checked, the password entered will be saved along with the username.
    if it is not checked then the username will only be saved but not the password.

    when the user opens the program again, all the usernames will be fetched and loaded and he can choose the one he wants and the password will be automatically added (that's if he previously checked the "remember password").
    it's just like the msn, aim and all programs that require logging in.

    But the question is: where do i save the password? and how do i do it?
    what is the best way to do this?

    Thank You.

  2. #2
    Join Date
    Mar 2004
    Location
    33°11'18.10"N 96°45'20.28"W
    Posts
    1,808

    Re: how to implement the "remember password" feature

    web? windows? sort of makes a difference.

    you can store that in a cookie for the web (encrypted of course), or in a seperate file for windows (encrypted as well). most apps that save user info usually save them in some config type file inside the app's program files directory, or somewhere in the user directory.

  3. #3
    Join Date
    Dec 2004
    Posts
    9

    Re: how to implement the "remember password" feature

    It is a windows form, not a web application, how to implement?
    what is the details?
    do you have sample code or project?

  4. #4
    Join Date
    Nov 1999
    Location
    Denmark
    Posts
    260

    Re: how to implement the "remember password" feature

    you can just add user id and psswrd
    to the application config xml file
    and check if it's there when you start your program

    if it have to be more secret than that but not really scary evil genious secret
    just do a good old rot13 on the chars

  5. #5
    Join Date
    Aug 2001
    Location
    Stockholm, Sweden
    Posts
    1,664

    Re: how to implement the "remember password" feature

    From .NET Framework 2.0 or higher you can use Data Protection API (DPAPI) in Windows. It encrypts secrets based on currently logged on user, so the security is as good as it gets in Windows.

    It is really easy to use:
    http://msdn2.microsoft.com/en-us/lib...ecteddata.aspx

  6. #6
    Join Date
    Dec 2004
    Posts
    9

    Red face Re: how to implement the "remember password" feature

    Quote Originally Posted by j0nas
    From .NET Framework 2.0 or higher you can use Data Protection API (DPAPI) in Windows. It encrypts secrets based on currently logged on user, so the security is as good as it gets in Windows.

    It is really easy to use:
    http://msdn2.microsoft.com/en-us/lib...ecteddata.aspx
    It is a good way to encrypt data, but i need to store the username, password and there relation, when the current selected item of the username combbox was changged, the corresponding password shoul be filled in the textbox of password if the user had checked the "remember password" option.

    how to implement?

    thank you.

  7. #7
    Join Date
    Oct 2005
    Location
    Islamabad, Pakistan
    Posts
    1,277

    Re: how to implement the "remember password" feature

    Try Properties.Settings in .net 2.0.

  8. #8
    Join Date
    Jul 2003
    Location
    Maryland
    Posts
    762

    Re: how to implement the "remember password" feature

    This is a very difficult feature to implement correctly.

    Theses were the options I came up with but they all have a flaw:
    • Encrypt all usernames and passwords and store into a file (Xml, Binary Serialization, whatever). Unfortunately this means you also have to decrypt them which means either the user specifying a password or the key to be embedded in the application (which means it's not secure).
    • Use DPAPI. While it's a great API, you cannot take your data to other machines. Many browsers, like Firefox, have portable versions of their application and yet their remember password feature still works. This would render it useless. This also makes it impossible to import your data to another install.
    • Store as plain text (or Properties.Settings as the visibility is the same). This is, of course vulnerable but I believe Firefox uses a similar technique with light encryption which, I believe is easy to break (I never read up on anything regarding it).

    All techniques have flaws making this virtually impossible to implement. If anyone has any other ideas I'd definately be interested as well.

  9. #9
    Join Date
    Dec 2004
    Posts
    9

    Re: how to implement the "remember password" feature

    Quote Originally Posted by aniskhan
    Try Properties.Settings in .net 2.0.
    It seems cannot create settings at run time.
    the username should be added to username combbox when a rightful user has logged in.

  10. #10
    Join Date
    Jan 2006
    Location
    Fox Lake, IL
    Posts
    15,007

    Re: how to implement the "remember password" feature

    Helping my dad, and comcast mail, it seems that Firefox 2 and IE 7 both have lost their "Remember Me" checkbox. I had nothing remembered before, but turned it back on. For 2 days, he had to type his username and password, then the dropdown worked.
    Today, it remembered his username and password and I just clicked. He may have been on a while before though.

    My point, is that it didn't work with IE or FX. Something has changed with comcast mail
    David

    CodeGuru Article: Bound Controls are Evil-VB6
    2013 Samples: MS CODE Samples

    CodeGuru Reviewer
    2006 Dell CSP
    2006, 2007 & 2008 MVP Visual Basic
    If your question has been answered satisfactorily, and it has been helpful, then, please, Rate this Post!

  11. #11
    Join Date
    Mar 2004
    Location
    33°11'18.10"N 96°45'20.28"W
    Posts
    1,808

    Re: how to implement the "remember password" feature

    you don't have to store an encryption key in your application. there are other ways. you can create a web service and store the information there, or request an encryption key (and if your web service runs over SSL then you're pretty much sound as a pound), you can ship your app with a dummy dll that is used for nothing else except to CRC / MD5, then use the checksum from that file as your key...

    point being, be creative and I'm sure you can safely store encrypted info for your users to use without shipping some encryption key with your software, that the layman could discover.

    nothings foolproof, but it can be overly difficult.

  12. #12
    Join Date
    Oct 2005
    Location
    Islamabad, Pakistan
    Posts
    1,277

    Re: how to implement the "remember password" feature

    Quote Originally Posted by lue wenboo
    It seems cannot create settings at run time.
    the username should be added to username combbox when a rightful user has logged in.
    change any value in default settings at runtime
    Code:
    	Properties.Settings.Default.UserName = "NewUserName";
    call Save method to save the changes
    Code:
    	Properties.Settings.Default.Save();

  13. #13
    Join Date
    Dec 2004
    Posts
    9

    Re: how to implement the "remember password" feature

    to aniskhan :
    i see, you can modify any setting at run time.
    yet there is no username at first, the user have to type correct username and password to login. if succeed, the app store the username.when the app was run again, the usernam recently succeed login was appeared at the combbox control of username. the user can type a new username and password or select the original username to login and so on

    so, the amount of username to be stored is protean

  14. #14
    Join Date
    Jan 2006
    Location
    Fox Lake, IL
    Posts
    15,007

    Re: how to implement the "remember password" feature

    Just check, if the first entry is NewUserName, then don't display anything.
    Also, when it's NewUserName would be the ONLY time that you'd overwrite the entry. Otherwise, you'd have to remember to add another user (as many as you need)
    David

    CodeGuru Article: Bound Controls are Evil-VB6
    2013 Samples: MS CODE Samples

    CodeGuru Reviewer
    2006 Dell CSP
    2006, 2007 & 2008 MVP Visual Basic
    If your question has been answered satisfactorily, and it has been helpful, then, please, Rate this Post!

  15. #15
    Join Date
    Dec 2004
    Posts
    9

    Re: how to implement the "remember password" feature

    i am waiting for a good idea!

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  





Click Here to Expand Forum to Full Width

Featured