Tutorial :Storing passwords in Castle Windsor configuration file?



Question:

I have the following:

interface IDefectRepository { /* ... */ }  class MyDefectRepository : IDefectRepository  {      public MyDefectRepository(string url, string userName, string password)      {          // ...      }        // ...  }  

I'm using <parameters> to pass the constructor parameters from Web.config. Is there any way that I can store the password encrypted in the Web.config file? Other suggestions?


Solution:1

You could inject the password via a ISubDependencyResolver (sample1, sample2) which would get the password from an encrypted section in your web.config.


Solution:2

Try inheriting MyDefectRepositoryWithEncryptedPasswords from MyDefectRepository. In the MyDefectRepositoryWithEncryptedPasswords constructor decrypt the password and pass it to the MyDefectRepository constructor, like so:

class MyDefectRepositoryWithEncryptedPasswords : MyDefectRepository  {      public MyDefectRepositoryWithEncryptedPasswords(string url, string userName, string encryptedPassword)          : base(url, userName, Decrypt(encryptedPassword))      {      }        public static string Decrypt(string encrypted)      {          // Do whatever...      }  }  

Anyway, I don't think you should store encrypted passwords with two-way encryption methods. You should use some sort of hashing (of the cryptographic kind) and compare the hashes. That would require changing your constructor to receive not the password, but its hash.


Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »