0

I have a web application with a SQL database backend. The database has a [UserAccounts] table that stores [Username], [PasswordHash], and [PasswordSalt]. The web application creates the hash and salt (and authenticates). That all works as it should. No problem.

I would like to integrate a 2nd, desktop application with the database. This application would run more like a service or a scheduled task. What I need to be able to do, is authenticate a Username and Password every time this application executes. Since it will be running as a scheduled task (without user intervention) I need to be able to store a Username and Password locally (in a XML or INI file perhaps) that can be authenticated with the Username and PasswordHash in the database.

What is the best way to securely store a Password so that it is not in plain text? Or is there another/better way to accomplish what I need to do?

The desktop application is written in VB.NET.

Thanks in advance!

PaulyWally
  • 11
  • 5
  • Check out these threads and see if they are helpful: http://stackoverflow.com/questions/16031175/basic-password-encryption-and-store-password-in-a-file http://stackoverflow.com/questions/202011/encrypt-and-decrypt-a-string http://stackoverflow.com/questions/12657792/how-to-securely-save-username-password-local – Daved Apr 15 '15 at 15:16
  • More of a question to the question than a comment -- is there any reason you shouldn't just store the salted hash in your xml/ini file? – InbetweenWeekends Apr 15 '15 at 17:02
  • @onskee - No. There is no reason I cannot do that. I just wasn't sure if that is considered "best practice". Thanks! – PaulyWally Apr 16 '15 at 12:37
  • I wasn't sure either. Partly why I asked. Good luck – InbetweenWeekends Apr 16 '15 at 22:45

0 Answers0