How to avoid hard coding credentials into Sharepoint webpart?

Posted by SeeBees on Stack Overflow See other posts from Stack Overflow or by SeeBees
Published on 2010-04-20T22:10:06Z Indexed on 2010/04/20 23:03 UTC
Read the original article Hit count: 234

Filed under:
|
|

I am building a Sharepoint web part that will be used by all users. The web part connects to a web service which needs credentials with higher privileges than common users. I hard coded credentials in the web part's code.

query.Credentials = new System.Net.NetworkCredential("username", "password", "domain");

query is an instance of the web service class

This may not be a good approach. In regard with security, source code of the web apart is available to people who are not allowed to see the credential. This is bad enough, But is there any other drawback of this approach?

A web part doesn't have a .config file associated. The .config file is in application-level of the sharepoint site, and I don't want to modify it for a single webpart. I wonder if there is a webpart-specific way to solve this problem? Say provide a WebBrowsable property to an admin so that he/she can set credentials. Is this possible?

Thanks

© Stack Overflow or respective owner

Related posts about sharepoint

Related posts about webpart