How to avoid hard-coded credentials in Sharepoint webpart?

Posted by Bryan on Stack Overflow See other posts from Stack Overflow or by Bryan
Published on 2010-04-20T22:10:06Z Indexed on 2010/04/21 0:03 UTC
Read the original article Hit count: 249

Filed under:
|
|

I am building a Sharepoint web part that will be used by all users, but can only be modified by admins. The web part connects to a web service which needs credentials. I hard coded credentials in the web part's code.

query.Credentials = new System.Net.NetworkCredential("username", "password", "domain");

query is an instance of the web service class

This may not be a good approach. In regard with security, the source code of the web apart is available to people who are not allowed to see the credentials.

In normal ASP.net applications, credentials can be written into web.config and encrypted. A web part doesn't have a .config file associated. There is a application-level .config file for the whole sharepoint site, but I don't want to modify it for a single webpart. I wonder if there is a webpart-specific way to solve the credential problem? Say we provide a WebBrowsable property of that web part so that privileged users can modify credentials. If this is desirable, how should I make the property displayed in a password ("*") rather than in plain text?

Thanks.

© Stack Overflow or respective owner

Related posts about sharepoint

Related posts about webpart