How to avoid hard-coded credentials in Sharepoint webpart?
Posted
by Bryan
on Stack Overflow
See other posts from Stack Overflow
or by Bryan
Published on 2010-04-20T22:10:06Z
Indexed on
2010/04/21
0:03 UTC
Read the original article
Hit count: 249
I am building a Sharepoint web part that will be used by all users, but can only be modified by admins. The web part connects to a web service which needs credentials. I hard coded credentials in the web part's code.
query.Credentials = new System.Net.NetworkCredential("username", "password", "domain");
query
is an instance of the web service class
This may not be a good approach. In regard with security, the source code of the web apart is available to people who are not allowed to see the credentials.
In normal ASP.net applications, credentials can be written into web.config and encrypted. A web part doesn't have a .config file associated. There is a application-level .config file for the whole sharepoint site, but I don't want to modify it for a single webpart. I wonder if there is a webpart-specific way to solve the credential problem? Say we provide a WebBrowsable property of that web part so that privileged users can modify credentials. If this is desirable, how should I make the property displayed in a password ("*") rather than in plain text?
Thanks.
© Stack Overflow or respective owner