Supports .NET Framework 4.5+, and .NET Standard 2.1+.
C# wrapper around CredWrite / CredRead functions to store and retrieve from Windows Credential Store. Windows OS comes equipped with a very secure robust Credential Manager from Windows XP onwards, and good set of APIs to interact with it. However .NET Framework did not provide any standard way to interact with this vault until Windows 8.1.
Microsoft Peer Channel blog (WCF team) has written a blog post in 2005 which provided basic structure of using the Win32 APIs for credential management in .NET.
I used their code, and improved up on it to add PromptForCredentials
function to display a dialog to get the credentials from user.
Need: Many web services and REST Urls use basic authentication. .Net does not have a way to generate basic auth text (username:password encoded in Base64) for the current logged in user, with their credentials.
ICredential.GetCredential (uri, "Basic")
does not provide a way to get current user security context either as it will expose the current password in plain text. So only way to retrieve Basic auth text is to prompt the user for the credentials and storing it, or assume some stored credentials in Windows store, and retrieving it.
This project provides access to all three
var cred = CredentialManager.PromptForCredentials ("Some Webservice", ref save, "Please provide credentials", "Credentials for service");
var cred = new NetworkCredential ("TestUser", "Pwd");
CredentialManager.SaveCredentials ("TestSystem", cred);
var cred = CredentialManager.GetCredentials ("TestSystem");
With v2.0 release exposes raw credential, with additional information not available in normal NetworkCredential
available in previous versions. This library also allows to store comments and additional attributes associated with a Credential object. The attributes are serialized using BinaryFormatter
and API has 256 byte length. BinaryFormatter
generates larger than what you think the object size is going to be, si keep an eye on that.
Comments and attributes are only accessible programmatically. Windows always supported such a feature (via CREDENTIALW
structure) but Windows Credential Manager applet
does not have any way to show this information to user. So if an user edits the saved credentials using control panel comments and attributes gets lost. The lack of this information may be used as a tamper check. Note that this information is accessible all programs with can read write to credential store, so don't assume the information is secure from everything.
var cred = (new NetworkCredential(uName, pwd, domain)).ToICredential();
cred.TargetName = "TestSystem_Attributes";
cred.Attributes = new Dictionary<string, Object>();
var sample = new SampleAttribute() { role = "regular", created = DateTime.UtcNow };
cred.Attributes.Add("sampleAttribute", sample);
cred.Comment = "This comment is only visible via API, not in Windows UI";
cred.SaveCredential();
var cred = CredentialManager.GetICredential(TargetName);
cred.Comment = "Update the credential data and save back";
cred.SaveCredential();