Aaron Fischer
Aaron Fischer

Reputation: 21231

How do I securly pass user credentials from a server to a client?

My goal is to launch an installation with admin credentials(user with install rights), In order to do this I need to pass these user credentials from a webservice. So the question is What is the most secure way I could pass this data. Keeping in mind the user of the end client is not logged in as an administrator but I would assume has access to the data during transport(ie I cannot count on channel security alone.)

Myclient code would be a vb or C# application talking to an asp.net webservice.

Upvotes: 1

Views: 1059

Answers (2)

Alexander Abramov
Alexander Abramov

Reputation: 1500

Encryption will protect admin credentials during transport from WebService to application memory, as pointed by gedevan.

Do you mean you also want to protect them from the user who launches application? Keep in mind, he is an owner of your process, so with the right tooling and a lot of determination he should be able to extract credentials from process memory.

Upvotes: 1

gedevan
gedevan

Reputation: 1303

Using encryption of message body (WS-Encryption) in pair with HTTPS is a quite secured in most cases.

Upvotes: 0

Related Questions