How to use encrypted password in source code for Directory Services authentication

Question

I wrote a program that reads the UserPrincipal of an User in our Active Directory via PrincipalContext. For this the authentication of a privileged user is needed. At the moment the password for this authentication is saved as plaintext in the source code. Because of security reasons a encrypted password should be saved in the source code or in a different file. Is there a way to solve this?

    const string domain = "";
    const string rooOrganizationalUnit = "";
    const string adDomain = "";
    const string adUserName = "";
    const string adPassword = "";
    private static PrincipalContext GetPrincipalContext()
    {
        PrincipalContext principalContext;

        principalContext = new PrincipalContext(ContextType.Domain, domain, rooOrganizationalUnit, ContextOptions.Negotiate, adUserName + "@" + adDomain, adPassword);

        return principalContext;
    }

(This snippet of code is originally taken from this site)

Answer 1

You don't want to store this in code either encrypted or not. One of the approaches will be to shift sensitive data off to a config file, type passwords in production only and encrypt that section in the application.

In a config file

<configuration>
    <appSettings>
        <add key="adPassword" value="this should be empty in source controll" />
    </appSettings>
</configuration>

In code

const string adPassword = ConfigurationManager.AppSettings["adPassword"];

Notes

• you'd want to encrypt config file section, something like this usually works
• If you need to commit config file anyway, use config file transformation, and commit file as a template. Password will never be committed to source control