Securely store a password in the application in C#

Question

I created a program to import sensitive information in it. To prevent other people from accessing the app, I need a password to log in to the app.

If I put the password in the string, it will be easy to see and there is no security. I reviewed several sites but did not find a good answer.

What is the password protection method?

Thankful.

Answer 1

You can use the built-in SecureString, it stores the underlying information encrypted in the memory. If you use WPF there is a control PasswordBox which also stores the password in a SecureString.

Answer 2

The trend these days is to use 3rd party services such as Auth0 to handle authentication and authorization, that way passwords are never stored directly in the database of your application: https://auth0.com/

If you go the route of storing passwords in your own database the simplest approach is to hash the password going in the insert with a one-way hashing algorithm such as md5, SHA256, or Bcrypt. I don't know what libs are available in the C# ecosystem specifically but let's pretend you bring in one called bcrypt and assume you've instantiated it and all that. In your controller method you might see something like this:

var user = new User
    {
        name = input.name,
        password = bcrypt(input.password)
    };

_context.Add(user);
await _context.SaveChangesAsync();

This is a fairly primitive approach to storing passwords securely, but it's better than storing them in plain text. It's worth doing some more research into the topic of hashing and salting passwords if you care about security.

Either way, what happens here, is that the plain text password is sent through a one-way hash, meaning the encrypted text can't be reversed. This means your application never knows what a user's password actually is.

The way you authenticate a user is by comparing the hashed version of the password entered on sign-in against the password in the database (which went through the same hashing function). If the two strings match, the user entered the correct password.

Now, most applications usually have some sort of system admin user that needs to be set. The way I've handled this is by creating a seeder for my database that creates a user with credentials that I set up as environment variables in some config file, for example, a .env.

The .env might look something like:

ADMIN_USER_NAME=admin
ADMIN_USER_PASSWORD=password

The seeder would use those values and insert a user with whatever roles and permissions are required for a system admin.

The .env itself is never checked into version control and the production credentials only exist on the production environment (you would make dummy credentials in dev environments).

Assuming the seeder can only be run by someone with permission to access the production environment directly, this is a pretty secure way to set up the initial system admin user, whose password is also hashed just like any other user so you still don't have raw text credentials sitting your db in case of a breach.

Answer 3

If this question is about how to hide the typed chars from being seen, just set the PasswordChar of the textfield to '*' as example.