1

I'm consuming a webservice from an asp.net MVC application. I can get everything to work but I'm wondering what the best way to handle the username and password for the webservice is. Currently I'm setting them in code like this:

service.ClientCredentials.UserName.UserName = username;
service.ClientCredentials.UserName.Password = password;

It's easy enough to create keys in the web.config AppSettings and reference them like this:

service.ClientCredentials.UserName.UserName = System.Configuration.ConfigurationManager.AppSettings["Username"];
service.ClientCredentials.UserName.Password = System.Configuration.ConfigurationManager.AppSettings["Password"];

But I'm wondering if there's a better way to do it that could automate some of this so I don't have to set the username and password manually in the code.

I'm not very familiar with consuming webservices--putting credentials like this in the connection strings section would be really nice, since I already deal with sensitive information in connection strings (otherwise, I guess I'd have to start encrypting the appsettings section?)

Matthew
  • 4,149
  • 2
  • 26
  • 53
  • 2
    Helpful pointer: try and avoid putting any type of password/connection string etc. in your Web.config; look into using environment variables for storing your sensitive data. – Geoff James Nov 17 '17 at 20:19
  • What he said...or also look here https://stackoverflow.com/questions/20908438/how-can-i-secure-passwords-stored-inside-web-config?noredirect=1&lq=1 – Leonardo Wildt Nov 17 '17 at 20:20

0 Answers0