0

I build a website and i need to use web service. One of the function in the web service I need to send username and password and for that i want to store them somewhere in the website(in the server side).

I looked that i can store in the web.config in appSettings like : <add key="UsernameForWS" value="username"/>and use in the class with ConfigurationManager.AppSettings["UsernameForWS"]

My question is what i found is secure or there is a better way to do this?

tal
  • 295
  • 1
  • 4
  • 20
  • Writing password out in plain text is the most unsecure way to store them. _In any place!_ – Steve Jan 01 '18 at 11:21
  • But you really should explain better what are your trying to do. In particular the part whre you say _I need to send username and password_ – Steve Jan 01 '18 at 11:23
  • i would recommend using a hashing technique and storing them in the database. – It's a trap Jan 01 '18 at 11:31
  • 1
    If your website is still IIS hosted you can encrypt config sections. https://stackoverflow.com/q/20908438/314291 – StuartLC Jan 01 '18 at 11:52
  • 1
    Encrypt Decrypt Web.Config section using aspnet_regiis.exe https://www.aspsnippets.com/Articles/Encrypt-decrypt-WebConfig-section-using-aspnetregiisexe.aspx – Saineshwar Bageri - MVP Jan 01 '18 at 13:55

0 Answers0