I've been tasked with setting up default admin credentials for a .NET desktop application. As of right now, the application uses Windows admin credentials to access the manager page and I would like to add a local default admin account.
I imagine the user will go through the following process: (1) Clean install of application (2) User launches application (3) App is in "logged out" state (4) User logs in as manager with the provided default credentials (provided in user guide) (5) Once logged in for the first time, prompt user to update local default credentials to a more secure password
After doing some research on google and stack overflow, I read that I definitely should not hard code the user credentials in the source code. I'm thinking of storing the default username/password in the app.config file. Then, in the manager page, the user can update the current username/password to something more secure. There will only be ONE local admin account so the username/password from the app.config file will need to be updated?
In other words, the default user credentials will be stored in app config. Then, modified whenever the user updates the local credentials. Does this approach work for the situation I described above? If not, I would appreciate any ideas. I've looked into DPApi as well but would prefer a simpler approach.
