Password Persistence

[Guest]

I want to be able to use the userID and Password that a user enters into text boxes on a login page and use that information later in the program. Is it possible to pass this information to a class for later use.

Thanks,

Dave

 

[Nicholas Paldino [.NET/C# MVP]]

Dave,

It is, that's all up to you and how your application is structured, you
can store what you want.

However, I can't say that it is a good idea, since holding the password
around in memory is a security risk (someone else can get to it). I would
use another way to store information about the user.

Hope this helps.


--
- Nicholas Paldino [.NET/C# MVP]
- (e-mail address removed)

I want to be able to use the userID and Password that a user enters into

text boxes on a login page and use that information later in the program. Is
it possible to pass this information to a class for later use.

 

[Guest]

Can you suggest another way.

Thanks

Dave

 

[Nicholas Paldino [.NET/C# MVP]]

Dave,

Generally speaking, you will want to use something like a
challenge/response mechanism. The authority sends some sort of random text,
which the client encrypts with the password. This is sent back to the
server, which then determines whether or not the password is correct. This
way, the password is never sent over the wire.

In return, the server can give some sort of token which can be submitted
for authentication for all future operations.

 

[Guest]

Is there some sample code out there somewhere where I can see this

Thanks

Dave

 

[james]

Dave,

the problem with storing a password is more tahn just a security
issue. What if the user logs in on a second machine, changes the
password, and now the original machine has an old password.

The best solution I can think of, and am implementing soon, is to
use the Windows user account info. Look into the System.Security
classes

JIM

I want to be able to use the userID and Password that a user enters into

text boxes on a login page and use that information later in the program. Is
it possible to pass this information to a class for later use.

 

[Willy Denoyette [MVP]]

Some questions:
What kind of application is this, web or windows?
How do you obtain the users password in the first place?
How do you authenticate a user, if any?
What exactly do you mean with "for later use"?

Willy.