How to avoid hard-coded credentials in Sharepoint webpart?

Posted by Bryan on Stack Overflow See other posts from Stack Overflow or by Bryan
Published on 2010-04-20T22:10:06Z Indexed on 2010/04/21 0:03 UTC
Read the original article Hit count: 229

Filed under:

sharepoint

|

webpart

|

security

I am building a Sharepoint web part that will be used by all users, but can only be modified by admins. The web part connects to a web service which needs credentials. I hard coded credentials in the web part's code.

query.Credentials = new System.Net.NetworkCredential("username", "password", "domain");

query is an instance of the web service class

This may not be a good approach. In regard with security, the source code of the web apart is available to people who are not allowed to see the credentials.

In normal ASP.net applications, credentials can be written into web.config and encrypted. A web part doesn't have a .config file associated. There is a application-level .config file for the whole sharepoint site, but I don't want to modify it for a single webpart. I wonder if there is a webpart-specific way to solve the credential problem? Say we provide a WebBrowsable property of that web part so that privileged users can modify credentials. If this is desirable, how should I make the property displayed in a password ("*") rather than in plain text?

Thanks.

© Stack Overflow or respective owner

Related posts about sharepoint

SharePoint 2010 MSDN Labs

as seen on Geeks with Blogs - Search for 'Geeks with Blogs'
Eric Ligman, from Microsoft, posted a great blog post this week listing all of the SharePoint 2010 Virtual Labs that are available from Microsoft. His blog entry is here: http://blogs.msdn.com/b/mssmallbiz/archive/2012/03/13/sharepoint-server-2010-msdn-virtual-labs-available-to-you-online-plus-more-sharepoint-2010-resources… >>> More
Enterprise SharePoint 2010 Hosting, SharePoint Foundation 2010 Hosting, SharePoint Standard 2010 Hos

as seen on Geeks with Blogs - Search for 'Geeks with Blogs'
Enterprise SharePoint 2010 Hosting, SharePoint Foundation 2010 Hosting, SharePoint Standard 2010 Hosting, Michigan Sclera, a Microsoft Hosted Services Provider Partner, is offering key Service Offerings around the Microsoft SharePoint Server 2010 stack. Specifically – if you’re looking for SharePoint… >>> More
SharePoint Personalization Site Links - Les liens personnalis?s des MySite SharePoint

as seen on ASP-PHP.net - Search for 'ASP-PHP.net'
Nous avons vu dans les articles pr?c?dents comment agr?menter les pages de recherche afin de permettre une meilleure adoption du produit par les utilisateurs. Il existe une autre fonctionnalit? de Microsoft Office SharePoint Server 2007 (MOSS) qui permet aussi de personnaliser un peu le MySite des… >>> More
Auditer une ferme SharePoint - Assurer le bon fonctionnement de SharePoint

as seen on ASP-PHP.net - Search for 'ASP-PHP.net'
Dans le cadre de la bonne gestion de son environnement SharePoint, il est utile de faire un contr?le de son installation afin d'assurer le bon fonctionnement des fermes et donc, la meilleure disponibilit? pour les usagers. Dans ce but, nous verrons comment auditer sa ferme facilement et les traitements… >>> More
Using jQuery and SPServices to Display List Items

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
I had an interesting challenge recently that I turned to Marc Anderson’s wonderful SPServices project for. If you haven’t already seen or used SPServices, please do. It’s a jQuery library that does primarily two things. First, it wraps up all of the SharePoint web services in a nice little AJAX wrapper… >>> More

Related posts about webpart

Webpart missing webpart catalog entry when build with vsewss but deployed with stadm

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello, I have the exact problem of not getting any webcatalog entry for a webpart if i deploy via stsadm. The project of this webpart is generated with vsewss and build with it. The very webpart entry can be accessed if its deployed through vsewss' "deploy" command. But i have to make the deploy… >>> More
Passing Multiple parameters from Custome WebPart to Reporting services Report Viewer webpart

as seen on Stack Overflow - Search for 'Stack Overflow'
I working with Reporting services in Sharepoint Mode, I am able to show the report in Sql Server Reporting services report viwer , the report has multiple parameters , My question is how do I pass more thatn one parameter from a custome web part to this report. I am able to pass one parameter by… >>> More
How to get Employeers-ID atribute from active directory on webpart

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello all, I have managed to get info about the currently logged in user on my webpart by using this short code; WindowsPrincipal p = Thread.CurrentPrincipal as WindowsPrincipal; string strLoggedInUser = p.Identity.Name; What I would need now, is to get info of Employeer-ID atribute from the active… >>> More
how to hide webpart from a group?

as seen on Stack Overflow - Search for 'Stack Overflow'
can i hide (not by code) a webpart ONLY from a specific group? >>> More
Sharepoint - connectable receiving, XSLT editable web part?

as seen on Stack Overflow - Search for 'Stack Overflow'
You can use the "Data View" webpart to take data from a database call, then you can edit the XSLT manually to make it look and do whatever you want, within the scope of that data and XSLT capabilities. Is there a web part that allows me to do the same thing, but with data that is received by a connected… >>> More