I know that you can run a process with a given username/password in the following way:
var processInfo = new ProcessStartInfo
{
WorkingDirectory = workingDirectory,
FileName = "a name",
UserName = loggedUserName,
Password = "password",
Domain = userNameDomain,
UseShellExecute = false,
};
Process.Start(processInfo);
The problem I'm facing is that I don't want to write the actual password as a part of the code and the process won't start if I leave the Password attribute empty... How can I safely start the process without exposing the password as a hard coded string in the code?
The ProcessStartInfo.Password is not a simple string that you can write down and assign to the property. What you need is a SecureString instance and a SecureString cannot be created passing a simple string to its constructor. Obviously the OS has no API or method that allows a non trusted program to retrieve the password of the current user (it would be the biggest security bug ever heard of).
So, in my thinking, you are left with only one option. Ask your user to type again the password and the resulting input should be transformed into a SecureString
This example is an extension method for the string class that I have seen here
using System.Security;
// ...
public static SecureString ConvertToSecureString(this string password)
{
if (password == null)
throw new ArgumentNullException("password");
unsafe
{
fixed (char* passwordChars = password)
{
var securePassword = new SecureString(passwordChars, password.Length);
securePassword.MakeReadOnly();
return securePassword;
}
}
}
you could use it to transform the password typed by your user and start the process
using(frmGetPassword fgp = new frmGetPassword())
{
if(DialogResult.OK == fgp.ShowDialog())
{
SecureString ss = fgp.Password.ConvertToSecureString();
var processInfo = new ProcessStartInfo
{
WorkingDirectory = workingDirectory,
FileName = "a name",
UserName = loggedUserName,
Password = ss,
Domain = userNameDomain,
UseShellExecute = false,
};
Process.Start(processInfo);
}
}