Currently, I’m working on a product I call Alluvial, which aims to be a SQL Management Studio-like program for use with the Azure cloud’s SQL Services platform. While designing the initial login screen, I decided to implement a check box the user could click on labeled “Remember my password”, which (like SQL Management Studio), would remember the username:password between sessions.
When I actually got to implementing this feature, I faced various classic problems that, due to my young years, have not encountered before. The primary problem was: in order to “remember” a set of credentials, one would have to store it somewhere for later retrieval. This is bad, because as soon as credentials get written to disk, even if they are encrypted, you are entering very dangerous waters.
Eventually, I figured out and implemented what I believe to be a secure solution. I’ve created various security libraries you can check out on my source repository; in one of them is a new CloudCredentials class, which provides the developer with secure credentials that can be persisted and used with accessing Azure Cloud Services. I achieved this through the use of the unmanaged Data Protection and Windows Credential Management API’s.
Please read on for some more details.