We got a situation where we need to write a windows service using c#, the service need to be install on a particular -single- server. Also service need to communicate with a DB to access certain table to process data.
What will be the best approach to pass on the credentials to this service?
We have built the service, but now doing some R&D about passing credentials. We don't want to save them hard coded inside the code of course, also we don't like the idea of saving them in the file on server. We are thinking of passing it as parameters, when we install the service using InstallUtil.
What do you guys think, is it good or there is something better to it?
Best Answer
The best approach is to store these in an encrypted section of your config file, the key to encrypt this should be stored in Windows protected storage for the user it runs as (ie no-one else, not even another admin can then access it). This assumes you need to store and use these credentials to pass on to access the DB, if you are simply running the service as particular user, simply install it as that user. Create a user specifically to run this service, that's even better for security.
With this approach, you're using Windows for security, any private data (eg connection string to the DB) is encrypted so only the service user can access it, and Windows takes care of all the details.
Do not pass them as (commands line) parameters to the service - anyone with rights to view Service control panel applet will be able to see them!
Also, make sure you use AD domain users - NTLM is crackable in minutes with today's hardware,