In most of the scenarios today we need to write some sort of Patch EXEs which nothing is but a console application. In those console applications, obviously we need to have the app.config in which we will be writing the UserName and passwords. When we do a Checkin of this code, the credentials got inserted in the git/tfs which is very dangerous. And moreover, if we have more than one developer, all of them might be using their own usernames and passwords. And if we have a version history on the git of the app.config, almost, I could get all the developers usernames and passwords. The sample piece of code in app.config is as below.
<appSettings>
<add key="WebUrl" value="" />
<add key="UserName" value="" />
<add key="Password" value="" />
<add key="Domain" value="" />
</appSettings>
We will be consuming this from our C# code as below.
var webUrl = ConfigurationManager.AppSettings["WebUrl"];
var userName = ConfigurationManager.AppSettings["UserName"];
var password = ConfigurationManager.AppSettings["Password"];
var domain = ConfigurationManager.AppSettings["Domain"];
To avoid this situation, we have an option. On the appsettings tag, there is one more attribute called file as below.
<appSettings file="c:myCredentialsApp.secrets.config">
<add key="WebUrl" value="" />
<add key="UserName" value="" />
<add key="Password" value="" />
<add key="Domain" value="" />
</appSettings>
Now, we can create a file called “App.Secrets.Config” in the specified path and on that file, the tags are very simple and straight forward.
<appSettings >
<add key="WebUrl" value="https://google.com" />
<add key="UserName" value="Sathish" />
<add key="Password" value="Password" />
<add key="Domain" value="sppals.com" />
</appSettings>
Happy Coding,
Sathish Nadarajan.
Leave a comment