Impatience
Physical illness makes me impatient and intolerant. Intellectually, I know that the holes in my jaw will heal, and that soon I’ll be back to my normal level of activity; but every second of diminished physical capacityincreases my general sense of malcontent. I never noticed how extremely computers and software suck, but now I am noticing everything that sucks about my computer. At least typing is safer than driving when I’m like this.
~
The Data Protection API (DPAPI) is a relatively unknown feature of Windows since Windows 2000. It’s an extremely simple API that can be used to safely encrypt passwords and such for storage in a config file. GotDotnet has a code sample component for calling DPAPI from .NET.
Now, DPAPI is fine for storing passwords on a server (if you don’t want to go all-out and install Kerberos or Active Directory, that is), but you still need a way to communicate between a client and server if you want to check passwords in an n-tier architecture. One common way to do this in web apps is to just send the password from client to server in the clear, and then encrypt the whole channel using SSL. The other common way, which does not require the channel to be encrypted, is to use a challenge-reponse digest, such as “HTTP Digest Authentication“. Here is a code sample that performs HTTP Digest Authentication from an ASP.NET page.