Sending email without hard-coding username and password

Is there any way of sending an email from C# without manuall开发者_开发技巧y coding my user name and password using Gmail SMTP?

I know that there is some software that can see the source code, and I don't really like them seeing my Gmail password.

You shouldn't be using your user name and password in an application that someone else is running.

Modify the application so that it prompts the user for their e-mail credentials and use those.

This will have to be stored in a configuration file and can still be read by someone else unless you store the hashedencrypted password.

First option: store username and password in config

using System.Net.Mail;

var fromEmail = ConfigurationSettings.AppSettings[ "mail" ]; 
var fromPassword = ConfigurationSettings.AppSettings[ "pass" ]; 

var fromAddress = new MailAddress(fromEmail, "From Name");
var toAddress = new MailAddress("to@example.com", "To Name");
const string subject = "Subject";
const string body = "Body";

var smtp = new SmtpClient
           {
               Host = "smtp.gmail.com",
               Port = 587,
               EnableSsl = true,
               DeliveryMethod = SmtpDeliveryMethod.Network,
               UseDefaultCredentials = false,
               Credentials = new NetworkCredential(fromAddress.Address, fromPassword)
           };
using (var message = new MailMessage(fromAddress, toAddress)
                     {
                         Subject = subject,
                         Body = body
                     })
{
    smtp.Send(message);
}

in app.config:

  <appSettings>
    <add key="mail" value="somemail@gmail.com" />
    <add key="pass" value="password" />
  </appSettings>

Also you can make secure config file by encrypting it.

Second option: read username and password from user

Make a HTTP POST to your web server, which will send the email on behalf of the application. You probably need some way to authenticate that the POST really comes from your application, so you will need to hardcode a key to the application, but since you're in control of the server part, you can block keys that are found to be misused.

Alternatively, create a secondary throwaway Gmail account, which you use to send email to your primary account, which will forward it to the intended recipient.

All these seems silly to me though, ultimately the best solution depends on what you're intending to do with the sending of the emails.

If you are running in ASP.NET, then you can encrypt sections of the web.config file using the aspnet_regiis.exe tool.

If you are running a regular application with an app.config file, then you can encrypt the whole file, or just parts of the file, as described by Jon Galloway in his blog entry "Encrypting Passwords in a .NET app.config File".

Once you have this in the configuration file, you can use the SecureString class to get your username/password options from the configuration file and keep them encrypted in memory until the absolute last moment they are needed/used.

Store the username and password in a configuration file...

Using Settings in C#

Externalize environment-specific configuration--especially sensitive configuration like credentials--in a configuration file.

The ASP.NET IIS Registration-Tool can do that for you. You just have to type a single line. Check http://odetocode.com/blogs/scott/archive/2006/01/08/encrypting-custom-configuration-sections.aspx.

I did a little research since my comment so I feel better about answering now.

You can use a configuration file which can be setup using these Instructions

You can then pass in the information for whatever variables you want. This will store them outside of your program, although they are still written in plain text.

An example of a config file looks similar to this.

<?xml version ="1.0"?>
    </configuration>
            </appSettings>     
               <add key="password" value="Jdas7#8SL" />    
            </appSettings>       
    </configuration>

As for getting that info into your program here is a link that shoudl serve as a decent example.

C# using config settings

If you are worried about security and do not want this written anywhere then you need to make it so that you personally enter it every time. Or you could translate the password using some formula as mentioned in my comment. But as concluded there you are still in a pickle.

Good luck.