How to eliminate usernames and passwords from source code in Test Automation?
I write test automation and scripts that require windows authentication to the domain to access.
I don't like keeping them in the app.config because the开发者_如何学编程y are available in plain text. I don't like prompting for input because then it isn't automated anymore. If I hard code them in the assembly they are visible from .Net Reflector and they get checked into source control when I commit the .cs files. Is there a pattern / practice that makes it easy to use configured usernames and passwords without exposing them.This also applies to web sites that have credentials to log in and databases the use either windows authentication or sql server authentication to connect.
Any advice would be greatly appreciated.Couldn't you use DPAPI to protect it?
There's an interesting MSDN article @ http://msdn.microsoft.com/en-us/magazine/cc164054.aspx
The process that runs the tests could them as an authenticated user. That way, you only have to enter the username and password when setting up the service/scheduled task/etc. Of course, if you have to actually input credentials as part of the test, then this won't help out.
You can use Convert.ToBase64String() and Convert.FromBase64String() with hard-coded passwords to provide basic obfuscation.
If you really want something stronger, use a symmetric-key algorithm like e.g. Blowfish, but it's overkill and you'd still have to store the key somewhere.
精彩评论