|
I am making an installer ( Visual Studio, setup project ) that prompts the user for the credentials that the app needs to run. I've figure out how to check textbox the password goes into a password box that hides the password with asterisks. However, the entered data is written to the registry by the installer, and right now the data is in plain text.
I've written encryption/devcryption functions into my application, but I need for the installaer to encrypt the passwd before saving it to the registry. Any ideas?
| | jgooch Tuesday, May 13, 2008 7:26 PM |
Hi Jgooch,
Welcome to MSDN forum! J
How is your problem going on now? Is it fixed?
First, I presume that you assign Registry’s key value by directly set it with TextBoxA’s text, may I?
If so, I’m afraid that you have to change this assigning manner into writing registry key value programmatically, which means that you need to add executable code into Custom Action for encrypting password and writing registry key.
Generally, there are three ways to add executable code into Custom Action of Microsoft Setup: VB Script, DLL file and EXE file. Here I’ll introduce how to add your executable code into installer with EXE file (it can easily be built from .Net Assembly). For more information about the other two methods and detailed introduction about Custom Action, please refer to Phil Wilson’s article: Visual Studio Setup - projects and custom actions
Here are my solution steps:
1. Create an install class that inherited from System.Configuration.Install.Installer class.
In inherited class, override Installer’s Install(), Commit(), Rollback(), Uninstall() methods, which will be called during custom action.
You can get the property value during installation by referring to this.Context.Parameters, then you can use your encrypt algorithm and add the encrypted value into registry as you like.
2. Create a new Install Custom Action under your Setup Project, and add your built assembly’s EXE file into this new Custom Action.
3. Build your Setup Project and execute the installer, then your encrypt method should act correctly and make the registry key’s value encrypted.
For more detailed steps, please refer to Phil Wilson’s article about Visual Studio Setup Project, which I think is helpful for resolving your problem:
Visual Studio Setup - projects and custom actions
Furthermore, as Phil Wilson has said, you should pay attention that the log may have recorded your password. You can use MsiHiddenProperties to prevent password from being visible as Phil said.
For more information about MsiHiddenProperties, Please refer to MsiHiddenProperties Property.
And here is another article may help with log file:
Preventing Confidential Information from Being Written into the Log File
Hope it helps.
Please feel free to let me know how your problem is going on.
Thanks.
Best wishes,
Jun Wang
| | Jun Wang Tim Tuesday, May 20, 2008 7:55 AM | Where is it written to? Is it in the service entries or is it something you've created using the registry view in the IDE?
You also might have to worry about someone who creates a log of your install - the password will show there in plain text. That's what MsiHiddenProperties is for.
| | PhilWilson Tuesday, May 13, 2008 9:14 PM | During the installation, there is a user interface form ( called "texboxes A" in the Visual Studio IDE ) that has a field for a password. The information is written to registry in an unencrypted format. To make this happen, I used the VS registry editor and made the password key with value = [password] . That works fine, but the [password] value is the unecrypted password the user entered. I would like it to be an encrypted version that my application knows how to decrypt.
Temporarily, the setup I had to go with was the unencrypted password being written, and on first run the application encrypts it and writes it back to the registry, then on subsequent runs the encrypted password is used.
| | jgooch Thursday, May 15, 2008 4:44 PM |
Hi Jgooch,
Welcome to MSDN forum! J
How is your problem going on now? Is it fixed?
First, I presume that you assign Registry’s key value by directly set it with TextBoxA’s text, may I?
If so, I’m afraid that you have to change this assigning manner into writing registry key value programmatically, which means that you need to add executable code into Custom Action for encrypting password and writing registry key.
Generally, there are three ways to add executable code into Custom Action of Microsoft Setup: VB Script, DLL file and EXE file. Here I’ll introduce how to add your executable code into installer with EXE file (it can easily be built from .Net Assembly). For more information about the other two methods and detailed introduction about Custom Action, please refer to Phil Wilson’s article: Visual Studio Setup - projects and custom actions
Here are my solution steps:
1. Create an install class that inherited from System.Configuration.Install.Installer class.
In inherited class, override Installer’s Install(), Commit(), Rollback(), Uninstall() methods, which will be called during custom action.
You can get the property value during installation by referring to this.Context.Parameters, then you can use your encrypt algorithm and add the encrypted value into registry as you like.
2. Create a new Install Custom Action under your Setup Project, and add your built assembly’s EXE file into this new Custom Action.
3. Build your Setup Project and execute the installer, then your encrypt method should act correctly and make the registry key’s value encrypted.
For more detailed steps, please refer to Phil Wilson’s article about Visual Studio Setup Project, which I think is helpful for resolving your problem:
Visual Studio Setup - projects and custom actions
Furthermore, as Phil Wilson has said, you should pay attention that the log may have recorded your password. You can use MsiHiddenProperties to prevent password from being visible as Phil said.
For more information about MsiHiddenProperties, Please refer to MsiHiddenProperties Property.
And here is another article may help with log file:
Preventing Confidential Information from Being Written into the Log File
Hope it helps.
Please feel free to let me know how your problem is going on.
Thanks.
Best wishes,
Jun Wang
| | Jun Wang Tim Tuesday, May 20, 2008 7:55 AM |
Hi Jgooch,
I’m going to mark my reply as answer. However, if your problem cannot be resolved with my advice, please feel free to unmark it, and I’ll standby to provide further solution.
Thanks.
Best wishes,
Jun Wang
| | Jun Wang Tim Tuesday, May 20, 2008 8:40 AM |
|
index > ClickOnce and Setup & Deployment Projects > Setup Project - Encrypt Data After Entry and Before Its Written to the Registry