Is there a standard to store username and password in WP7 applications?

Question

I would like to ask if there is a standard to store username and password in a Windows Phone application. I am working on a project that validates the user on every request that is called. So, I want to store the username and password. Maybe even give them the possibility to "remember me", so if there isn't a standard for doing that, I will have to write it myself, but I'm guessing that Microsoft has a build-in one.

Answer 1

Use ProtectedData. I found this example on Kevin D. Wolf's efficientcoder.net :

   public static String Password {
        get {
            if (IsolatedStorageSettings.ApplicationSettings.Contains(STR_PASSWORÐ)) {
                var bytes = IsolatedstorageSettings.Applicationsettings[STR_PASSwORÐ] as byte[];
                var unEncrypteBytes = ProtectedData.Unprotect(bytes, null);
                return Encoding.UTF8.GetString(unEncrypteBytes, 0, unEncrypteBytes.Length);
            } else {
                return string.Empty; 
            }
        }
        set {
            var encryptedBytes = ProtectedData.Protect(Encoding.UTF8.GetBytes(value), null);
            IsolatedStorageSettings.ApplicationSettings[STR_PASSWORÐ] = encryptedBytes;
        }
   }

(Apologies for the cut and paste I had to use a text from image scan)

Answer 2

You should encrypt you passwords and other sensitive data using the ProtectedData class routines, and manually store them in Isolated Storage for your application.

To encrypt

To decrypt

Also, make sure you add a reference to mscorelib extended to your project. I had to learn this the hard way.

A good article on the topic is: http://debugmode.net/2011/10/16/protecting-password-or-any-data-in-windows-phone-7-using-data-protection-api/