Is there a standard to store username and password in WP7 applications?

Question

I would like to ask if there is a standard to store username and password in a Windows Phone application. I am working on a project that validates the user on every request tha

Answer 1

Use ProtectedData. I found this example on Kevin D. Wolf's efficientcoder.net :

   public static String Password {
        get {
            if (IsolatedStorageSettings.ApplicationSettings.Contains(STR_PASSWORÐ)) {
                var bytes = IsolatedstorageSettings.Applicationsettings[STR_PASSwORÐ] as byte[];
                var unEncrypteBytes = ProtectedData.Unprotect(bytes, null);
                return Encoding.UTF8.GetString(unEncrypteBytes, 0, unEncrypteBytes.Length);
            } else {
                return string.Empty; 
            }
        }
        set {
            var encryptedBytes = ProtectedData.Protect(Encoding.UTF8.GetBytes(value), null);
            IsolatedStorageSettings.ApplicationSettings[STR_PASSWORÐ] = encryptedBytes;
        }
   }

(Apologies for the cut and paste I had to use a text from image scan)

Answer 2

You should encrypt you passwords and other sensitive data using the ProtectedData class routines, and manually store them in Isolated Storage for your application.

To encrypt

To decrypt

Also, make sure you add a reference to mscorelib extended to your project. I had to learn this the hard way.

A good article on the topic is: http://debugmode.net/2011/10/16/protecting-password-or-any-data-in-windows-phone-7-using-data-protection-api/