WebServiceBasicAuthentication password, how is it stored?

1 Answer 25 Views
Report Designer (standalone) Security
Mateusz
Top achievements
Rank 1
Mateusz asked on 25 Oct 2023, 08:55 AM

When i create report in standalone application with WebServiceDataSource as trdx file i can see section for Authentication with user and password

      <Authentication>
        <WebServiceBasicAuthentication Password="eYk0jBuZWWwHo1LHgtDHjA==" Username="user" />
      </Authentication>

what algorithm do you use to hash password? how it is save?

1 Answer, 1 is accepted

Sort by
0
Accepted
Momchil
Telerik team
answered on 30 Oct 2023, 08:21 AM

Hi Mateusz,

The password you see in your report definition is a Base64 string which has been encrypted using an internal encryption algorithm prior to the Base64 serialization. Thus, if you were to deserialize the Base64 string, you would not see the actual password.

Still, for an additional security layer, you can provide an encrypted version of your password in the report definition and decrypt it inside your web service.

Best Regards,
Momchil
Progress Telerik

Stay tuned by visiting our roadmap and feedback portal pages, enjoy a smooth take-off with our Getting Started resources, or visit the free self-paced technical training at https://learn.telerik.com/.
Mateusz
Top achievements
Rank 1
commented on 30 Oct 2023, 09:28 AM

is this some standard "encryption algorithm" or just your own? Can you provide any information of it? Our clients need to know about it or we have to ensure them that this is safe.
Momchil
Telerik team
commented on 02 Nov 2023, 08:28 AM

To encrypt the password, we use the standard System.Security.Cryptography.Aes class. You can find more information about it in the linked MSDN article.

I hope this answers your question.

Tags
Report Designer (standalone) Security
Asked by
Mateusz
Top achievements
Rank 1
Answers by
Momchil
Telerik team
Share this question
or