本文转载自 http://msdn.microsoft.com/en-us/library/aa302353.aspx

 

Duncan Mackenzie
Microsoft Developer Network

January 2003

Summary: Shows how to retrieve user credentials using the DPAPI function, CredUIPromptForCredentials, in Microsoft Windows XP and Windows Server 2003 to obtain authentication information in a secure and standard way. (16 printed pages)

Applies to:
   Microsoft® .NET
   Microsoft Windows XP
   Microsoft Windows Server 2003

Download the source code for this article.

Contents

Introduction
Stored User Names and Passwords
Creating the Credential API Class in .NET
Requesting User Credentials
Using Your Own Graphic
Summary

Introduction

Sometimes your application requires user-supplied credentials to access a protected resource, such as a database or a FTP site. Obtaining and storing a user's ID and password, however, introduces a security risk into your system. Where possible, you shouldn't have the user supply credentials at all (by using integrated authentication for your database, for example), but sometimes it cannot be avoided. If you do need to request credentials from the user, and your application will be running on Microsoft® Windows® XP or Microsoft® Windows Server 2003, then the operating system provides functions to make this task easier.