I ran across an article on MSDN with some info on using Windows security APIs in your program. It’s targeted at C++, though it has a couple of passing references to .NET.
- It has an example of how to bring up the standard Windows “enter a password” dialog, customized for your program. I wondered how GMail Notifier did it. (CredUIPromptForCredentials, for those too lazy to follow the link.) Alas, the example is in C++, not .NET, but it’s on pinvoke.net.
- It has examples of a new XP/2003 API function that encrypts data using the current user’s credentials, so that data can only be decrypted by that same user. This is a pretty interesting idea, for things like password storage. (CryptProtectData and CryptUnprotectData. Also documented on pinvoke.net.)
- Man. Security APIs are ugly.
- Especially from C++.