I am building a Sharepoint web part that will be used by all users, but can only be modified by admins. The web part connects to a web service which needs credentials. I hard coded credentials in the web part's code.
query.Credentials = new System.Net.NetworkCredential("username", "password", "domain");
query is an instance of the web service class
This may not be a good approach. In regard with security, the source code of the web apart is available to people who are not allowed to see the credentials.
In normal ASP.net applications, credentials can be written into web.config and encrypted. A web part doesn't have a .config file associated. There is a application-level .config file for the whole sharepoint site, but I don't want to modify it for a single webpart. I wonder if there is a webpart-specific way to solve the credential problem? Say we provide a WebBrowsable property of that web part so that privileged users can modify credentials. If this is desirable, how should I make the property displayed in a password ("***") rather than in plain text?
Thanks.
Create custom toolpart, check for condition like SPWeb.UserIsWebAdmin, if so, render fields needed for credentials (input textbox, masked textbox etc).