Would appreciate some guidance how best to go around creating a secure login form for SQL server authentication (non windows based authentication for now). I have gotten the form working fine (Application is winforms based) but would like to store the credentials supplied by the user (Username & password) dynamically and securely in memory to dynamically build the connection strings as needed without having to re ask the end user to supply the credentials.
Till now I have the following possible scenarios that may work:
Pass the values of the two text boxes to the constructor of the main application screen and store the values in memory ( have some concerns re run time attacks )
After some research the Securestring function seemed very interesting to store the password value in a encrypted format but I got a bit confused on how to actually use it ( decrypt the string and deploy that value in the connection string)
Any assistance with the above is greatly appriciated