Skip to content
Branch: master
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
SecretsInNativeApp
README.md
SecretsInNativeApp.sln

README.md

Storing secrets in native app

This sample is a Windows Forms app that stores a client secret in its code. It calls the EmployeeApi using these credentials. In the demo it is shown how easy it is to extract this secret from the executable.

You can simply compile the app and run the strings utility from Windows SysInternals on the executable. You should find the client secret along with all the other pieces of text stored in the binary.

DO NOT store credentials in native apps! This includes:

  • Desktop apps
  • Mobile apps
  • Single Page apps
  • React Native etc. apps

Any app that runs on a device you do not control is a native app. If the API you are calling requires authentication, you must authenticate the user.

References

You can’t perform that action at this time.