Project Description
A password manager developed in C# and designed to take advantage of WPF specific features. Security is priority number one. Create, store, and easily access an unlimited number of logon/passwords and other types of information you wish to keep safe, secure and readily available.

ListView.gif

Password Provider is a password management application developed by me, Don Wingate. It started out as a vehicle for learning Microsoft's .Net WPF (Windows Presentation Framework) library. I use it all the time and find it very helpful for managing the many web sites and their passwords that I visit from time to time.

Password Provider's main task is to create and store logon and password data for web sites. (And and other applications requiring a logon and password.) It also has a form specifically for credit card data and a generic form for miscellaneous information - those bits of information you don't want to forget and which might be sensitive.

A primary design goal for the project was to keep the interface as simple and unobtrusive as possible, while providing a full set of features. The main window is small (yet resizable) - for daily use it shows nothing more than the list of sites. The application itself can be kept out of the way by running in the system notification area, though it can run as a regular window as well. Dialog windows are avoided altogether by using a navigation model, similar to navigating from page to page in a web site, for presenting the views needed for editing options, site details, and the like. This creates a unique look and feel to the application, streamlined and easy on the eyes. It is made possible by WPF's native support for page navigation.

Password Provider takes security seriously. The Cryptography library that ships with the .Net framework is used for all encryption related tasks. A Password Provider file has a master password associated with it. This password, when entered by the user at startup, is used to generate a master Key which in turn is used as a basis for encrypting and decrypting values. For those situations where the user’s computer itself may not be 100% secure, this key, while it exists in the application’s memory space, is stored in encrypted format using a .Net security function intended specifically for this purpose. Additionally, care is taken to see that all sensitive data – passwords entered by or displayed to the user – are exposed programmatically in their raw form only when absolutely required. This topic is covered in detail in the Documentation section.

Data is stored in an XML file. By default, the file itself is written in plain text, while the sensitive values - passwords, credit card numbers, etc. - are written in encrypted form. There is an option to save the entire file in encrypted format, for an additional level of security. The default file location a sub folder of the user’s application data folder - C:\Users\%UserName%\AppData\Roaming\Password Provider. The user can elect to save the file somewhere else. (Note: hand editing is not recommended.)

Password Provider runs as a client application on the user’s computer. It is not a web app. It was built with Visual Studio 2008, using C# and WPF, and requires .Net version 3.5 client. Password Provider runs great on Windows 7 and Vista SP2. It has not been tested on Windows XP.

Last edited Nov 22, 2009 at 6:56 PM by DonWingate, version 9