本文讨论WinRT的PasswordVault编程接口。

在开始菜单里面打开Credential Manager,可以看到他有Web Credentials和Windows Credentials,两个功能。

WinRT提供的PasswordVault这个API可以用来操作Web Credentials。

下面是命令行的例子,看如何获取Web Credentials:

vaultcmd /listcreds:"Web Credentials" /all

Python/Winrt的例子,添加一个credential,并重新拉取并显示出来:

from winrt.windows.security.credentials import PasswordVault
from winrt.windows.security.credentials import PasswordCredential
cred = PasswordCredential("BreadStone", "AllWheat", "150gramsalt")
vault.add(cred)
for cred in allCreds:
    cred.retrieve_password()
    print(cred.user_name, cred.password, cred.resource) # AllWheat 150gramsalt BreadStone

在vaultcmd里面查看的结果是:

Credential schema: Windows Web Password Credential
Resource: BreadStone
Identity: AllWheat
Hidden: No
Roaming: Yes

值得注意的是,Web Credentials的安全性限限于UWP App这种权限受限的进程,其他任意一个普通的win32进程,都有可能用户所有的Credentials。

另外Windows Credentials是通过CredRead和CredWrite进行读写的,具体参考How do I store and retrieve credentials from the Windows Vault credential manager?

其他参考

(完)