How do i handle password storage for sign-in to the SMTP client in ASP.NET Core?

Question

I'm currently working on a ASP.NET Core application, where part of it is a 'EmailService' Now, it's only function is to send informative emails via. SMTP, using the clients own credentials however. And I'm quite uncertain as to how I should handle storage of these credentials, to enable SMTP, it needs:

• server address
• Port
• mail address
• password

all but the password, i suppose could be safely stored in the database, but how do I go about storing the password?

(The database is NOT stored on the same machine, if that makes any sort of a difference)

Answer 1

As stated there are several ways of handling this.

The solution I picked was using .NET Core built in stuff from Microsoft.AspNetCore.DataProtection by doing .AddDataProtection() on the service collection so it can be accessed through DI.

This is done in a controller by:

private IDataProtector myProtector;

public Mycontroller(IDataProtectionProvider provider)
{
    this.myProtector = provider.CreateProtector("myPurpose");

    var encryptedString = this.myProtector.Protect("somestring");

    var decryptedstring = this.myProtector.Unprotect(encryptedString);

}

It supports a lot of different key configuration, and I'd recommend using this with .NET Core.