Follow @RoyOsherove on Twitter

Fixing MSDN's bad DPAPI examples (And what's DPAPI anyway?)

DPAPI (Data Protection API) is something that most developers still don't know enough about. The good news is that working with it is much easier with .NET 2.0 and VS 2005, but in the meantime, if you want to work with secure data (encrypted), using DPAPI is not the easiest thing in the word. It's mostly unmanaged APIs, and you'd have to create a wrapper class (or set of classes) to work with it.
Fortunately for us developers, Microsoft has an MSDN article on the subject. The only problem is that it's code samples (which many people use to start of their own class wrappers) are of very bad quality and even contains some serious bugs, So feel free to read the MSDN article, but don't use the code samples from it. Instead, use the code samples from this article which goes through the painful process of detailing all the bad things in the code sample in the first article including a bad memory leak bug.
And if anyone at MS is reading this that can help fix those code samples - that'd be great!
(found via this blog, located in the newly formed DeveAuthority blogsphere)
Update: Joe writes in the comments:
Even better than the corrected sample: use NCrypto (
The API is very similar to what's coming in .NET 2.0.
Thanks Joe!

Visual Basic 1.0, all over again

I might be in L.A in October, and open for consulting/speaking engagements