I know that encrypted passwords can be stored in the web.config or hashed and salted passwords can be stored in a database, but is it possible to store passwords in something like a keystore?
Would a keystore even be a good idea to store 'service account' passwords that are needed by an application?
The closest analogue to a Java keystore in .NET/Windows world is DPAPI (http://en.wikipedia.org/wiki/Data_Protection_API). It stores encrypted values in the Windows registry, with the encryption key derived from system or user account level secrets.
It is in fairly wide use, though a paper was released at the 2010 Black Hat DC Conference detailing a crack against it (Google Docs).
Prior to that paper (and if MS fixes it at some point) I would highly recommend DPAPI for exactly what you are describing.
At this point, using DPAPI is probably (and unfortunately) the best option. A mitigating factor is that the crack is highly technical, difficult to execute, and requires quite a bit of OS access to pull off. A breach of a DPAPI key is most likely to be pulled off by a trusted insider with access to the system, as opposed to an external attacker.
来源:https://stackoverflow.com/questions/4767018/asp-net-keystore-for-password-storage