Today at work i needed to create a settingspart and i did let my handler register an activatingfilter for the site contenttype.
In my settingpart i want a administrator to save a webservice username and password combination, but ofcourse i don't want it plain in the database and i though DPAPI would be a good solution.
Well this Sprint Backlog Task had 4 hours and i used them all running against medium trust :)
Anyway the DataProtection class requires DataProtectionPermission... so medium trust doesn't allow it.
I don't want to set it full trust just to quick and dirty get to my next SBI / SBT..
I think i've a few options:
1) Alter the Orchard.Web web.config and select a custom policy file like writen here: http://msdn.microsoft.com/en-us/library/ff648344.aspx (outdated) or http://msdn.microsoft.com/en-us/library/wyts434y.aspx
2) Use another crypto like AESManaged, RijndaelManaged, etc
A application wide username and password must be stored because it isn't a special user, but just credentials that are needed for calling a webservice