Opening websites and logging on users - A way to do this without divulging credentials?

Question

Thank you for looking into this! My boss asked me about the following: We are in a library and we have online access to journals. When someone requests access to a journal, we log them on. If this has to be done for a whole class of students, it takes quite some time.

Let's assume we have a Csharp application. The application is in the C:/Program Files/ folder together with some kind of configuration file that contains the credentials and URLs and so forth. Since the files are in the C:/Program Files/ directory, a regular user will not have access to copy/manipulate any of the files. Using the CSharp SecureString class, the credentials would be safe. However, as soon as the application opens the browser and uses HttpWebRequest to send a POST request to log us in, the data would not be safe anymore.

Is this correct? A regular user can start an executable and could gain access to the POST data in the browser or can maybe impersonate the browser to get the POST request data.

If this is the case, I have two questions. The second one may be a question about opinions but the first one shouldn't be.

1. Is there any way to do what my boss wants me to do safely without ever giving anyone access to the credentials?
2. Is this a bad idea and should not be done at all?

I am also happy about "You should not do this, because..." answers, because this would also solve the problem for me if I can convince her of this.

Thank you!

Edit: Sorry for the lack of information: Different accounts are used. Most of the time, it would be the student's own domain account. We also have a generic domain account we sometimes use in the library for classes to have the computers already logged in when the class arrives to speed things up. So this is a well known account. Of course entering the credentials in front of the patron as we do now is in no shape, way or form secure either.

Answer 1

It is a provably unsolvable problem. Since the user's machine, in your setup, needs to know the sensitive information, there is no way for you to prevent that machine's user from also knowing that sensitive information. The only way to prevent the user from accessing it is to ensure that the sensitive data is never on the client's machine.

Pretty much any "good" solution is going to require some sort of cooperation with the site in question, which you presumably won't have. Good solutions would involve having a server only you control (with the "real" credentials) log in, and then provide some sort of temporary token or session ID to the user to use for a period of time, and that would expire after a short while.

Another option is to never have the user directly access the site, but rather always access a server you control which will redirect all traffic (that you consider valid) over to the other system. While this is an option that would be possible without any cooperation from the 3rd party, it likely wouldn't be terribly trivial to implement.