Add initial support for Get-Credential

[daviwil]

Get-Credential support is often necessary for users who are writing administrative scripts. I don't currently have a good idea for how to implement this securely via the host protocol because it might require plaintext credentials crossing process boundaries. I'll need to consult security experts before I'll feel safe building a general solution.

A better short-term solution would be to have the language/debugging service process raise a WPF dialog which can handle the credentials securely in-process. The user experience of this may be slightly poor due to having a modal window appear which isn't attached to the editor client process, but it's better in the short term than passing credentials in an insecure way.

[rkeithhill]

Seems like VSCode could use a generic mechanism to get credentials not just for this extension either. I've been trying VSCode's Git support on Linux. When my cached credentials expire, Git commands in VSCode fail (when it could prompt for credentials). I have to go into Bash and re-enter my credentials. Then Git in VSCode works for a while longer.

[daviwil]

Yeah, the problem is that even if they provide a secure way to enter credentials I still need to have a secure way to send them to the host process. Might be able try public-key encryption but that will take some effort to get going.

[rkeithhill]

If the VSCode side supported this then I could imagine them using DPAPI to encrypt the creds and then we'd use DPAPI to decrypt. However the limitation with DPAPI is it is per user and per machine. So it wouldn't work in the case of the extension running on a different box.

I wonder if it makes sense at some point if the stdio between VSCode and extension happened via SSH? Disclaimer - I can barely spell SSH and have only a vague idea what it is. So if that idea makes no sense at all, apologies in advance. :-)

[daviwil]

DPAPI could be a decent solution on the local machine, I might ask the VS Code team about that.

As far as SSH is concerned, I was considering the possibility of using that for remote stdio communication (or potentially WebSockets over SSL), so we'll be able to get an encrypted remote channel one way or another. Local SSH is an interesting idea but would probably require more setup work for the user.

[daviwil]

Unfortunately this needs to be moved to 0.5.0 as I ran out of time to get it done.