Re: Impersonation Security

Wed, 28 Apr 2004 10:03:45 -0700 

-----------------------------------------------------------

New Message on BDOTNET

-----------------------------------------------------------
From: SecCode
Message 2 in Discussion

1) Use the "aspnet_setreg.exe" utility for encrypting and storing the
credentials in the Registry.
http://support.microsoft.com/default.aspx?scid=kb;en-us;329290

2) If you are on a single machine and not a web farm, look at DPAPI for
encrypting the credentials..  DPAPI is not managed in 1.1 but there is a
wrapper class that abstracts this out for you.

Look at the following two resources:

How To: Use DPAPI (Machine Store) from ASP.NET
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/ht
ml/SecNetHT08.asp

How To: Create a DPAPI Library
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/ht
ml/SecNetHT07.asp

Regards,

- Anil

----------------------------------------------------- 
- http://SecureCoder.com
- Architecture & Security in an Insecure World
-----------------------------------------------------
 

________________________________

From: KittyHegde [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, April 28, 2004 10:32 AM
To: BDOTNET
Subject: Impersonation Security
        
        
        Hello all,
         
        I'm developing a .NET web service for which I'm using Impersonation.
The problem is, I am storing the username/password for impersonation in
CLEARTEXT (in the web.config file).  Is there a way out to get around this
problem so that the password is not accessible to everyone who has access to
the machine? 
         
        Krishna.
                
        



-----------------------------------------------------------

To stop getting this e-mail, or change how often it arrives, go to your E-mail 
Settings.
http://groups.msn.com/BDotNet/_emailsettings.msnw

Need help? If you've forgotten your password, please go to Passport Member Services.
http://groups.msn.com/_passportredir.msnw?ppmprop=help

For other questions or feedback, go to our Contact Us page.
http://groups.msn.com/contact

If you do not want to receive future e-mail from this MSN group, or if you received 
this message by mistake, please click the "Remove" link below. On the pre-addressed 
e-mail message that opens, simply click "Send". Your e-mail address will be deleted 
from this group's mailing list.
mailto:[EMAIL PROTECTED]

Reply via email to