Re: Data encryption ?
From: Paul Glavich [MVP - ASP.NET] (glav_at_aspalliance.com-NOSPAM)
Date: 04/12/04
- Next message: Paul Glavich [MVP - ASP.NET]: "Re: WindowsIdentity ?"
- Previous message: [MSFT]: "RE: Debugging Trust Levels - Oledb"
- In reply to: WJ: "Re: Data encryption ?"
- Next in thread: WJ: "Re: Data encryption ?"
- Reply: WJ: "Re: Data encryption ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 12 Apr 2004 20:53:56 +1000
Well fair enough. I personally dont mind the registry at all and use it all
the time. However, given you dont want to do that, then perhaps just use a
separate configuration section, whether it be in the <appSettings> element,
or in your own custom section, that defines the user and the encrypted
password in the encrypted format of your choosing (I assume your own
personal library), then in code do the impersonation. Yes its more work, but
I am not aware of any easy method to intercept the supplying of the password
to the "impersonation engine" and I suspect that if there is a method to do
this, it would probably be a bit more work and complexity than simply
impersonating a user in code.
Hope that helps somewhat.
-- - Paul Glavich Microsoft MVP - ASP.NET "WJ" <JWebb@Msn2.Com> wrote in message news:uCkLbH8HEHA.3032@TK2MSFTNGP09.phx.gbl... > Paul, > > Thanks for the reply. Actually, this util uses DPAPI tool which I try to > avoid. The reason is I attempt to avoid having to use the Windows Registry > DB at all cost. My thinking is that I will try to mess with the Global.asax > to see if there is a way around. So far, no luck in the Google search. > > John > > "Paul Glavich [MVP - ASP.NET]" <glav@aspalliance.com-NOSPAM> wrote in > message news:%238FCd77HEHA.3376@TK2MSFTNGP09.phx.gbl... > > Well not really, but I think you can achieve what you are after by using > the > > Aspnet_setreg.exe utility that is described in Knowledge base article > > KB329290. > > > > If you have VS.NET installed, then you can load IE or load up the MSDN > help > > and paste this link into the address bar > > ms-help://MS.MSDNQTR.2003OCT.1033/enu_kbaspnetkb/aspnetkb/329290.htm > > to get information on the above article, or simply search on microsofts > > knowledgebase for it. That should do what you need. > > > > -- > > - Paul Glavich > > Microsoft MVP - ASP.NET > > > > > > "WJ" <JWebb@Msn2.Com> wrote in message > > news:OzRX5AoHEHA.3832@TK2MSFTNGP10.phx.gbl... > > > .Net Experts, > > > > > > Instead of using MS/Data Protection API, I am using my own encryption > > > library. I need to impersonate a special account (a local Windows 2003 > > Logon > > > ID) on my IIS6 box for certain sites, the current "web.config" does not > > know > > > how to decrypt the encrypted password in the line below: > > > > > > <identity impersonate="true" user="mySpecialAcct" password="secretPW"/> > > > > > > Is there a way to pause my page loader/authentication process until my > > > decryption code is completed (to un-encrypt the password) ? In other > word, > > > when the user punches in the url, MS/IE will prompt him for his > password, > > I > > > like somehow to intercept this process at the server side until the > > > decryption is completed. > > > > > > Thanks > > > > > > John > > > > > > > > > > > > > > > > > > > > >
- Next message: Paul Glavich [MVP - ASP.NET]: "Re: WindowsIdentity ?"
- Previous message: [MSFT]: "RE: Debugging Trust Levels - Oledb"
- In reply to: WJ: "Re: Data encryption ?"
- Next in thread: WJ: "Re: Data encryption ?"
- Reply: WJ: "Re: Data encryption ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
