Friday, February 06, 2004


How to encrypt UserName and Password in ProcessModel element in machine.config
Security Note: If you do not set a restrictive ACL on the machine.config file, putting your userid and password in cleartext allows anyone to see your password. Even if you set a restrictive ACL, all users in the Administrators group will still be able to see it.

My resolution to the above Security Note was the following. Use the aspnet_setreg.exe utility to put an Encrypted version of my account userid and password in the registry by using the following command:

aspnet_setreg.exe -k:SOFTWARE\MY_SECURE_APP\processModel -u:"YourUserName" -p:"YourPassword"

Then modify the processModel as follows to point it to the registry:

...... />

Comments: Post a Comment

<< Home

This page is powered by Blogger. Isn't yours?