Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Go Back   Wrox Programmer Forums > ASP.NET and ASP > ASP.NET 2.0 > ASP.NET 2.0 Professional
Password Reminder
Register
| FAQ | Members List | Search | Today's Posts | Mark Forums Read
ASP.NET 2.0 Professional If you are an experienced ASP.NET programmer, this is the forum for your 2.0 questions. Please also see the Visual Web Developer 2005 forum.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the ASP.NET 2.0 Professional section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
 
 
Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old March 4th, 2007, 07:36 PM
Authorized User
Points: 514, Level: 8
Points: 514, Level: 8 Points: 514, Level: 8 Points: 514, Level: 8
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jan 2006
Location: , , .
Posts: 91
Thanks: 0
Thanked 0 Times in 0 Posts
Default Encrypting Web.Config

I'm having a confusion attack on encrypting web.config, in order to hide configuration strings.

1) If I'm not using userid & password in config string, what might be the point of encrypting the configuration strings? Any?

2) I can't figure out how the ASP.NET finds the RSA key that was used to encrypt web.config during operation of the aspreg_iis encryption trick. Can the aspreg_iis encryption be run by be -ANY- identity that can do I/O on web.config, and ASP.NET is smart enough to find it the key? Does aspreg_iis do something to tell ASP.NET that the encryption has taken place, and that the key is somewhere in particular. Or does the aspiis_reg encryption trick have to be run by a particular identity that somehow is already correlated with ASP.NET?

Any help with this would be appreciated.

Thanks!
  #2 (permalink)  
Old March 4th, 2007, 11:15 PM
Authorized User
Points: 514, Level: 8
Points: 514, Level: 8 Points: 514, Level: 8 Points: 514, Level: 8
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jan 2006
Location: , , .
Posts: 91
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Got answer to 1)...no longer relevant to my situation, since I'm going to use userID and password, in order to have a user that has limited permissions...

2) would be interested still, though I've found lots of doc's on this, and expect to sort it out.
 


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Encrypting config vikingsunil ASP.NET 2.0 Professional 1 August 28th, 2008 10:53 PM
web.config vs. app.config darlo Visual Studio 2005 11 August 20th, 2008 07:23 AM
web.config sonny1 ASP.NET 2.0 Basics 1 October 20th, 2007 01:40 PM
Web.Config tranzformerz ASP.NET 1.0 and 1.1 Basics 1 August 29th, 2005 05:59 PM



All times are GMT -4. The time now is 03:59 AM.


Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.