Data encryption ?

[WJ]

..Net Experts,

Instead of using MS/Data Protection API, I am using my own encryption
library. I need to impersonate a special account (a local Windows 2003 Logon
ID) on my IIS6 box for certain sites, the current "web.config" does not know
how to decrypt the encrypted password in the line below:

<identity impersonate="true" user="mySpecialAcct" password="secretPW"/>

Is there a way to pause my page loader/authentication process until my
decryption code is completed (to un-encrypt the password) ? In other word,
when the user punches in the url, MS/IE will prompt him for his password, I
like somehow to intercept this process at the server side until the
decryption is completed.

Thanks

John

 

[Paul Glavich [MVP - ASP.NET]]

Well not really, but I think you can achieve what you are after by using the
Aspnet_setreg.exe utility that is described in Knowledge base article
KB329290.

If you have VS.NET installed, then you can load IE or load up the MSDN help
and paste this link into the address bar
ms-help://MS.MSDNQTR.2003OCT.1033/enu_kbaspnetkb/aspnetkb/329290.htm
to get information on the above article, or simply search on microsofts
knowledgebase for it. That should do what you need.

 

[WJ]

Paul,

Thanks for the reply. Actually, this util uses DPAPI tool which I try to
avoid. The reason is I attempt to avoid having to use the Windows Registry
DB at all cost. My thinking is that I will try to mess with the Global.asax
to see if there is a way around. So far, no luck in the Google search.

John

 

[Paul Glavich [MVP - ASP.NET]]

Well fair enough. I personally dont mind the registry at all and use it all
the time. However, given you dont want to do that, then perhaps just use a
separate configuration section, whether it be in the <appSettings> element,
or in your own custom section, that defines the user and the encrypted
password in the encrypted format of your choosing (I assume your own
personal library), then in code do the impersonation. Yes its more work, but
I am not aware of any easy method to intercept the supplying of the password
to the "impersonation engine" and I suspect that if there is a method to do
this, it would probably be a bit more work and complexity than simply
impersonating a user in code.

Hope that helps somewhat.

 

[WJ]

Thanks Paul your your reply.

I think a manual impersonation is the way to go for my current requirement.
The link below will do what I need:
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q306158

John