DPAPI Encryption Constraints & implementation

Discussion in 'ASP .Net Security' started by Shaun, Jan 9, 2004.

  1. Shaun

    Shaun Guest

    I am working on using DPAPI user profile store to encrypt a connection
    string in web.config file, using VB.NET

    1. I have a situation here, I would not want the DPAPI User profile to
    be Administrator dependent, and I would like to load a user profile I
    have created for encryption & decryption directly. In other words I
    want to load the user profile without having have administrator
    privileges.
    I'm using VB.NET, & would like to deviate from using Windows Service
    Component to load the profile.

    2. If this option is not feasible, could anybody suggest a safe
    method to encrypt a string in config file. I cannot use the
    registry or a database or machine dependent for password store. This
    leaves me with one option to hard code the key into the code. I was
    looking for a different side by approach to prevent de-obfuscator from
    retrieving this.
    I would really appreciate if somebody would help me with this
    situation. It's a kind of tricky situation. Even if I would want to
    hard code the password string what would be the safest approach, I
    could use unmanaged code, but then I would want to make this access
    hard for access.

    A help would be greatly appreciated.
    Thanking you
    Shaun
     
    Shaun, Jan 9, 2004
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. BigLuzer
    Replies:
    1
    Views:
    1,428
    Cowboy \(Gregory A. Beamer\)
    Nov 21, 2006
  2. Kevin Cunningham

    DPAPI and connection string

    Kevin Cunningham, Oct 16, 2003, in forum: ASP .Net Security
    Replies:
    1
    Views:
    155
    Steve Jansen
    Oct 16, 2003
  3. afsheen

    error DPAPI

    afsheen, Oct 24, 2003, in forum: ASP .Net Security
    Replies:
    0
    Views:
    131
    afsheen
    Oct 24, 2003
  4. Ron Ifferte

    DPAPI in a Load Balanced Environment

    Ron Ifferte, Feb 26, 2004, in forum: ASP .Net Security
    Replies:
    2
    Views:
    153
    Alek Davis
    Feb 28, 2004
  5. Dominick Baier [DevelopMentor]

    Encryption. DPAPI. MACHINE_STORE. Server re-install ?

    Dominick Baier [DevelopMentor], Apr 4, 2006, in forum: ASP .Net Security
    Replies:
    12
    Views:
    252
    Kaustav
    Apr 12, 2006
Loading...

Share This Page