DPAPI Encryption Constraints & implementation

S

Shaun

I am working on using DPAPI user profile store to encrypt a connection
string in web.config file, using VB.NET

1. I have a situation here, I would not want the DPAPI User profile to
be Administrator dependent, and I would like to load a user profile I
have created for encryption & decryption directly. In other words I
want to load the user profile without having have administrator
privileges.
I'm using VB.NET, & would like to deviate from using Windows Service
Component to load the profile.

2. If this option is not feasible, could anybody suggest a safe
method to encrypt a string in config file. I cannot use the
registry or a database or machine dependent for password store. This
leaves me with one option to hard code the key into the code. I was
looking for a different side by approach to prevent de-obfuscator from
retrieving this.
I would really appreciate if somebody would help me with this
situation. It's a kind of tricky situation. Even if I would want to
hard code the password string what would be the safest approach, I
could use unmanaged code, but then I would want to make this access
hard for access.

A help would be greatly appreciated.
Thanking you
Shaun
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top