S
Shaun
I am working on using DPAPI user profile store to encrypt a connection
string in web.config file, using VB.NET
1. I have a situation here, I would not want the DPAPI User profile to
be Administrator dependent, and I would like to load a user profile I
have created for encryption & decryption directly. In other words I
want to load the user profile without having have administrator
privileges.
I'm using VB.NET, & would like to deviate from using Windows Service
Component to load the profile.
2. If this option is not feasible, could anybody suggest a safe
method to encrypt a string in config file. I cannot use the
registry or a database or machine dependent for password store. This
leaves me with one option to hard code the key into the code. I was
looking for a different side by approach to prevent de-obfuscator from
retrieving this.
I would really appreciate if somebody would help me with this
situation. It's a kind of tricky situation. Even if I would want to
hard code the password string what would be the safest approach, I
could use unmanaged code, but then I would want to make this access
hard for access.
A help would be greatly appreciated.
Thanking you
Shaun
string in web.config file, using VB.NET
1. I have a situation here, I would not want the DPAPI User profile to
be Administrator dependent, and I would like to load a user profile I
have created for encryption & decryption directly. In other words I
want to load the user profile without having have administrator
privileges.
I'm using VB.NET, & would like to deviate from using Windows Service
Component to load the profile.
2. If this option is not feasible, could anybody suggest a safe
method to encrypt a string in config file. I cannot use the
registry or a database or machine dependent for password store. This
leaves me with one option to hard code the key into the code. I was
looking for a different side by approach to prevent de-obfuscator from
retrieving this.
I would really appreciate if somebody would help me with this
situation. It's a kind of tricky situation. Even if I would want to
hard code the password string what would be the safest approach, I
could use unmanaged code, but then I would want to make this access
hard for access.
A help would be greatly appreciated.
Thanking you
Shaun