How easy is it to store DB connection strings in ActiveDirectory instead of web.config

Discussion in 'ASP .Net Security' started by Naraendirakumar R.R., Jan 5, 2008.

  1. I have a client in the healthcare industry who would prefer to store the
    connection string in a centralized location in their Active Directory
    repository.

    Has anybody done this? What has your experience been?

    Are there any stock components in ASP.NET or 3rd party that would make this
    easy?

    Thank you for the info.

    Cheers,
    -Naraen
    Naraendirakumar R.R., Jan 5, 2008
    #1
    1. Advertising

  2. Naraendirakumar R.R.

    Joe Kaplan Guest

    You could do this. You'd probably still want to encrypt any private data
    that you don't want to be available to the general public, but it is
    possible to store this data in AD and retrieve it via LDAP.

    The trick is where you would put the data. The default schema doesn't have
    a natural place to store these types of things. Does the client know where
    they would like this data stored in the AD?

    Joe K.

    --
    Joe Kaplan-MS MVP Directory Services Programming
    Co-author of "The .NET Developer's Guide to Directory Services Programming"
    http://www.directoryprogramming.net
    --
    "Naraendirakumar R.R." <> wrote in message
    news:Od%...
    >I have a client in the healthcare industry who would prefer to store the
    >connection string in a centralized location in their Active Directory
    >repository.
    >
    > Has anybody done this? What has your experience been?
    >
    > Are there any stock components in ASP.NET or 3rd party that would make
    > this easy?
    >
    > Thank you for the info.
    >
    > Cheers,
    > -Naraen
    >
    >
    >
    Joe Kaplan, Jan 8, 2008
    #2
    1. Advertising

  3. Joe:
    Thank you for the response.

    Yes. The current thinking is that we would create a seperate OU to contain
    all application specific settings. They do something similar using JNDI
    over LDAP at this point. So, this is an attempt to mimic that practice on
    the .NET stack.

    Yes the plan is to encrypt data.

    I was hoping there would be a way to map the .NET config classes to use LDAP
    as the backing store for config info. Or atleast somebody else might be
    aware of a partial solution.

    I haven't stayed current on the AD technology. I remember from some 2001
    work we did, that we decided to have stored proc references in AD as a way
    of advertising services to the enterprise. Our team picked up this
    technique from one of the SQL Pass sessions we attended. I haven't been
    able to find a reference on the web now.

    I appreciate insights or comments you might have.

    Cheers,
    -Naraen


    "Joe Kaplan" <> wrote in message
    news:%...
    > You could do this. You'd probably still want to encrypt any private data
    > that you don't want to be available to the general public, but it is
    > possible to store this data in AD and retrieve it via LDAP.
    >
    > The trick is where you would put the data. The default schema doesn't
    > have a natural place to store these types of things. Does the client know
    > where they would like this data stored in the AD?
    >
    > Joe K.
    >
    > --
    > Joe Kaplan-MS MVP Directory Services Programming
    > Co-author of "The .NET Developer's Guide to Directory Services
    > Programming"
    > http://www.directoryprogramming.net
    > --
    > "Naraendirakumar R.R." <> wrote in message
    > news:Od%...
    >>I have a client in the healthcare industry who would prefer to store the
    >>connection string in a centralized location in their Active Directory
    >>repository.
    >>
    >> Has anybody done this? What has your experience been?
    >>
    >> Are there any stock components in ASP.NET or 3rd party that would make
    >> this easy?
    >>
    >> Thank you for the info.
    >>
    >> Cheers,
    >> -Naraen
    >>
    >>
    >>

    >
    >
    Naraendirakumar R.R., Jan 8, 2008
    #3
  4. Naraendirakumar R.R.

    Joe Kaplan Guest

    Well, from my perspective there isn't really too much to this. Assuming
    that the client already has the schema worked out for the objects and
    attributes they want to use for storage of this data, you just need some
    LDAP code to read and write it (maybe only read within the applications
    themselves) and decrypt it.

    You've got a couple of options for programming LDAP in .NET 2+:
    System.DirectoryServices (based on ADSI) and
    System.DirectoryServices.Protocols (using direct LDAP API calls). Either
    should work for this.

    If you want to get up to speed on .NET LDAP programming, my book (see link
    in sig) is a good way to go and is also just about the only thing out there.
    :)

    Joe K.

    --
    Joe Kaplan-MS MVP Directory Services Programming
    Co-author of "The .NET Developer's Guide to Directory Services Programming"
    http://www.directoryprogramming.net
    --
    "Naraendirakumar R.R." <> wrote in message
    news:...
    > Joe:
    > Thank you for the response.
    >
    > Yes. The current thinking is that we would create a seperate OU to
    > contain all application specific settings. They do something similar
    > using JNDI over LDAP at this point. So, this is an attempt to mimic that
    > practice on the .NET stack.
    >
    > Yes the plan is to encrypt data.
    >
    > I was hoping there would be a way to map the .NET config classes to use
    > LDAP as the backing store for config info. Or atleast somebody else might
    > be aware of a partial solution.
    >
    > I haven't stayed current on the AD technology. I remember from some 2001
    > work we did, that we decided to have stored proc references in AD as a way
    > of advertising services to the enterprise. Our team picked up this
    > technique from one of the SQL Pass sessions we attended. I haven't
    > been able to find a reference on the web now.
    >
    > I appreciate insights or comments you might have.
    >
    > Cheers,
    > -Naraen
    >
    Joe Kaplan, Jan 8, 2008
    #4
  5. :). Thanks Joe. I will check it out.

    If that is the last resort, I am considering implementing a
    System.ConfigurationSection provider that queries the ADSI store, for this
    information. Haven't figured out all the details yet. But it seems like a
    feasible approach.

    Appreciate any additional comments.

    Cheers,
    -Naraen


    "Joe Kaplan" <> wrote in message
    news:OqErF%...
    > Well, from my perspective there isn't really too much to this. Assuming
    > that the client already has the schema worked out for the objects and
    > attributes they want to use for storage of this data, you just need some
    > LDAP code to read and write it (maybe only read within the applications
    > themselves) and decrypt it.
    >
    > You've got a couple of options for programming LDAP in .NET 2+:
    > System.DirectoryServices (based on ADSI) and
    > System.DirectoryServices.Protocols (using direct LDAP API calls). Either
    > should work for this.
    >
    > If you want to get up to speed on .NET LDAP programming, my book (see link
    > in sig) is a good way to go and is also just about the only thing out
    > there. :)
    >
    > Joe K.
    >
    > --
    > Joe Kaplan-MS MVP Directory Services Programming
    > Co-author of "The .NET Developer's Guide to Directory Services
    > Programming"
    > http://www.directoryprogramming.net
    > --
    > "Naraendirakumar R.R." <> wrote in message
    > news:...
    >> Joe:
    >> Thank you for the response.
    >>
    >> Yes. The current thinking is that we would create a seperate OU to
    >> contain all application specific settings. They do something similar
    >> using JNDI over LDAP at this point. So, this is an attempt to mimic that
    >> practice on the .NET stack.
    >>
    >> Yes the plan is to encrypt data.
    >>
    >> I was hoping there would be a way to map the .NET config classes to use
    >> LDAP as the backing store for config info. Or atleast somebody else
    >> might be aware of a partial solution.
    >>
    >> I haven't stayed current on the AD technology. I remember from some 2001
    >> work we did, that we decided to have stored proc references in AD as a
    >> way of advertising services to the enterprise. Our team picked up this
    >> technique from one of the SQL Pass sessions we attended. I haven't
    >> been able to find a reference on the web now.
    >>
    >> I appreciate insights or comments you might have.
    >>
    >> Cheers,
    >> -Naraen
    >>

    >
    >
    Naraendirakumar R.R., Jan 9, 2008
    #5
  6. Naraendirakumar R.R.

    Joe Kaplan Guest

    Feel free to follow up if you have specific questions about how to do the
    LDAP queries or anything having to do with the directory schema that is
    being used to store this information. Start a new thread though. :)

    Joe K.

    --
    Joe Kaplan-MS MVP Directory Services Programming
    Co-author of "The .NET Developer's Guide to Directory Services Programming"
    http://www.directoryprogramming.net
    --
    "Naraendirakumar R.R." <> wrote in message
    news:...
    > :). Thanks Joe. I will check it out.
    >
    > If that is the last resort, I am considering implementing a
    > System.ConfigurationSection provider that queries the ADSI store, for this
    > information. Haven't figured out all the details yet. But it seems like
    > a feasible approach.
    >
    > Appreciate any additional comments.
    >
    > Cheers,
    > -Naraen
    >
    >
    > "Joe Kaplan" <> wrote in message
    > news:OqErF%...
    >> Well, from my perspective there isn't really too much to this. Assuming
    >> that the client already has the schema worked out for the objects and
    >> attributes they want to use for storage of this data, you just need some
    >> LDAP code to read and write it (maybe only read within the applications
    >> themselves) and decrypt it.
    >>
    >> You've got a couple of options for programming LDAP in .NET 2+:
    >> System.DirectoryServices (based on ADSI) and
    >> System.DirectoryServices.Protocols (using direct LDAP API calls). Either
    >> should work for this.
    >>
    >> If you want to get up to speed on .NET LDAP programming, my book (see
    >> link in sig) is a good way to go and is also just about the only thing
    >> out there. :)
    >>
    >> Joe K.
    >>
    >> --
    >> Joe Kaplan-MS MVP Directory Services Programming
    >> Co-author of "The .NET Developer's Guide to Directory Services
    >> Programming"
    >> http://www.directoryprogramming.net
    >> --
    >> "Naraendirakumar R.R." <> wrote in message
    >> news:...
    >>> Joe:
    >>> Thank you for the response.
    >>>
    >>> Yes. The current thinking is that we would create a seperate OU to
    >>> contain all application specific settings. They do something similar
    >>> using JNDI over LDAP at this point. So, this is an attempt to mimic
    >>> that practice on the .NET stack.
    >>>
    >>> Yes the plan is to encrypt data.
    >>>
    >>> I was hoping there would be a way to map the .NET config classes to use
    >>> LDAP as the backing store for config info. Or atleast somebody else
    >>> might be aware of a partial solution.
    >>>
    >>> I haven't stayed current on the AD technology. I remember from some
    >>> 2001 work we did, that we decided to have stored proc references in AD
    >>> as a way of advertising services to the enterprise. Our team picked up
    >>> this technique from one of the SQL Pass sessions we attended. I
    >>> haven't been able to find a reference on the web now.
    >>>
    >>> I appreciate insights or comments you might have.
    >>>
    >>> Cheers,
    >>> -Naraen
    >>>

    >>
    >>

    >
    >
    Joe Kaplan, Jan 9, 2008
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Andrew Banks
    Replies:
    6
    Views:
    2,461
    William Ryan [eMVP]
    Jan 29, 2004
  2. Brian Henry
    Replies:
    7
    Views:
    3,314
    =?Utf-8?B?a2Zyb3N0?=
    Dec 16, 2005
  3. Jim Andersen
    Replies:
    3
    Views:
    4,333
    Jim Andersen
    Mar 2, 2006
  4. CSharpner
    Replies:
    0
    Views:
    999
    CSharpner
    Apr 9, 2007
  5. Naraendirakumar R.R.
    Replies:
    14
    Views:
    741
    Alexey Smirnov
    Jan 9, 2008
Loading...

Share This Page