user/password for ActiveDirectoryMembershipProvider

D

David Thielen

Hi;

The examples I have seen for using ActiveDirectoryMembershipProvider put the
password for accessing AD in web.config - see
http://channel9.msdn.com/wiki/default.aspx/Channel9.HowToUseMembership

So three questions:

1. Is there a way to do this without listing a user/pw (where it uses the
local system credentials)? It strikes me as very very bad to put a password
in the config file.

2. Is there a way to put this in the registry in an encrypted format?

3. Is it possible to create a domain user who's only authorization is to
return LDAP info so if the password becomes known, it's no big deal? (And if
so what/how?)
 
L

Luke Zhang [MSFT]

Hello,

I think all these questions can be answered with one factor: In ASP.NET,
the connectionstrings section, in web.config, can be encrypted. ASP.NET
version 2.0 introduces protected configuration to enable you to encrypt
sections of your configuration files by using either DPAPI or RSA
encryption. This is particularly useful for encrypting connection strings
and account credentials.

How To: Encrypt Configuration Sections in ASP.NET 2.0 Using RSA
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html
/paght000006.asp

How To: Encrypt Configuration Sections in ASP.NET 2.0 Using DPAPI
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html
/paght000005.asp

Hope this help,

Luke Zhang
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
 
D

David Thielen

Hello;

I understand encrypting config values in the registry. But I was hoping that
even this was not needed as whatever user the ASP .NET app runs as on the
server should already have rights to query the LDAP. Is there a way to tell
it to just use the credentials of the user it is running under?
 
L

Luke Zhang [MSFT]

You may consider change the identity of the application pool, for example,
a domain user with permission to query AD and local file I/O. An asp.net
application will use this account to query AD, if you don't have
impersonate in the application

Luke Zhang
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

ActiveDirectoryMembershipProvider 18
ActiveDirectoryMembershipProvider Performance 0
ActiveDirectoryMembershipProvider without storing username and password? 1
ActiveDirectoryMembershipProvider Object reference not set ... 2
Can't get ActiveDirectoryMembershipProvider to work 7
ActiveDirectoryMembershipProvider Schema Mappings Not Found 1
ActiveDirectoryMembershipProvider CreateUserWizard 0
updating ActiveDirectoryMembershipProvider settings at runtime 0

Members online

Total: 24 (members: 3, guests: 21)
Robots: 395

Forum statistics

Threads
473,755
Messages
2,569,536
Members
45,020
Latest member
GenesisGai

Latest Threads

Top