How secured is the ASP.NET 2.0 web.config encryption?

Anonieko · Mar 15, 2007

Okay, I use impersonation in my web.config by putting the username and
password at <system.web><identity> section...

Okay, I can encrypt this section via this command

C> aspnet_regiis -pef "system.web/identity" c:\proj\adservice

But what is the point? Anybody can still decrypt it by doing...

C> aspnet_regiis -pef "system.web/identity" c:\proj\adservice

How can I prevent this from happening?

Norman Yuan · Mar 15, 2007

Anonieko said:
Okay, I use impersonation in my web.config by putting the username and
password at <system.web><identity> section...

Okay, I can encrypt this section via this command

C> aspnet_regiis -pef "system.web/identity" c:\proj\adservice

But what is the point? Anybody can still decrypt it by doing...

Only if "Anybody" can go to the web server and runs that command (it implies
the "Anybody" is an admin to that server.

Web.config Encryption	2	May 21, 2007
The value of web.config RSA encryption	3	Oct 22, 2008
Session IDs in ASP.Net and Password encryption in ASP.Net 2.0	0	Mar 19, 2007
Error encrypting identity element in web.config	1	May 9, 2006
What is wrong with my web.config?	1	May 13, 2009
aspnet_regiis fails (0x80131047) trying to encrypt connectionStrin	3	Jul 26, 2006
web.config error in cassini 2.0	4	Aug 25, 2007
Authenticate Users In Web.Config?	1	Sep 16, 2006

How secured is the ASP.NET 2.0 web.config encryption?

Anonieko

Norman Yuan

Ask a Question

Similar Threads

Members online

Forum statistics

Latest Threads