path to aspnet_regiis

Discussion in 'ASP .Net Security' started by David Thielen, Dec 10, 2006.

  1. Hi;

    In our installer (we use WIX so the code has to be C++, not C#) we need to
    call aspnet_regiis to encrypt the connection strings in web.config. I have
    three questions about this:

    1) What registry entry can we use to determine the location of
    aspnet_regiis? As not everyone installs to C:, we can't assume the location.

    2) It strikes me that writing the unencrypted connection string to
    web.config and then running aspnet_regiis leaves a security hole - what if
    aspnet_regiis fails? Then it's sitting there in clear text. Is there a way to
    write the connection string out already encrypted?

    3) When we encrypt we need to pass the name of the ASP.NET user. I have
    another post on this but figure it can't hurt to ask here too. How do we get
    that from the system? I don't want to ask the user because if they put in the
    wrong username, nothing works. And some will do that.

    --
    thanks - dave
    david_at_windward_dot_net
    http://www.windwardreports.com

    Cubicle Wars - http://www.windwardreports.com/film.htm
     
    David Thielen, Dec 10, 2006
    #1
    1. Advertisements

  2. There is also an API to encrypt configuration settings..look at WebConfigurationManager
    in System.Web.Configuration.

    The SectionInformation class has a Protect and Unprotect method....
     
    Dominick Baier, Dec 10, 2006
    #2
    1. Advertisements

  3. Hi Dave,

    You can use GetCORSystemDirectory:

    #GetCORSystemDirectory Function
    http://msdn2.microsoft.com/en-us/library/k0588yw5.aspx
    Returns the installation directory of the common language runtime (CLR)
    that is loaded into the process. The installation directory is fully
    qualified, for example, "c:\windows\microsoft.net\framework\v1.0.3705".


    Regarding your 3rd question, could you please tell me which is the other
    related post? Thanks.

    Sincerely,
    Walter Wang (, remove 'online.')
    Microsoft Online Community Support

    ==================================================
    Get notification to my posts through email? Please refer to
    http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
    ications. If you are using Outlook Express, please make sure you clear the
    check box "Tools/Options/Read: Get 300 headers at a time" to see your reply
    promptly.

    Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
    where an initial response from the community or a Microsoft Support
    Engineer within 1 business day is acceptable. Please note that each follow
    up response may take approximately 2 business days as the support
    professional working with you may need further investigation to reach the
    most efficient resolution. The offering is not appropriate for situations
    that require urgent, real-time or phone-based interactions or complex
    project analysis and dump analysis issues. Issues of this nature are best
    handled working with a dedicated Microsoft Support Engineer by contacting
    Microsoft Customer Support Services (CSS) at
    http://msdn.microsoft.com/subscriptions/support/default.aspx.
    ==================================================

    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Walter Wang [MSFT], Dec 11, 2006
    #3
  4. David Thielen, Dec 11, 2006
    #4
  5. Dave,

    The URL is used to return the search list, I think you need to use the copy
    icon (at the right side of a print icon) to get the real URL of the post.
    (Also, here's an additional tip: when you've get the url, append another
    query string "&p=1" to the url will view the post thread in a flat style.)

    Anyway, I guess you're referring to this post:

    #How do I tell who my ASP.NET app is running as? in
    dotnet.framework.aspnet.security
    http://msdn.microsoft.com/newsgroups/managed/default.aspx?dg=microsoft.publi
    c.dotnet.framework.aspnet.security&tid=53b910d7-1801-4ac1-8759-f2c2d3864bf3&
    cat=en-us-msdnman-dotnet-frmwrk&lang=en&cr=US&sloc=en-us&m=1&p=1

    I'm afraid there's really no better way other than querying IIS metabase.



    Regards,
    Walter Wang (, remove 'online.')
    Microsoft Online Community Support

    ==================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    ==================================================

    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Walter Wang [MSFT], Dec 11, 2006
    #5
  6. Hi Dave,

    The GetCORSystemDirectory function is not a managed function, it's in
    mscoree.dll; you could call it from C++ code.

    There's no registry key to tell you which path is .NET 2.0 framework
    installed to, but you can use following registry key to detect if .NET 2.0
    framework is installed:

    =========

    #.NET Framework 2.0 Redistributable Package Reference (.NET Framework
    Deployment)
    http://msdn.microsoft.com/library/en-us/dnnetdep/html/ndp2_refer.asp?frame=t
    rue
    Detecting Installed .NET Framework 2.0
    The Setup.exe bootstrapper should use the following registry key to detect
    the .NET Framework version 2.0.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v2.0.50727
    It then verifies the existence of the entry value:

    Install (DWORD value = 1)

    ==========


    Actually you could just hardcode the path to
    %windir%\Microsoft.NET\Framework\V2.0.50727; it's pretty safe, even for
    current 3.0 version:

    #Deploying Microsoft .NET Framework Version 3.0 ("Longhorn" Technical
    Articles)
    http://msdn.microsoft.com/library/en-us/dnlong/html/netfx30.asp?frame=true


    Regards,
    Walter Wang (, remove 'online.')
    Microsoft Online Community Support

    ==================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    ==================================================

    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Walter Wang [MSFT], Dec 14, 2006
    #6
  7. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ASP.NET\ Has keys for all the
    frameworks installed on the computer.

    For each framework key there's an entry called Path.

    I don't have 2.0 installed on my machine (I use 1.1.4322) but for 1.1, the
    full key path would be:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ASP.NET\1.1.4322.0\

    My "Path" entry has the value:
    C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322

    aspnet_regiis.exe is in that folder.

    It has to be the same way for 2.0

    hope it helps

    Armando Canez
    --
    Not an MCSDE, MVP, MCDE, MSFT or WTF
    Not a single certification, besides my degree.
    I'm just an engineer with more than 14 years spent in design and
    programming.
    .... FYI
     
    Armando Canez, Dec 15, 2006
    #7
  8. David Thielen, Dec 15, 2006
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.