path to aspnet_regiis

D

David Thielen

Hi;

In our installer (we use WIX so the code has to be C++, not C#) we need to
call aspnet_regiis to encrypt the connection strings in web.config. I have
three questions about this:

1) What registry entry can we use to determine the location of
aspnet_regiis? As not everyone installs to C:, we can't assume the location.

2) It strikes me that writing the unencrypted connection string to
web.config and then running aspnet_regiis leaves a security hole - what if
aspnet_regiis fails? Then it's sitting there in clear text. Is there a way to
write the connection string out already encrypted?

3) When we encrypt we need to pass the name of the ASP.NET user. I have
another post on this but figure it can't hurt to ask here too. How do we get
that from the system? I don't want to ask the user because if they put in the
wrong username, nothing works. And some will do that.

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

Cubicle Wars - http://www.windwardreports.com/film.htm
 
D

Dominick Baier

There is also an API to encrypt configuration settings..look at WebConfigurationManager
in System.Web.Configuration.

The SectionInformation class has a Protect and Unprotect method....
 
W

Walter Wang [MSFT]

Hi Dave,

You can use GetCORSystemDirectory:

#GetCORSystemDirectory Function
http://msdn2.microsoft.com/en-us/library/k0588yw5.aspx
Returns the installation directory of the common language runtime (CLR)
that is loaded into the process. The installation directory is fully
qualified, for example, "c:\windows\microsoft.net\framework\v1.0.3705".


Regarding your 3rd question, could you please tell me which is the other
related post? Thanks.

Sincerely,
Walter Wang ([email protected], remove 'online.')
Microsoft Online Community Support

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications. If you are using Outlook Express, please make sure you clear the
check box "Tools/Options/Read: Get 300 headers at a time" to see your reply
promptly.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.
 
W

Walter Wang [MSFT]

Dave,

The URL is used to return the search list, I think you need to use the copy
icon (at the right side of a print icon) to get the real URL of the post.
(Also, here's an additional tip: when you've get the url, append another
query string "&p=1" to the url will view the post thread in a flat style.)

Anyway, I guess you're referring to this post:

#How do I tell who my ASP.NET app is running as? in
dotnet.framework.aspnet.security
http://msdn.microsoft.com/newsgroups/managed/default.aspx?dg=microsoft.publi
c.dotnet.framework.aspnet.security&tid=53b910d7-1801-4ac1-8759-f2c2d3864bf3&
cat=en-us-msdnman-dotnet-frmwrk&lang=en&cr=US&sloc=en-us&m=1&p=1

I'm afraid there's really no better way other than querying IIS metabase.



Regards,
Walter Wang ([email protected], remove 'online.')
Microsoft Online Community Support

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.
 
W

Walter Wang [MSFT]

Hi Dave,

The GetCORSystemDirectory function is not a managed function, it's in
mscoree.dll; you could call it from C++ code.

There's no registry key to tell you which path is .NET 2.0 framework
installed to, but you can use following registry key to detect if .NET 2.0
framework is installed:

=========

#.NET Framework 2.0 Redistributable Package Reference (.NET Framework
Deployment)
http://msdn.microsoft.com/library/en-us/dnnetdep/html/ndp2_refer.asp?frame=t
rue
Detecting Installed .NET Framework 2.0
The Setup.exe bootstrapper should use the following registry key to detect
the .NET Framework version 2.0.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v2.0.50727
It then verifies the existence of the entry value:

Install (DWORD value = 1)

==========


Actually you could just hardcode the path to
%windir%\Microsoft.NET\Framework\V2.0.50727; it's pretty safe, even for
current 3.0 version:

#Deploying Microsoft .NET Framework Version 3.0 ("Longhorn" Technical
Articles)
http://msdn.microsoft.com/library/en-us/dnlong/html/netfx30.asp?frame=true


Regards,
Walter Wang ([email protected], remove 'online.')
Microsoft Online Community Support

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.
 
A

Armando Canez

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ASP.NET\ Has keys for all the
frameworks installed on the computer.

For each framework key there's an entry called Path.

I don't have 2.0 installed on my machine (I use 1.1.4322) but for 1.1, the
full key path would be:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ASP.NET\1.1.4322.0\

My "Path" entry has the value:
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322

aspnet_regiis.exe is in that folder.

It has to be the same way for 2.0

hope it helps

Armando Canez
--
Not an MCSDE, MVP, MCDE, MSFT or WTF
Not a single certification, besides my degree.
I'm just an engineer with more than 14 years spent in design and
programming.
.... FYI
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

aspnet_regiis permissions needed 0
AspNet_RegIIS ...encrypting web.config when running Cassini 2
running "aspnet_regiis -i" during install 5
aspnet_regiis fails (0x80131047) trying to encrypt connectionStrin 3
Better security 6
Storing network credentials 1
Encrypting data in the database 2
Making all theme files availble before authentication 5

Members online

No members online now.
Total: 28 (members: 0, guests: 28)
Robots: 376

Forum statistics

Threads
473,755
Messages
2,569,537
Members
45,020
Latest member
GenesisGai

Latest Threads

Top