Use RunAs command with NT Authority\Network account for DPAPI

[Berry at JSO]

Using the DPAPI techniques described in
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/PAGHT000005.asp,
I'd like to encrypt a connection string in the user store for a certain
3rd-party web app.
Unfortunately, the 3rd-party web app company doesn't specify an alternate to
the NT Authority\Network Service identity for the app pool, so I'm stuck with
that security context.
Since I have to encrypt in the user store with the same security context
that will decrypt it (the web app as NT Authority\Network Service), I've
tried to use the runas command with NT Authority\Network Service or <machine
name>\Network Service, but runas likes neither attempt. And I don't have a
password for that account.
Is using runas with NT Authority\Network Service possible? If so, how,
exactly?

TIA,
Berry

 

[Dominick Baier [DevelopMentor]]

You can only use the DPAPI machine store in asp.net - DPAPI is dependent
on user profiles which don't get loaded by IIS.

you can use the optional entropy to add an application specific "password"
though.
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

Using the DPAPI techniques described in
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag
2/html/PAGHT000005.asp,
I'd like to encrypt a connection string in the user store for a
certain
3rd-party web app.
Unfortunately, the 3rd-party web app company doesn't specify an
alternate to
the NT Authority\Network Service identity for the app pool, so I'm
stuck with
that security context.
Since I have to encrypt in the user store with the same security
context
that will decrypt it (the web app as NT Authority\Network Service),
I've
tried to use the runas command with NT Authority\Network Service or
<machine

name>> \Network Service, but runas likes neither attempt. And I don't
name>> have a
name>>