Thursday, January 24, 2008

How to use the ASP.NET utility to encrypt credentials and session state connection strings

In your Asp.net applications, you might want to encrypt the impersonation userid & password. You can do this by using the tool provided by Microsoft and encrypt the userName and password attributes to be used with the section.

1. Download aspnet_setreg.exe from this location:
http://download.microsoft.com/download/2/9/8/29829651-e0f0-412e-92d0-e79da46fd7a5/aspnet_setreg.exe

2. ideally you can create a .bet file with the following command:
aspnet_setreg.exe -k:SOFTWARE\SECURE_APP\identity -u:"yourdomainname\username" -p:"password"

3. Then add an entry in your web.config to use this username & password for impersonation.



4. You need to also add necessary permissions so that the process can read this registry settings. else you will end up with the following error"

"Error reading configuration information from the registry"

You can read more on adding permission on the post "Error reading configuration information from the registry"

5. Restart IIS using iisreset on the command prompt.

1 comment:

Varun said...

Hi,

This is quite useful. I have tried doing it before though it was unsuccessful but one of my friend tried and really worked.

Thanks