Home
ASP.NET Forums » General ASP.NET » Security » username & pw in web.config

username & pw in web.config

Rate It (1)

Last post 05-14-2008 3:56 PM by doyleits. 2 replies.

Sort Posts:

  • username & pw in web.config

    05-14-2008, 2:40 PM
    • Loading...
    • SKK
    • Joined on 05-16-2006, 1:56 PM
    • Posts 3
    Hi.  I'm trying to make my website more secure.  Here is the environment:
     
     - Web Server (IIS 6.0)
     - SQL Server (setup with Mixed Mode authentication)
     - Both in same domain
     - For VB apps, we use a trusted Windows Authentication connection
     
    The only way I can get the app on the Web Server to talk to the database on the SQL Server is to put the username and password of a SQL logon in the connection string of the web.config file.  I'd rather have it impersonate a service account, but the best I can get is "Invalid login for user '(null)' : Not associated with a trust SQL Connection".  I tried to get it to impersonate a network account, but still had to type in the full username and password in the web.config file.  When doing that, I got an error that the user didn't have access to a temp folder in the framework folder.  I'd rather not leave the username and password in web.config.  Is there another way to do this?  Thanks!!
     

  • Re: username & pw in web.config

    05-14-2008, 3:46 PM
    Answer
    • Loading...
    • Jeev
    • Joined on 11-24-2005, 7:49 AM
    • Posts 2,304

     If you are using asp.net 2.0 , you can encrypt sections of the web.config

    http://msdn.microsoft.com/en-us/library/dtkwfdky.aspx 

    Jeev
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    If you get the answer to your question, please mark it as the answer.

  • Re: username & pw in web.config

    05-14-2008, 3:56 PM
    Answer
    • Loading...
    • doyleits
    • Joined on 09-21-2007, 5:58 PM
    • Fort Worth, TX
    • Posts 467

    If you are using Windows Server 2003, you can also use an Application Pool, configured to run under your service account. That way, you are not having to impersonate the user, the Machine\ASPNET or Machine\NETWORK SERVICE account, and you don't need username/password in your web.config.

    Mark Doyle
    Doyle ITS
    www.doyleits.com
Page 1 of 1 (3 items)
RSS Available

Advertise on ASP.NET

About this Site