S
Samuel Shum
Hello, I have a problem on the impersonation in asp.net: I've developed some
components which can create user accounts on the web server. The asp files
resided on the server will call these components to do the job BUT the
"aspnet" (asp.net worker process account) doesn't have enough privilege to
do so... (as the components are called in the context of this "low
privilege" account). I understand that .Net framework has something called
"impersonation" which can run the worker process in the context of some
"higher" account (in this case, accounts under administrators group). The
problem seems to be solved with this approach but now the problem is that
the "impersonated" account, which is the "admin" account's name and
password, is stored in "cleartext" in the web.config file which imposes
serious security issue... A solution solving this is to store the username
and password in the registry and encrypt them... however, the debugger
returns error that the "password" entry cannot be read from the registry...
even I did give the permission "read" to the worker process... so how can
this be resolved? Or is this the right way to do this kind of job?
Thanks in advance.
Samuel
components which can create user accounts on the web server. The asp files
resided on the server will call these components to do the job BUT the
"aspnet" (asp.net worker process account) doesn't have enough privilege to
do so... (as the components are called in the context of this "low
privilege" account). I understand that .Net framework has something called
"impersonation" which can run the worker process in the context of some
"higher" account (in this case, accounts under administrators group). The
problem seems to be solved with this approach but now the problem is that
the "impersonated" account, which is the "admin" account's name and
password, is stored in "cleartext" in the web.config file which imposes
serious security issue... A solution solving this is to store the username
and password in the registry and encrypt them... however, the debugger
returns error that the "password" entry cannot be read from the registry...
even I did give the permission "read" to the worker process... so how can
this be resolved? Or is this the right way to do this kind of job?
Thanks in advance.
Samuel