Encrypted Connection String

I need to store an encrypted connection string in the
web.config file. I have found several examples on the Net
but nothing specific as to how to accomplish task.

Thanks in advance,

Dave

Dave,

You can use the classes in the System.Security.Cryptography namespace to
encrypt/decrypt a file. However, you run into another problem, where will
you store the key? If you store it in the assembly, the assembly can be
browsed to find the key and then someone else can use it to decrypt your
data.

Hope this helps.

--
- Nicholas Paldino [.NET/C# MVP]
- mvp@spam.guard.caspershouse.com

"Dave Bailey" <anonymous@discussions.microsoft.com> wrote in message
news:0c8c01c3c0c7$6e7dd0f0$a301280a@phx.gbl...[color=blue]
> I need to store an encrypted connection string in the
> web.config file. I have found several examples on the Net
> but nothing specific as to how to accomplish task.
>
> Thanks in advance,
>
> Dave[/color]

Dave,

Check out this tool: http://www.obviex.com/cipherlite/. You must be aware of
its vulnerabilities, though. What you want is not easy to do in a secure
fashion. Read this article for more info ("Safeguard Database Connection
Strings and Other Sensitive Settings in Your Code"):
http://msdn.microsoft.com/msdnmag/is...otectYourData/.

Alek

"Dave Bailey" <anonymous@discussions.microsoft.com> wrote in message
news:0c8c01c3c0c7$6e7dd0f0$a301280a@phx.gbl...[color=blue]
> I need to store an encrypted connection string in the
> web.config file. I have found several examples on the Net
> but nothing specific as to how to accomplish task.
>
> Thanks in advance,
>
> Dave[/color]

The Data Protection API in Windows would help here. I remember seeing an
article about how to do this in a magazine, but cannot remember which one.

The DPAPI, would require p/invoke to the Windows API.

"Nicholas Paldino [.NET/C# MVP]" <mvp@spam.guard.caspershouse.com> wrote in
message news:ekQrBsMwDHA.1740@TK2MSFTNGP12.phx.gbl...[color=blue]
> Dave,
>
> You can use the classes in the System.Security.Cryptography namespace[/color]
to[color=blue]
> encrypt/decrypt a file. However, you run into another problem, where will
> you store the key? If you store it in the assembly, the assembly can be
> browsed to find the key and then someone else can use it to decrypt your
> data.
>
> Hope this helps.
>
>
> --
> - Nicholas Paldino [.NET/C# MVP]
> - mvp@spam.guard.caspershouse.com
>
> "Dave Bailey" <anonymous@discussions.microsoft.com> wrote in message
> news:0c8c01c3c0c7$6e7dd0f0$a301280a@phx.gbl...[color=green]
> > I need to store an encrypted connection string in the
> > web.config file. I have found several examples on the Net
> > but nothing specific as to how to accomplish task.
> >
> > Thanks in advance,
> >
> > Dave[/color]
>
>[/color]

In general, DPAPI will not work for ASP.NET applications, unless you use it
with machine store, which is not very secure. Making DPAPI with user store
work for ASP.NET is a rather complex endevour.

Alek

"Peter Rilling" <peter@nospam.rilling.net> wrote in message
news:uYRm1kNwDHA.3224@tk2msftngp13.phx.gbl...[color=blue]
> The Data Protection API in Windows would help here. I remember seeing an
> article about how to do this in a magazine, but cannot remember which one.
>
> The DPAPI, would require p/invoke to the Windows API.
>
> "Nicholas Paldino [.NET/C# MVP]" <mvp@spam.guard.caspershouse.com> wrote[/color]
in[color=blue]
> message news:ekQrBsMwDHA.1740@TK2MSFTNGP12.phx.gbl...[color=green]
> > Dave,
> >
> > You can use the classes in the System.Security.Cryptography[/color][/color]
namespace[color=blue]
> to[color=green]
> > encrypt/decrypt a file. However, you run into another problem, where[/color][/color]
will[color=blue][color=green]
> > you store the key? If you store it in the assembly, the assembly can be
> > browsed to find the key and then someone else can use it to decrypt your
> > data.
> >
> > Hope this helps.
> >
> >
> > --
> > - Nicholas Paldino [.NET/C# MVP]
> > - mvp@spam.guard.caspershouse.com
> >
> > "Dave Bailey" <anonymous@discussions.microsoft.com> wrote in message
> > news:0c8c01c3c0c7$6e7dd0f0$a301280a@phx.gbl...[color=darkred]
> > > I need to store an encrypted connection string in the
> > > web.config file. I have found several examples on the Net
> > > but nothing specific as to how to accomplish task.
> > >
> > > Thanks in advance,
> > >
> > > Dave[/color]
> >
> >[/color]
>
>[/color]

Nicholas is right. The real problem is storing the key. In C or C++, you
could hack around to hide the key and make it (relatively) difficult for
someone to analyze the code and retrieve the key, but in .NET, it is more
difficult to hide the key in your code because disassembling is very easy.

So, if you really want to be safe, you have to go with DPAPI, smartcards,
etc.

Also, all this depends on the potential threats. If they are low (no real
hackers looking for your data), all you need is probably to avoid exposing
the connection string in plain text. Then, storing the encryption key in the
assembly may be acceptable.

Bruno.

"Nicholas Paldino [.NET/C# MVP]" <mvp@spam.guard.caspershouse.com> a écrit
dans le message de news:ekQrBsMwDHA.1740@TK2MSFTNGP12.phx.gbl...[color=blue]
> Dave,
>
> You can use the classes in the System.Security.Cryptography namespace[/color]
to[color=blue]
> encrypt/decrypt a file. However, you run into another problem, where will
> you store the key? If you store it in the assembly, the assembly can be
> browsed to find the key and then someone else can use it to decrypt your
> data.
>
> Hope this helps.
>
>
> --
> - Nicholas Paldino [.NET/C# MVP]
> - mvp@spam.guard.caspershouse.com
>
> "Dave Bailey" <anonymous@discussions.microsoft.com> wrote in message
> news:0c8c01c3c0c7$6e7dd0f0$a301280a@phx.gbl...[color=green]
> > I need to store an encrypted connection string in the
> > web.config file. I have found several examples on the Net
> > but nothing specific as to how to accomplish task.
> >
> > Thanks in advance,
> >
> > Dave[/color]
>
>[/color]

This is the DPAPI accessor ripped from MSDN:

using System;
using System.Text;
using System.Runtime.InteropServices;

namespace YourNamespaceHere {
/// <summary>
/// Provides access to the Win32 DPAPI; exposes
the Encrypt & Decrypt methods
/// </summary>
public class DataProtector {
[DllImport("Crypt32.dll",
SetLastError=true,

CharSet=System.Runtime.InteropServices.CharSet.Aut o)]
private static extern bool
CryptProtectData(
ref DATA_BLOB pDataIn,
String szDataDescr,
ref DATA_BLOB pOptionalEntropy,
IntPtr pvReserved,
ref CRYPTPROTECT_PROMPTSTRUCT
pPromptStruct,
int dwFlags,
ref DATA_BLOB pDataOut);
[DllImport("Crypt32.dll",
SetLastError=true,

CharSet=System.Runtime.InteropServices.CharSet.Aut o)]
private static extern bool
CryptUnprotectData(
ref DATA_BLOB pDataIn,
String szDataDescr,
ref DATA_BLOB pOptionalEntropy,
IntPtr pvReserved,
ref CRYPTPROTECT_PROMPTSTRUCT
pPromptStruct,
int dwFlags,
ref DATA_BLOB pDataOut);
[DllImport("kernel32.dll",

CharSet=System.Runtime.InteropServices.CharSet.Aut o)]
private unsafe static extern int
FormatMessage(int dwFlags,
ref IntPtr lpSource,
int dwMessageId,
int dwLanguageId,
ref String lpBuffer,
int nSize,
IntPtr *Arguments);

[StructLayout(LayoutKind.Sequential,
CharSet=CharSet.Unicode)]
internal struct DATA_BLOB {
public int cbData;
public IntPtr pbData;
}

[StructLayout(LayoutKind.Sequential,
CharSet=CharSet.Unicode)]
internal struct
CRYPTPROTECT_PROMPTSTRUCT {
public int cbSize;
public int dwPromptFlags;
public IntPtr hwndApp;
public String szPrompt;
}
static private IntPtr NullPtr = ((IntPtr)
((int)(0)));
private const int
CRYPTPROTECT_UI_FORBIDDEN = 0x1;
private const int
CRYPTPROTECT_LOCAL_MACHINE = 0x4;

public enum Store {USE_MACHINE_STORE = 1,
USE_USER_STORE};

private Store store;

public DataProtector() : this
(Store.USE_MACHINE_STORE) {
}

public DataProtector(Store tempStore) {
store = tempStore;
}

public byte[] Encrypt(byte[] plainText,
byte[] optionalEntropy) {
bool retVal = false;
DATA_BLOB plainTextBlob = new
DATA_BLOB();
DATA_BLOB cipherTextBlob = new
DATA_BLOB();
DATA_BLOB entropyBlob = new
DATA_BLOB();
CRYPTPROTECT_PROMPTSTRUCT prompt
= new CRYPTPROTECT_PROMPTSTRUCT();
InitPromptstruct(ref prompt);
int dwFlags;
try {
try {
int bytesSize =
plainText.Length;

plainTextBlob.pbData = Marshal.AllocHGlobal
(bytesSize);
if(IntPtr.Zero ==
plainTextBlob.pbData) {
throw new
Exception("Unable to allocate plaintext buffer.");
}

plainTextBlob.cbData = bytesSize;
Marshal.Copy
(plainText, 0, plainTextBlob.pbData, bytesSize);
}
catch(Exception ex) {
throw new
Exception("Exception marshalling data. " + ex.Message);
}
if
(Store.USE_MACHINE_STORE == store) {
//Using the machine store, should be providing entropy.
dwFlags =
CRYPTPROTECT_LOCAL_MACHINE|CRYPTPROTECT_UI_FORBIDD EN;
//Check to see if
the entropy is null
if(null ==
optionalEntropy) {
//Allocate something

optionalEntropy = new byte[0];
}
try {
int
bytesSize = optionalEntropy.Length;

entropyBlob.pbData = Marshal.AllocHGlobal
(optionalEntropy.Length);;
if
(IntPtr.Zero == entropyBlob.pbData) {

throw new Exception("Unable to allocate entropy
data buffer.");
}

Marshal.Copy(optionalEntropy, 0,
entropyBlob.pbData, bytesSize);

entropyBlob.cbData = bytesSize;
}
catch(Exception
ex) {
throw new
Exception("Exception entropy marshalling data. " +

ex.Message);
}
}
else {
//Using the user store
dwFlags =
CRYPTPROTECT_UI_FORBIDDEN;
}
retVal = CryptProtectData
(ref plainTextBlob, "", ref entropyBlob,
IntPtr.Zero, ref
prompt, dwFlags,
ref
cipherTextBlob);
if(false == retVal) {
throw new
Exception("Encryption failed. " +

GetErrorMessage(Marshal.GetLastWin32Error()));
}
//Free the blob and
entropy.
if(IntPtr.Zero !=
plainTextBlob.pbData) {

Marshal.FreeHGlobal(plainTextBlob.pbData);
}
if(IntPtr.Zero !=
entropyBlob.pbData) {

Marshal.FreeHGlobal(entropyBlob.pbData);
}
}
catch(Exception ex) {
throw new Exception
("Exception encrypting. " + ex.Message);
}
byte[] cipherText = new byte
[cipherTextBlob.cbData];
Marshal.Copy
(cipherTextBlob.pbData, cipherText, 0,
cipherTextBlob.cbData);
Marshal.FreeHGlobal
(cipherTextBlob.pbData);
return cipherText;
}

public byte[] Decrypt(byte[] cipherText,
byte[] optionalEntropy) {
bool retVal = false;
DATA_BLOB plainTextBlob = new
DATA_BLOB();
DATA_BLOB cipherBlob = new
DATA_BLOB();
CRYPTPROTECT_PROMPTSTRUCT prompt
= new
CRYPTPROTECT_PROMPTSTRUCT
();
InitPromptstruct(ref prompt);
try {
try {
int
cipherTextSize = cipherText.Length;
cipherBlob.pbData
= Marshal.AllocHGlobal(cipherTextSize);
if(IntPtr.Zero ==
cipherBlob.pbData) {
throw new
Exception("Unable to allocate cipherText buffer.");
}
cipherBlob.cbData
= cipherTextSize;
Marshal.Copy
(cipherText, 0, cipherBlob.pbData,

cipherBlob.cbData);
}
catch(Exception ex) {
throw new
Exception("Exception marshalling data. " +

ex.Message);
}
DATA_BLOB entropyBlob =
new DATA_BLOB();
int dwFlags;
if
(Store.USE_MACHINE_STORE == store) {
//Using the machine store, should be providing
entropy.
dwFlags =

CRYPTPROTECT_LOCAL_MACHINE|CRYPTPROTECT_UI_FORBIDD
EN;
//Check to see if
the entropy is null
if(null ==
optionalEntropy) {
//Allocate something

optionalEntropy = new byte[0];
}
try {
int
bytesSize = optionalEntropy.Length;

entropyBlob.pbData = Marshal.AllocHGlobal
(bytesSize);
if
(IntPtr.Zero == entropyBlob.pbData) {

throw new Exception("Unable to allocate entropy
buffer.");
}

entropyBlob.cbData = bytesSize;

Marshal.Copy(optionalEntropy, 0,
entropyBlob.pbData,

bytesSize);
}
catch(Exception
ex) {
throw new
Exception("Exception entropy marshalling data. " +

ex.Message);
}
}
else {
//Using the user store
dwFlags =
CRYPTPROTECT_UI_FORBIDDEN;
}
retVal =
CryptUnprotectData(ref cipherBlob, null, ref
entropyBlob,
IntPtr.Zero, ref
prompt, dwFlags,
ref
plainTextBlob);
if(false == retVal) {
throw new
Exception("Decryption failed. " +

GetErrorMessage(Marshal.GetLastWin32Error()));
}
//Free the blob and
entropy.
if(IntPtr.Zero !=
cipherBlob.pbData) {

Marshal.FreeHGlobal(cipherBlob.pbData);
}
if(IntPtr.Zero !=
entropyBlob.pbData) {

Marshal.FreeHGlobal(entropyBlob.pbData);
}
}
catch(Exception ex) {
throw new Exception
("Exception decrypting. " + ex.Message);
}
byte[] plainText = new byte
[plainTextBlob.cbData];
Marshal.Copy
(plainTextBlob.pbData, plainText, 0,
plainTextBlob.cbData);
Marshal.FreeHGlobal
(plainTextBlob.pbData);
return plainText;
}

private void InitPromptstruct(ref
CRYPTPROTECT_PROMPTSTRUCT ps) {
ps.cbSize = Marshal.SizeOf(typeof
(CRYPTPROTECT_PROMPTSTRUCT));
ps.dwPromptFlags = 0;
ps.hwndApp = NullPtr;
ps.szPrompt = null;
}

private unsafe static String
GetErrorMessage(int errorCode) {
int
FORMAT_MESSAGE_ALLOCATE_BUFFER = 0x00000100;
int FORMAT_MESSAGE_IGNORE_INSERTS
= 0x00000200;
int FORMAT_MESSAGE_FROM_SYSTEM =
0x00001000;
int messageSize = 255;
String lpMsgBuf = "";
int dwFlags =
FORMAT_MESSAGE_ALLOCATE_BUFFER |

FORMAT_MESSAGE_FROM_SYSTEM |

FORMAT_MESSAGE_IGNORE_INSERTS;
IntPtr ptrlpSource = new IntPtr();
IntPtr prtArguments = new IntPtr
();
int retVal = FormatMessage
(dwFlags, ref ptrlpSource, errorCode, 0,
ref lpMsgBuf,
messageSize,
&prtArguments);
if(0 == retVal) {
throw new Exception
("Failed to format message for error code " +
errorCode + ". ");
}
return lpMsgBuf;
}

}
}[color=blue]
>-----Original Message-----
>The Data Protection API in Windows would help here. I[/color]
remember seeing an[color=blue]
>article about how to do this in a magazine, but cannot[/color]
remember which one.[color=blue]
>
>The DPAPI, would require p/invoke to the Windows API.
>
>"Nicholas Paldino [.NET/C# MVP]"[/color]
<mvp@spam.guard.caspershouse.com> wrote in[color=blue]
>message news:ekQrBsMwDHA.1740@TK2MSFTNGP12.phx.gbl...[color=green]
>> Dave,
>>
>> You can use the classes in the[/color][/color]
System.Security.Cryptography namespace[color=blue]
>to[color=green]
>> encrypt/decrypt a file. However, you run into another[/color][/color]
problem, where will[color=blue][color=green]
>> you store the key? If you store it in the assembly,[/color][/color]
the assembly can be[color=blue][color=green]
>> browsed to find the key and then someone else can use[/color][/color]
it to decrypt your[color=blue][color=green]
>> data.
>>
>> Hope this helps.
>>
>>
>> --
>> - Nicholas Paldino [.NET/C# MVP]
>> - mvp@spam.guard.caspershouse.com
>>
>> "Dave Bailey" <anonymous@discussions.microsoft.com>[/color][/color]
wrote in message[color=blue][color=green]
>> news:0c8c01c3c0c7$6e7dd0f0$a301280a@phx.gbl...[color=darkred]
>> > I need to store an encrypted connection string in the
>> > web.config file. I have found several examples on[/color][/color][/color]
the Net[color=blue][color=green][color=darkred]
>> > but nothing specific as to how to accomplish task.
>> >
>> > Thanks in advance,
>> >
>> > Dave[/color]
>>
>>[/color]
>
>
>.
>[/color]

The article that I read (and used for our project) wrapped the DPAPI calls
in a COM+ component. By setting the identity of the COM+ component, you can
use the user store for the account that you specify. It can be secure with
a little extra work.

"Alek Davis" <alek_xDOTx_davis_xATx_intel_xDOTx_com> wrote in message
news:OpN5m2NwDHA.3436@tk2msftngp13.phx.gbl...[color=blue]
> In general, DPAPI will not work for ASP.NET applications, unless you use[/color]
it[color=blue]
> with machine store, which is not very secure. Making DPAPI with user store
> work for ASP.NET is a rather complex endevour.
>
> Alek
>
> "Peter Rilling" <peter@nospam.rilling.net> wrote in message
> news:uYRm1kNwDHA.3224@tk2msftngp13.phx.gbl...[color=green]
> > The Data Protection API in Windows would help here. I remember seeing[/color][/color]
an[color=blue][color=green]
> > article about how to do this in a magazine, but cannot remember which[/color][/color]
one.[color=blue][color=green]
> >
> > The DPAPI, would require p/invoke to the Windows API.
> >
> > "Nicholas Paldino [.NET/C# MVP]" <mvp@spam.guard.caspershouse.com> wrote[/color]
> in[color=green]
> > message news:ekQrBsMwDHA.1740@TK2MSFTNGP12.phx.gbl...[color=darkred]
> > > Dave,
> > >
> > > You can use the classes in the System.Security.Cryptography[/color][/color]
> namespace[color=green]
> > to[color=darkred]
> > > encrypt/decrypt a file. However, you run into another problem, where[/color][/color]
> will[color=green][color=darkred]
> > > you store the key? If you store it in the assembly, the assembly can[/color][/color][/color]
be[color=blue][color=green][color=darkred]
> > > browsed to find the key and then someone else can use it to decrypt[/color][/color][/color]
your[color=blue][color=green][color=darkred]
> > > data.
> > >
> > > Hope this helps.
> > >
> > >
> > > --
> > > - Nicholas Paldino [.NET/C# MVP]
> > > - mvp@spam.guard.caspershouse.com
> > >
> > > "Dave Bailey" <anonymous@discussions.microsoft.com> wrote in message
> > > news:0c8c01c3c0c7$6e7dd0f0$a301280a@phx.gbl...
> > > > I need to store an encrypted connection string in the
> > > > web.config file. I have found several examples on the Net
> > > > but nothing specific as to how to accomplish task.
> > > >
> > > > Thanks in advance,
> > > >
> > > > Dave
> > >
> > >[/color]
> >
> >[/color]
>
>[/color]

Here is an article that shows how to wrap the DPAPI so that you can securely
us it in ASP.NET.

It is not really complex. All I had to do was copy that code from the
articles and I got a functioning encryption system. The hardest part for me
was understanding .NET security, credentials, and COM+ as these were new to
me.

"Peter Rilling" <peter@nospam.rilling.net> wrote in message
news:ewpWM6QwDHA.3196@TK2MSFTNGP11.phx.gbl...[color=blue]
> The article that I read (and used for our project) wrapped the DPAPI calls
> in a COM+ component. By setting the identity of the COM+ component, you[/color]
can[color=blue]
> use the user store for the account that you specify. It can be secure[/color]
with[color=blue]
> a little extra work.
>
> "Alek Davis" <alek_xDOTx_davis_xATx_intel_xDOTx_com> wrote in message
> news:OpN5m2NwDHA.3436@tk2msftngp13.phx.gbl...[color=green]
> > In general, DPAPI will not work for ASP.NET applications, unless you use[/color]
> it[color=green]
> > with machine store, which is not very secure. Making DPAPI with user[/color][/color]
store[color=blue][color=green]
> > work for ASP.NET is a rather complex endevour.
> >
> > Alek
> >
> > "Peter Rilling" <peter@nospam.rilling.net> wrote in message
> > news:uYRm1kNwDHA.3224@tk2msftngp13.phx.gbl...[color=darkred]
> > > The Data Protection API in Windows would help here. I remember seeing[/color][/color]
> an[color=green][color=darkred]
> > > article about how to do this in a magazine, but cannot remember which[/color][/color]
> one.[color=green][color=darkred]
> > >
> > > The DPAPI, would require p/invoke to the Windows API.
> > >
> > > "Nicholas Paldino [.NET/C# MVP]" <mvp@spam.guard.caspershouse.com>[/color][/color][/color]
wrote[color=blue][color=green]
> > in[color=darkred]
> > > message news:ekQrBsMwDHA.1740@TK2MSFTNGP12.phx.gbl...
> > > > Dave,
> > > >
> > > > You can use the classes in the System.Security.Cryptography[/color]
> > namespace[color=darkred]
> > > to
> > > > encrypt/decrypt a file. However, you run into another problem,[/color][/color][/color]
where[color=blue][color=green]
> > will[color=darkred]
> > > > you store the key? If you store it in the assembly, the assembly[/color][/color][/color]
can[color=blue]
> be[color=green][color=darkred]
> > > > browsed to find the key and then someone else can use it to decrypt[/color][/color]
> your[color=green][color=darkred]
> > > > data.
> > > >
> > > > Hope this helps.
> > > >
> > > >
> > > > --
> > > > - Nicholas Paldino [.NET/C# MVP]
> > > > - mvp@spam.guard.caspershouse.com
> > > >
> > > > "Dave Bailey" <anonymous@discussions.microsoft.com> wrote in message
> > > > news:0c8c01c3c0c7$6e7dd0f0$a301280a@phx.gbl...
> > > > > I need to store an encrypted connection string in the
> > > > > web.config file. I have found several examples on the Net
> > > > > but nothing specific as to how to accomplish task.
> > > > >
> > > > > Thanks in advance,
> > > > >
> > > > > Dave
> > > >
> > > >
> > >
> > >[/color]
> >
> >[/color]
>
>[/color]

I'm actually working on a complete PKI system (which includes secret data
management - key store if you will) in pure .NET managed code.
That helps alleviate some of the interop issues and code access permissions.
However, if you want it to run without saving the secret to access the other
saved secret, you must tie it to an NT account. That indirectly but
effectively makes the user's password the ultimate root key to unlock the
other keys. However, this is pretty much what DPAPI does, so you will find
the same limitiations - ie: the thread must be running with that account's
token, and the account can NEVER change. If the account is lost and
recreated, you are still screwed. I'm also building in key escrow measures
for disaster recovery, which basically uses a special network administrator
account. In essence, it manages two copies of the secret - one with the
normally assigned account, and one with the special admin account. That way,
an admin can always retrieve any key from the system. Key escrow is a highly
debatable idea, because it does add another point of attack into the system.
However, some people weigh that against the possibility of losing keys, and
thus potentially gigs of valuable data, which become unrecoverable. In this
system, this feature is optional, although you can't turn it on and have the
admin account be able to access secrets that were written BEFORE it was
turned on. The keys must be added to both accounts at the same time. After a
secert is in the store, only the proper account can unlock it. The secret
itself is fragmented and encrypted with a derived key, and written to one of
several mediums in conjunction with an irreversable name that places it in
the correct location in the chain. Without the proper root key, not only is
it difficult to derrive the symmetric cipher key, but you won't know in
which order the data needs to be reassembled, and you can't tell where one
piece of data in a store container begins and another ends, or which
fragments go with which other fragments for that matter. I'll post some more
stuff as it becomes available.

-Rob Teixeira [MVP]

"Bruno Jouhier [MVP]" <bjouhier@club-internet.fr> wrote in message
news:OISjfcOwDHA.1224@TK2MSFTNGP09.phx.gbl...[color=blue]
> Nicholas is right. The real problem is storing the key. In C or C++, you
> could hack around to hide the key and make it (relatively) difficult for
> someone to analyze the code and retrieve the key, but in .NET, it is more
> difficult to hide the key in your code because disassembling is very easy.
>
> So, if you really want to be safe, you have to go with DPAPI, smartcards,
> etc.
>
> Also, all this depends on the potential threats. If they are low (no real
> hackers looking for your data), all you need is probably to avoid exposing
> the connection string in plain text. Then, storing the encryption key in[/color]
the[color=blue]
> assembly may be acceptable.
>
> Bruno.
>
> "Nicholas Paldino [.NET/C# MVP]" <mvp@spam.guard.caspershouse.com> a écrit
> dans le message de news:ekQrBsMwDHA.1740@TK2MSFTNGP12.phx.gbl...[color=green]
> > Dave,
> >
> > You can use the classes in the System.Security.Cryptography[/color][/color]
namespace[color=blue]
> to[color=green]
> > encrypt/decrypt a file. However, you run into another problem, where[/color][/color]
will[color=blue][color=green]
> > you store the key? If you store it in the assembly, the assembly can be
> > browsed to find the key and then someone else can use it to decrypt your
> > data.
> >
> > Hope this helps.
> >
> >
> > --
> > - Nicholas Paldino [.NET/C# MVP]
> > - mvp@spam.guard.caspershouse.com
> >
> > "Dave Bailey" <anonymous@discussions.microsoft.com> wrote in message
> > news:0c8c01c3c0c7$6e7dd0f0$a301280a@phx.gbl...[color=darkred]
> > > I need to store an encrypted connection string in the
> > > web.config file. I have found several examples on the Net
> > > but nothing specific as to how to accomplish task.
> > >
> > > Thanks in advance,
> > >
> > > Dave[/color]
> >
> >[/color]
>
>[/color]

Peter,

I am curious: how do you implement authorization in this scenario? I mean,
when an ASP.NET page or some other module calls the COM+ component
(encapsulating DPAPI functionality), how does this COM+ component know that
a caller is allowed to use its encryption/decryption services and it is not
a malicious application?

Alek

"Peter Rilling" <peter@nospam.rilling.net> wrote in message
news:uIVSH$QwDHA.1740@TK2MSFTNGP09.phx.gbl...[color=blue]
> Here is an article that shows how to wrap the DPAPI so that you can[/color]
securely[color=blue]
> us it in ASP.NET.
>
> It is not really complex. All I had to do was copy that code from the
> articles and I got a functioning encryption system. The hardest part for[/color]
me[color=blue]
> was understanding .NET security, credentials, and COM+ as these were new[/color]
to[color=blue]
> me.
>
> "Peter Rilling" <peter@nospam.rilling.net> wrote in message
> news:ewpWM6QwDHA.3196@TK2MSFTNGP11.phx.gbl...[color=green]
> > The article that I read (and used for our project) wrapped the DPAPI[/color][/color]
calls[color=blue][color=green]
> > in a COM+ component. By setting the identity of the COM+ component, you[/color]
> can[color=green]
> > use the user store for the account that you specify. It can be secure[/color]
> with[color=green]
> > a little extra work.
> >
> > "Alek Davis" <alek_xDOTx_davis_xATx_intel_xDOTx_com> wrote in message
> > news:OpN5m2NwDHA.3436@tk2msftngp13.phx.gbl...[color=darkred]
> > > In general, DPAPI will not work for ASP.NET applications, unless you[/color][/color][/color]
use[color=blue][color=green]
> > it[color=darkred]
> > > with machine store, which is not very secure. Making DPAPI with user[/color][/color]
> store[color=green][color=darkred]
> > > work for ASP.NET is a rather complex endevour.
> > >
> > > Alek
> > >
> > > "Peter Rilling" <peter@nospam.rilling.net> wrote in message
> > > news:uYRm1kNwDHA.3224@tk2msftngp13.phx.gbl...
> > > > The Data Protection API in Windows would help here. I remember[/color][/color][/color]
seeing[color=blue][color=green]
> > an[color=darkred]
> > > > article about how to do this in a magazine, but cannot remember[/color][/color][/color]
which[color=blue][color=green]
> > one.[color=darkred]
> > > >
> > > > The DPAPI, would require p/invoke to the Windows API.
> > > >
> > > > "Nicholas Paldino [.NET/C# MVP]" <mvp@spam.guard.caspershouse.com>[/color][/color]
> wrote[color=green][color=darkred]
> > > in
> > > > message news:ekQrBsMwDHA.1740@TK2MSFTNGP12.phx.gbl...
> > > > > Dave,
> > > > >
> > > > > You can use the classes in the System.Security.Cryptography
> > > namespace
> > > > to
> > > > > encrypt/decrypt a file. However, you run into another problem,[/color][/color]
> where[color=green][color=darkred]
> > > will
> > > > > you store the key? If you store it in the assembly, the assembly[/color][/color]
> can[color=green]
> > be[color=darkred]
> > > > > browsed to find the key and then someone else can use it to[/color][/color][/color]
decrypt[color=blue][color=green]
> > your[color=darkred]
> > > > > data.
> > > > >
> > > > > Hope this helps.
> > > > >
> > > > >
> > > > > --
> > > > > - Nicholas Paldino [.NET/C# MVP]
> > > > > - mvp@spam.guard.caspershouse.com
> > > > >
> > > > > "Dave Bailey" <anonymous@discussions.microsoft.com> wrote in[/color][/color][/color]
message[color=blue][color=green][color=darkred]
> > > > > news:0c8c01c3c0c7$6e7dd0f0$a301280a@phx.gbl...
> > > > > > I need to store an encrypted connection string in the
> > > > > > web.config file. I have found several examples on the Net
> > > > > > but nothing specific as to how to accomplish task.
> > > > > >
> > > > > > Thanks in advance,
> > > > > >
> > > > > > Dave
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >[/color]
> >
> >[/color]
>
>[/color]

This was not in scope for my project, but I would suppose that you could
strongly name all assemblies and assert the StrongNameIdentityPermission in
the methods of your COM+ component. This should ensure that only your
assemblies call the encryption and decryption services. Have not tried this
but it seems logical.

I guess it all comes down to how secure you want the system.

"Alek Davis" <alek_xDOTx_davis_xATx_intel_xDOTx_com> wrote in message
news:#ToDV1cwDHA.2456@TK2MSFTNGP12.phx.gbl...[color=blue]
> Peter,
>
> I am curious: how do you implement authorization in this scenario? I mean,
> when an ASP.NET page or some other module calls the COM+ component
> (encapsulating DPAPI functionality), how does this COM+ component know[/color]
that[color=blue]
> a caller is allowed to use its encryption/decryption services and it is[/color]
not[color=blue]
> a malicious application?
>
> Alek
>
> "Peter Rilling" <peter@nospam.rilling.net> wrote in message
> news:uIVSH$QwDHA.1740@TK2MSFTNGP09.phx.gbl...[color=green]
> > Here is an article that shows how to wrap the DPAPI so that you can[/color]
> securely[color=green]
> > us it in ASP.NET.
> >
> > It is not really complex. All I had to do was copy that code from the
> > articles and I got a functioning encryption system. The hardest part[/color][/color]
for[color=blue]
> me[color=green]
> > was understanding .NET security, credentials, and COM+ as these were new[/color]
> to[color=green]
> > me.
> >
> > "Peter Rilling" <peter@nospam.rilling.net> wrote in message
> > news:ewpWM6QwDHA.3196@TK2MSFTNGP11.phx.gbl...[color=darkred]
> > > The article that I read (and used for our project) wrapped the DPAPI[/color][/color]
> calls[color=green][color=darkred]
> > > in a COM+ component. By setting the identity of the COM+ component,[/color][/color][/color]
you[color=blue][color=green]
> > can[color=darkred]
> > > use the user store for the account that you specify. It can be secure[/color]
> > with[color=darkred]
> > > a little extra work.
> > >
> > > "Alek Davis" <alek_xDOTx_davis_xATx_intel_xDOTx_com> wrote in message
> > > news:OpN5m2NwDHA.3436@tk2msftngp13.phx.gbl...
> > > > In general, DPAPI will not work for ASP.NET applications, unless you[/color][/color]
> use[color=green][color=darkred]
> > > it
> > > > with machine store, which is not very secure. Making DPAPI with user[/color]
> > store[color=darkred]
> > > > work for ASP.NET is a rather complex endevour.
> > > >
> > > > Alek
> > > >
> > > > "Peter Rilling" <peter@nospam.rilling.net> wrote in message
> > > > news:uYRm1kNwDHA.3224@tk2msftngp13.phx.gbl...
> > > > > The Data Protection API in Windows would help here. I remember[/color][/color]
> seeing[color=green][color=darkred]
> > > an
> > > > > article about how to do this in a magazine, but cannot remember[/color][/color]
> which[color=green][color=darkred]
> > > one.
> > > > >
> > > > > The DPAPI, would require p/invoke to the Windows API.
> > > > >
> > > > > "Nicholas Paldino [.NET/C# MVP]" <mvp@spam.guard.caspershouse.com>[/color]
> > wrote[color=darkred]
> > > > in
> > > > > message news:ekQrBsMwDHA.1740@TK2MSFTNGP12.phx.gbl...
> > > > > > Dave,
> > > > > >
> > > > > > You can use the classes in the System.Security.Cryptography
> > > > namespace
> > > > > to
> > > > > > encrypt/decrypt a file. However, you run into another problem,[/color]
> > where[color=darkred]
> > > > will
> > > > > > you store the key? If you store it in the assembly, the[/color][/color][/color]
assembly[color=blue][color=green]
> > can[color=darkred]
> > > be
> > > > > > browsed to find the key and then someone else can use it to[/color][/color]
> decrypt[color=green][color=darkred]
> > > your
> > > > > > data.
> > > > > >
> > > > > > Hope this helps.
> > > > > >
> > > > > >
> > > > > > --
> > > > > > - Nicholas Paldino [.NET/C# MVP]
> > > > > > - mvp@spam.guard.caspershouse.com
> > > > > >
> > > > > > "Dave Bailey" <anonymous@discussions.microsoft.com> wrote in[/color][/color]
> message[color=green][color=darkred]
> > > > > > news:0c8c01c3c0c7$6e7dd0f0$a301280a@phx.gbl...
> > > > > > > I need to store an encrypted connection string in the
> > > > > > > web.config file. I have found several examples on the Net
> > > > > > > but nothing specific as to how to accomplish task.
> > > > > > >
> > > > > > > Thanks in advance,
> > > > > > >
> > > > > > > Dave
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >[/color]
> >
> >[/color]
>
>[/color]

I would consider this an important security aspect, though. Since the
premise behind using DPAPI with enterprise services is that a potential
hacker can be capable of reverse engineering code (so don't just embed keys
in the assembly, even if it is obfuscated) and performing other types of
attacks, it would be logical to assume that he would be able to do what I
said (which is probably easier than reverse engineering an obfuscated
assembly). I guess, for some apps StrongNameIdentityPermission can work
(although, I am not quite sure, since I a haven't tried it myself). If it
works, the biggest problem is to know in advance who the callers are. For
some apps, it may not be a big deal, but for others, it may.

And yes, you are absolutely right: it all comes to how secure you want the
system to be.

Alek

"Peter Rilling" <peter@nospam.rilling.net> wrote in message
news:eDmY410wDHA.1512@TK2MSFTNGP10.phx.gbl...[color=blue]
> This was not in scope for my project, but I would suppose that you could
> strongly name all assemblies and assert the StrongNameIdentityPermission[/color]
in[color=blue]
> the methods of your COM+ component. This should ensure that only your
> assemblies call the encryption and decryption services. Have not tried[/color]
this[color=blue]
> but it seems logical.
>
> I guess it all comes down to how secure you want the system.
>
> "Alek Davis" <alek_xDOTx_davis_xATx_intel_xDOTx_com> wrote in message
> news:#ToDV1cwDHA.2456@TK2MSFTNGP12.phx.gbl...[color=green]
> > Peter,
> >
> > I am curious: how do you implement authorization in this scenario? I[/color][/color]
mean,[color=blue][color=green]
> > when an ASP.NET page or some other module calls the COM+ component
> > (encapsulating DPAPI functionality), how does this COM+ component know[/color]
> that[color=green]
> > a caller is allowed to use its encryption/decryption services and it is[/color]
> not[color=green]
> > a malicious application?
> >
> > Alek
> >
> > "Peter Rilling" <peter@nospam.rilling.net> wrote in message
> > news:uIVSH$QwDHA.1740@TK2MSFTNGP09.phx.gbl...[color=darkred]
> > > Here is an article that shows how to wrap the DPAPI so that you can[/color]
> > securely[color=darkred]
> > > us it in ASP.NET.
> > >
> > > It is not really complex. All I had to do was copy that code from the
> > > articles and I got a functioning encryption system. The hardest part[/color][/color]
> for[color=green]
> > me[color=darkred]
> > > was understanding .NET security, credentials, and COM+ as these were[/color][/color][/color]
new[color=blue][color=green]
> > to[color=darkred]
> > > me.
> > >
> > > "Peter Rilling" <peter@nospam.rilling.net> wrote in message
> > > news:ewpWM6QwDHA.3196@TK2MSFTNGP11.phx.gbl...
> > > > The article that I read (and used for our project) wrapped the DPAPI[/color]
> > calls[color=darkred]
> > > > in a COM+ component. By setting the identity of the COM+ component,[/color][/color]
> you[color=green][color=darkred]
> > > can
> > > > use the user store for the account that you specify. It can be[/color][/color][/color]
secure[color=blue][color=green][color=darkred]
> > > with
> > > > a little extra work.
> > > >
> > > > "Alek Davis" <alek_xDOTx_davis_xATx_intel_xDOTx_com> wrote in[/color][/color][/color]
message[color=blue][color=green][color=darkred]
> > > > news:OpN5m2NwDHA.3436@tk2msftngp13.phx.gbl...
> > > > > In general, DPAPI will not work for ASP.NET applications, unless[/color][/color][/color]
you[color=blue][color=green]
> > use[color=darkred]
> > > > it
> > > > > with machine store, which is not very secure. Making DPAPI with[/color][/color][/color]
user[color=blue][color=green][color=darkred]
> > > store
> > > > > work for ASP.NET is a rather complex endevour.
> > > > >
> > > > > Alek
> > > > >
> > > > > "Peter Rilling" <peter@nospam.rilling.net> wrote in message
> > > > > news:uYRm1kNwDHA.3224@tk2msftngp13.phx.gbl...
> > > > > > The Data Protection API in Windows would help here. I remember[/color]
> > seeing[color=darkred]
> > > > an
> > > > > > article about how to do this in a magazine, but cannot remember[/color]
> > which[color=darkred]
> > > > one.
> > > > > >
> > > > > > The DPAPI, would require p/invoke to the Windows API.
> > > > > >
> > > > > > "Nicholas Paldino [.NET/C# MVP]"[/color][/color][/color]
<mvp@spam.guard.caspershouse.com>[color=blue][color=green][color=darkred]
> > > wrote
> > > > > in
> > > > > > message news:ekQrBsMwDHA.1740@TK2MSFTNGP12.phx.gbl...
> > > > > > > Dave,
> > > > > > >
> > > > > > > You can use the classes in the[/color][/color][/color]
System.Security.Cryptography[color=blue][color=green][color=darkred]
> > > > > namespace
> > > > > > to
> > > > > > > encrypt/decrypt a file. However, you run into another[/color][/color][/color]
problem,[color=blue][color=green][color=darkred]
> > > where
> > > > > will
> > > > > > > you store the key? If you store it in the assembly, the[/color][/color]
> assembly[color=green][color=darkred]
> > > can
> > > > be
> > > > > > > browsed to find the key and then someone else can use it to[/color]
> > decrypt[color=darkred]
> > > > your
> > > > > > > data.
> > > > > > >
> > > > > > > Hope this helps.
> > > > > > >
> > > > > > >
> > > > > > > --
> > > > > > > - Nicholas Paldino [.NET/C# MVP]
> > > > > > > - mvp@spam.guard.caspershouse.com
> > > > > > >
> > > > > > > "Dave Bailey" <anonymous@discussions.microsoft.com> wrote in[/color]
> > message[color=darkred]
> > > > > > > news:0c8c01c3c0c7$6e7dd0f0$a301280a@phx.gbl...
> > > > > > > > I need to store an encrypted connection string in the
> > > > > > > > web.config file. I have found several examples on the Net
> > > > > > > > but nothing specific as to how to accomplish task.
> > > > > > > >
> > > > > > > > Thanks in advance,
> > > > > > > >
> > > > > > > > Dave
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >[/color]
> >
> >[/color]
>
>[/color]