473,387 Members | 1,844 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > how to hash impersonated password

Join Bytes to post your question to a community of 473,387 software developers and data experts.

how to hash impersonated password

We're going to use impersonation in our web.config file to connect via
windows authentication to a SQL Server on the same domain. We'd like to
hash the password rather than store it in plain text in the web.config file
..... suggestions?

<identity impersonate="true" userName="mydomain\myuser" password="mypass"/>

Thanks in advance!

Mark
Nov 18 '05 #1
2 1919
We're on a windows network - we'd like to leverage windows authentication.
We don't have SQL Server authentication turned on at all.

I'm happy to store the hashed/encrypted password some where else, but would
appreciate a bit of guidence on a best practice to follow.

Thanks in advance.

Mark

"Adrijan Josic" <an*******@discussions.microsoft.com> wrote in message
news:C6**********************************@microsof t.com...
There's no logic in having it hashed in the web.config. If ASP.NET could login with a hashed password, so could everyone else hence someone could get
the hash from your web.config file and use it to login just as he would with
the original password.
Why not you use standard SQL identification and store your password somewhere else, perhaps encrypted(not hashed)?
You could probably also deny read/write permission on web.config to everyone except the neccessary system processes I guess...
----- Mark wrote: -----

We're going to use impersonation in our web.config file to connect via windows authentication to a SQL Server on the same domain. We'd like to hash the password rather than store it in plain text in the web.config file ..... suggestions?

<identity impersonate="true" userName="mydomain\myuser" password="mypass"/>
Thanks in advance!

Mark

Nov 18 '05 #2
microsoft supplies no secure way to do this. the best you can do is encrypt
the password and store where your like (note: all web sites on the server
will have access to it, if they know where). then your code will have to
impersonate the account before making any calls that require it. due asp.net
to thread agility (threads may switch during page processing), you can not
just do it once at the start of page processing.

-- bruce (sqlwork.com)

"Mark" <mf****@idonotlikespam.cce.umn.edu> wrote in message
news:u7**************@TK2MSFTNGP09.phx.gbl...
We're going to use impersonation in our web.config file to connect via
windows authentication to a SQL Server on the same domain. We'd like to
hash the password rather than store it in plain text in the web.config file .... suggestions?

<identity impersonate="true" userName="mydomain\myuser" password="mypass"/>
Thanks in advance!

Mark

Nov 18 '05 #3
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

6
Generating a Hash
by: Stan | last post by:
Is it possible to hash a 100 bytes string to a integer? I found a few .NET classes for that such as Sha1Managed.ComputeHash but they return bytes. I am just not sure about the idea of converting...
.NET Framework
2
password hash
by: Phil Townsend | last post by:
I have been asked to rewrite some apps that contain databases of username and passwords to store the passwords as hashes. Getting the data into a hash format is no problem. however, how do I go...
C# / C Sharp
1
NT/LM and Unix Crypt Hash Creation in C#
by: bb | last post by:
I have a requirement to create and store in our database the users password in a couple of additional hashes (we currently store an MD5 hash) the spec is pretty brief... Spec: Store the NT...
C# / C Sharp
5
Change impersonated user during runtime
by: Markus Stehle | last post by:
Hi all! I have asp.net web application that uses static impersonation. Is it possible to change the impersonated user during runtime? Within some parts of my application I would like to...
ASP.NET
1
returning authentication from hash password
by: TG | last post by:
I have code to encrypt a password using the FormsAuthentication.HashPasswordForStoringInConfigFile but I need to know how to take that hash password and return it back to the form having...
ASP.NET
8
Decrypting SHA1 Hash
by: Adam Carpenter | last post by:
Hello, I have my users passwords stored to my DB hashs created using SHA1CryptoServiceProvider, here is the function: Public Shared Function EncryptPassword(ByVal password As String) As Byte()...
Visual Basic .NET
2
.NET hash/Cryptography newby question
by: johnnyG | last post by:
Greetings, I'm studying for the 70-330 Exam using the MS Press book by Tony Northrup and there are 2 side-by-side examples of using the SHA1CryptoServiceProvider to create a hash value from a...
.NET Framework
4
PHP Login Script, Why MD5 Hash?
by: MS | last post by:
Hi, I'm writing a PHP login script for a web site. I've looked at several examples on the web and some of them use MD5 hashes for the password. They do this in various ways. EG. a) Storing...
PHP
10
Simple MD5 Hash - Different output on different OS
by: Smurff | last post by:
Hi All, Should an md5 hash of the same string output the same hash on Windows and Unix? I downloaded md5.c from http://www.advogato.org/article/830.html and compiled it on windows via cygwin...
C / C++
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!