Hi All,
I need to encrypt some fields esp password key values in configuration
file while installting the application using .Net installer project
and decrypt those values from my solution(window s service). Is there
any built in method in.Net that I can use. The flow would be like
this:
Accept username/password from .Net installer dialog
V
Encrypt the value for password while writing into config file
V
Decrypt the value for password in windows service code
I tried Googling but most of the links provide information on
encryptiing the complete <appSettingssec tions. I would want to
encrypt only the value for Password key in appsettings.Wou ld
appreciate if anybody could give any inputs on this.
Thanks in advance,
Aneesh 6  11964 
On Jun 1, 10:45 am, Aneesh P <anees...@gmail .comwrote:
Hi All,
I need to encrypt some fields esp password key values in configuration
file while installting the application using .Net installer project
and decrypt those values from my solution(window s service). Is there
any built in method in.Net that I can use. The flow would be like
this:
Accept username/password from .Net installer dialog
V
Encrypt the value for password while writing into config file
V
Decrypt the value for password in windows service code
I tried Googling but most of the links provide information on
encryptiing the complete <appSettingssec tions. I would want to
encrypt only the value for Password key in appsettings.Wou ld
appreciate if anybody could give any inputs on this.
Thanks in advance,
Aneesh
Dear Aneesh,
you can use the ProtectSection method of the SectionInormati on class. http://msdn2.microsoft.com/en-us/lib...ctsection.aspx
Feel free to ask any further questions.
Cheers,
Moty
Thank you Moty for the info.
Actually i need to encrypt only the password fields and decrypt the
same fields in the code. That's requirement. I am thinking of using
TripleDESCrypto ServiceProvider to encrypt the password. We can use one
ciphertext and one key. Key can be placed in config file. Can we
hardcode the ciphertext, considering the security aspects.Please
correct me if this approach is wrong.
Regards
Aneesh P
On Jun 1, 11:10 am, Aneesh P <anees...@gmail .comwrote:
Thank you Moty for the info.
Actually i need to encrypt only the password fields and decrypt the
same fields in the code. That's requirement. I am thinking of using
TripleDESCrypto ServiceProvider to encrypt the password. We can use one
ciphertext and one key. Key can be placed in config file. Can we
hardcode the ciphertext, considering the security aspects.Please
correct me if this approach is wrong.
Regards
Aneesh P
Hi,
First of all there has been lot's of discussions on whether to save
sensitive data in configuration files or not, and in my opinion try to
avoid it.
But, I guess you've considered the security issues.
You don't have to decrypt the data when using the ProtectSection
method. The framework doe's that for you. You load the setting
seamlessly.
I would use the RsaProtectedCon figurationProvi der.
To be able to encrypt only the sensitive data, create a new section in
your application settings and encrypt only that section. I would
suggest passing the information in the installer context (Custom
Action).
Configuration config =
ConfigurationMa nager.OpenExeCo nfiguration(<ex ecutable path>);
if (config != null)
{
ConfigurationSe ction section =
config.GetSecti on(<section name>);
if (section != null)
{
// Make sure that the section is not yet
protected
if (!section.Secti onInformation.I sProtected)
{
if (!section.Secti onInformation.I sLocked)
{
//Protecting the specified section
with the specified provider
section.Section Information.Pro tectSection("Rs aProtectedConfi gurationProvide r");
// Force saving of the section
section.Section Information.For ceSave =
true;
config.Save(Con figurationSaveM ode.Modified);
}
}
}
}
Hope this helps.
Moty
On Jun 1, 1:59 pm, Moty Michaely <Moty...@gmail. comwrote:
On Jun 1, 11:10 am, Aneesh P <anees...@gmail .comwrote:
Thank you Moty for the info.
Actually i need to encrypt only the password fields and decrypt the
same fields in the code. That's requirement. I am thinking of using
TripleDESCrypto ServiceProvider to encrypt the password. We can use one
ciphertext and one key. Key can be placed in config file. Can we
hardcode the ciphertext, considering the security aspects.Please
correct me if this approach is wrong.
Regards
Aneesh P
Hi,
First of all there has been lot's of discussions on whether to save
sensitive data in configuration files or not, and in my opinion try to
avoid it.
But, I guess you've considered the security issues.
You don't have to decrypt the data when using the ProtectSection
method. The framework doe's that for you. You load the setting
seamlessly.
I would use the RsaProtectedCon figurationProvi der.
To be able to encrypt only the sensitive data, create a new section in
your application settings and encrypt only that section. I would
suggest passing the information in the installer context (Custom
Action).
Configuration config =
ConfigurationMa nager.OpenExeCo nfiguration(<ex ecutable path>);
if (config != null)
{
ConfigurationSe ction section =
config.GetSecti on(<section name>);
if (section != null)
{
// Make sure that the section is not yet
protected
if (!section.Secti onInformation.I sProtected)
{
if (!section.Secti onInformation.I sLocked)
{
//Protecting the specified section
with the specified provider
section.Section Information.Pro tectSection("Rs aProtectedConfi gurationProvide *r");
// Force saving of the section
section.Section Information.For ceSave =
true;
config.Save(Con figurationSaveM ode.Modified);
}
}
}
}
Hope this helps.
Moty
Yes Moly this is a nice approach. Thanks a lot for the details and
code snippet.
But one problem we would face is changing the information in config
files. Installer would handle writing config info for once time only.
Once the config file has been stored and afterwards if user wants to
change the password(since he is a domain user and has to change
password) it would not be possible
for him to change it directly in config file, right?. Am thinking of
putting this in a seperate component probably a windows form
application so that user can change config options as and when
required.
Thanks,
Aneesh P
On Jun 1, 12:41 pm, Aneesh P <anees...@gmail .comwrote:
On Jun 1, 1:59 pm, Moty Michaely <Moty...@gmail. comwrote:
On Jun 1, 11:10 am, Aneesh P <anees...@gmail .comwrote:
Thank you Moty for the info.
Actually i need to encrypt only the password fields and decrypt the
same fields in the code. That's requirement. I am thinking of using
TripleDESCrypto ServiceProvider to encrypt the password. We can use one
ciphertext and one key. Key can be placed in config file. Can we
hardcode the ciphertext, considering the security aspects.Please
correct me if this approach is wrong.
Regards
Aneesh P
Hi,
First of all there has been lot's of discussions on whether to save
sensitive data in configuration files or not, and in my opinion try to
avoid it.
But, I guess you've considered the security issues.
You don't have to decrypt the data when using the ProtectSection
method. The framework doe's that for you. You load the setting
seamlessly.
I would use the RsaProtectedCon figurationProvi der.
To be able to encrypt only the sensitive data, create a new section in
your application settings and encrypt only that section. I would
suggest passing the information in the installer context (Custom
Action).
Configuration config =
ConfigurationMa nager.OpenExeCo nfiguration(<ex ecutable path>);
if (config != null)
{
ConfigurationSe ction section =
config.GetSecti on(<section name>);
if (section != null)
{
// Make sure that the section is not yet
protected
if (!section.Secti onInformation.I sProtected)
{
if (!section.Secti onInformation.I sLocked)
{
//Protecting the specified section
with the specified provider
section.Section Information.Pro tectSection("Rs aProtectedConfi gurationProvide *r");
// Force saving of the section
section.Section Information.For ceSave =
true;
config.Save(Con figurationSaveM ode.Modified);
}
}
}
}
Hope this helps.
Moty
Yes Moly this is a nice approach. Thanks a lot for the details and
code snippet.
But one problem we would face is changing the information in config
files. Installer would handle writing config info for once time only.
Once the config file has been stored and afterwards if user wants to
change the password(since he is a domain user and has to change
password) it would not be possible
for him to change it directly in config file, right?. Am thinking of
putting this in a seperate component probably a windows form
application so that user can change config options as and when
required.
Thanks,
Aneesh P
Dear Aneesh,
Protected sections are read only so I guess you'll need to unprotect
the section to edit the inforamtion and then protect it again.
see the following article: http://msdn2.microsoft.com/en-us/library/53tyfkaw.aspx
Good luck.
Hope this helps.
Moty
On Jun 2, 3:28 pm, Moty Michaely <Moty...@gmail. comwrote:
On Jun 1, 12:41 pm, Aneesh P <anees...@gmail .comwrote:
On Jun 1, 1:59 pm, Moty Michaely <Moty...@gmail. comwrote:
On Jun 1, 11:10 am, Aneesh P <anees...@gmail .comwrote:
Thank you Moty for the info.
Actually i need to encrypt only the password fields and decrypt the
same fields in the code. That's requirement. I am thinking of using
TripleDESCrypto ServiceProvider to encrypt the password. We can use one
ciphertext and one key. Key can be placed in config file. Can we
hardcode the ciphertext, considering the security aspects.Please
correct me if this approach is wrong.
Regards
Aneesh P
Hi,
First of all there has been lot's of discussions on whether to save
sensitive data in configuration files or not, and in my opinion try to
avoid it.
But, I guess you've considered the security issues.
You don't have to decrypt the data when using the ProtectSection
method. The framework doe's that for you. You load the setting
seamlessly.
I would use the RsaProtectedCon figurationProvi der.
To be able to encrypt only the sensitive data, create a new section in
your application settings and encrypt only that section. I would
suggest passing the information in the installer context (Custom
Action).
Configuration config =
ConfigurationMa nager.OpenExeCo nfiguration(<ex ecutable path>);
if (config != null)
{
ConfigurationSe ction section =
config.GetSecti on(<section name>);
if (section != null)
{
// Make sure that the section is not yet
protected
if (!section.Secti onInformation.I sProtected)
{
if (!section.Secti onInformation.I sLocked)
{
//Protecting the specified section
with the specified provider
section.Section Information.Pro tectSection("Rs aProtectedConfi gurationProvide **r");
// Force saving of the section
section.Section Information.For ceSave =
true;
config.Save(Con figurationSaveM ode.Modified);
}
}
}
}
Hope this helps.
Moty
Yes Moly this is a nice approach. Thanks a lot for the details and
code snippet.
But one problem we would face is changing the information in config
files. Installer would handle writing config info for once time only.
Once the config file has been stored and afterwards if user wants to
change the password(since he is a domain user and has to change
password) it would not be possible
for him to change it directly in config file, right?. Am thinking of
putting this in a seperate component probably a windows form
application so that user can change config options as and when
required.
Thanks,
Aneesh P
Dear Aneesh,
Protected sections are read only so I guess you'll need to unprotect
the section to edit the inforamtion and then protect it again.
see the following article:http://msdn2.microsoft.com/en-us/library/53tyfkaw.aspx
Good luck.
Hope this helps.
Moty- Hide quoted text -
- Show quoted text -
Yes I've seen that we need to unprotect and modify the protected
section. Thanks for the link, it points to the right direction. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Alan Murrell |
last post by:
Hello,
I am setting up a Postfix + MySQL + Courier-IMAP system. I am trying
to write a shell script which will insert the values into the
database. For the password encryption, I wish to use MySQL's
encrypt() function. Thisis what I have in my script:
echo "INSERT INTO users(id,address,crypt,clear,name,domain,maildir)" >
/tmp/insert.sql
echo " ...
|
by: Neelima Godugu |
last post by:
Hi All,
Is there a way to modify AppSettings key values during installation of a web
app using a web setup project.
Thanks in advance.
Neelima
|
by: Tumurbaatar S. |
last post by:
Hi!
In old ASP I used Application collection to store configuration settings
like ADO connection string. In .NET, it seems, the preferred method is
using Web.config file. Yes? If I'm right then how to add (manually) and
retrieve (from app) custom values?
Thank you!
P.S. It seems, VS.NET does not have tool to modify Web.config file.
Developer should update this file manually as text?
|
by: Brett |
last post by:
If I have many hard coded values such as file paths, file names, timeouts,
etc, where is the best place to define them? Meaning, in the case something
needs changing for example, rather than running down all the subs or
functions that may contain these values, I'd like one place to change them
and have that changed reflected in the subs or functions that use those
values. I'd like to avoid globals; keeping the values private to only those...
|
by: Islamegy® |
last post by:
I give up.. I tried everything to encrypt querystring and decrypt it back
but this never success.. i use RSA encryption. I always get excption when
Convert fromBase64String so i tried HttpUtitlity.UrlEncode() but i got bad
data Exception..
Is there anyway to work around this??
| | |
by: Tom |
last post by:
Is it possible to encrypt a value in the my.settings area in VB.NET
2005? I.E. Can I add a settings value (via My Project / Settings) and
have it encrypt that value so that if anyone looks at the resulting
app.config file the value is encrypted? If so, (1) How do you specify
the value to be encrypted? And (2) How do you access it now from VB?
Can you still go through My.Settings??
Tom
--
|
by: -Steve- |
last post by:
I've encrypted the appsettings in my web.config file using the following
command:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727>aspnet_regiis.exe -pe
"appSettings
" -app "/passwordReset"
Once I do that though my webapp can no longer read the values out of the
web.config file. I'm retrieving the values using
|
by: Peted |
last post by:
Hi,
im wanting to store some custom text strings in the app.config file of
a c# app, to be retreived and updated when the app runs.
using c# 2005 express
in my testing i am using the code bellow, and its almost idenictal to
every web example i have found. They all suggest the values and file
can be read from and updated. The code bellow runs, with no errors of
|
by: =?Utf-8?B?Sm9u?= |
last post by:
Hello,
I have tried to use the app.config and settings.cs files to store my data
(which I want to be user changeable at runtime). I can write to (what I
assume is an object in memory) and it does seem to work...however, once the
application is closed and reopened the changes are lost. How do I persist
the information?
Here is some sample code using both methods:
//////Using Properties.Settings///////
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
