ASP.Net 2.0 – Impersonation and securing Identity elements
ASP.Net 2.0 application can use impersonation by changing value in web.config.
<identity impersonate=”true” userName=”YourUserName” password=”YourPassword” />
User you are impersonating as requires some privileges to execute ASP.Net application which can be supplied by executing following command:
aspnet_regiis -ga YourUserName
However username and password values should be secured. Identity elements can be secured by storing in registry. Information related to identity impersonation can be found at http://msdn2.microsoft.com/en-us/library/72wdk8cc(VS.80).aspx or http://support.microsoft.com/kb/329290
Creating registry entry
- Download aspnet_setreg.exe zip from http://support.microsoft.com/kb/329290
- Extract content to D:\Tools
- Start command promp and
- Run cd D:\Tools
- Run aspnet_setreg.exe -k:SOFTWARE\CompanyName\ApplicationName\identity -u:”YourUserName” -p:”YourPassword”
Adding access to registry
- Click Start, click Run, type regedt32 in the Open box, and then click OK.
- Click the HKEY_LOCAL_MACHINE\SOFTWARE\CompanyName\ApplicationName\identity\ASPNET_SETREG.
- On Microsoft Windows XP or on Windows Server 2003, right-click the registry key, and then click Permissions.
- Click Add. In the dialog box that opens, type yourservername\NetWork Service (or yourservername\ASPNET when using IIS 5.0), and then click OK.
- Make sure that the account that you just added has Read permissions, and then click OK.
- Close Registry Editor.
This encrypted registry entries can be used within configuration as following:
<identity impersonate=”true” userName=”registry:HKLM\SOFTWARE\CompanyName\ApplicationName\identity\ASPNET_SETREG,userName” password=”registry:HKLM\SOFTWARE\CompanyName\ApplicationName\identity\ASPNET_SETREG,password” />
leave a comment