views:

29

answers:

1

I have an ASP.NET application that requires impersonation as an administrator user. In web.config:

<identity impersonate="true" userName="administrator" password="password"/>

The customer complained about saving the password in clear text format. Is there a way to save the password here as hashed?

A: 

aspnet_regiis with the appropriate switch should do the trick, see this article.

RandomNoob
thanks, I also found a windows application that encrypt the config file http://blogs.msdn.com/b/knowledgecast/archive/2008/07/29/encrypting-configuration-settings-in-net-2-0.aspx
ala