tags:

views:

110

answers:

3
Q: 

.netCART Credit Card Decryption - IIS 7 App Pool and Decryption issue

I've got a site using .netCART. It's running fine in production with Windows Server 2003 and .NET 2.0. On the new server (Windows Server 2008) everything is working except for credit card decryption in the store admin. No errors are being sent, no exceptions thrown, just the encrypted string being output to the screen instead of a decrypted credit card number.

Dim strCCEncrypt As String
strCCEncrypt = Trim(DataRow.Item("CreditCard"))
strCCEncrypt = tools.Decrypt(strCCEncrypt) 'tools is a .netCART utility

Has anyone had experience with .netCART, or seen this issue before?

EDIT: After much investigating yesterday, it seems as though the problem is tied to the App Pool (which is running in classic pipeline mode on .NET 2.0), and Decryption. Can anyone tell me what the processes or services are that are tied to the default app pool which help handle decryption?

A: 

Don't know where your specific problem is, but that code snippet is equivalent to this:

Dim CCEncrypt As String = tools.Decrypt(DataRow("CreditCard").ToString().Trim())

To explain the changes:

  • You can skip the .Item part because it's an indexer for DataRow
  • But you should call .ToString(), in case of other types or DbNulls
  • Then use the string type's .Trim() method rather than the VB Trim() function. Trim() and other old string functions exist solely for backwards compatibility. You're better off becoming accustom to the methods attached to the string type.
  • In .Net, it's no big deal to declare a variable and assign to it on the same line
  • And in .Net, Microsoft's style guidelines specifically recommend against any hungarian-notation type warts on variable names.
Joel Coehoorn  2009-05-19 00:31:27
thanks for the comments. Unfortunately this is inherited code that I am simply maintaining. I was doing some more investigating yesterday, and it seems as though the problem lies within the App Pool that the site is using and some process or service that is tied to it. Also, out of curiosity, if MS's style guides recommend against hungarian-notation, then what do they recommend?
MasterMax1313  2009-05-19 11:52:15
You can see for yourself here: http://msdn.microsoft.com/en-us/library/ms229002.aspx To summarize: mostly plain PascalCase or camelCase with no prefixes.
Joel Coehoorn  2009-05-19 12:40:03
A: 

The end result of this problem was that I used Reflector to get the method out, provide the key manually to perform the decryption, since the decrypt method shown above just provided a call to a method that took the key.

MasterMax1313  2009-06-02 15:14:49
A: 

Check the machinekey element in your web.config. Is it possible the credit cards were encrypted with a different key than you are trying to decrypt them with?

Jeffrey Hines  2009-06-02 15:20:10
no, they weren't, they were being encrypted with something else.
MasterMax1313  2009-06-02 16:12:33
My guess would be that the key that is used to encrypt and decrypt is different on this machine than the old one. You need to determine where the key is stored and see if they are the same.
Jeffrey Hines  2009-06-02 17:44:49

related questions

What are the most important functional differences between C# and VB.NET?
Setting Group Type for new Active Directory Entry in VB.NET
ASP.Net Datagrid: in Footer calculate Avg or Sum for column
Opening a file in my application from File Explorer
HTML Email Editor in a Windows Forms Application
Datatables, Dataviews and distincts! (ASP.Net/VB)
Naming convention for VB.NET private fields
Visual Studio - new "default" property values for inherited controls
Change the width of a scrollbar
Is String.Format as efficient as StringBuilder
Default Form Button in FireFox
VB.NET - IsNothing versus Is Nothing
'Break' equivalent keyword for VB
What is the best way to wrap time around the work day?
Best SVN Client Ignore Pattern for VB.NET Solutions?
Long-time LAMP Developer moving to VB.NET
What's the best way to find long-running code in a Windows Forms Application
What is the best way to deploy a VB.NET application?
'Best' Diff Algorithm
Setting Objects to Null/Nothing after use in .NET
CSV File Imports in .Net
How do you migrate a large app from VB6 to VB .net ?
Floating Point Number parsing: Is there a Catch All algorithm?
Decoding T-SQL CAST in C#/VB.net
Reliable Timer in a Console Application