RE: Encrypting Data EDRA Conenction string
- From: stcheng@xxxxxxxxxxxxxxxxxxxx (Steven Cheng[MSFT])
- Date: Thu, 01 Sep 2005 04:45:06 GMT
En yes, I think read permission is always necessary since when
impersonating the worker thread will running under the client's logon
session whose permission set is quite important. Also,if you won't modify
the key frequently, you can put write permission away.
Thanks,
Steven Cheng
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
--------------------
| Thread-Topic: Encrypting Data EDRA Conenction string
| thread-index: AcWuDJs7zUV3qc4+SwaGL/Sd7hretA==
| X-WBNR-Posting-Host: 198.240.129.49
| From: "=?Utf-8?B?UGF0cmljaw==?=" <questions@xxxxxxxxxxxxxxxx>
| References: <44C0DD9C-7D27-46D7-A2D0-A7B8D0166C8B@xxxxxxxxxxxxx>
<HuyOVGfrFHA.4020@xxxxxxxxxxxxxxxxxxxxx>
| Subject: RE: Encrypting Data EDRA Conenction string
| Date: Wed, 31 Aug 2005 02:16:01 -0700
| Lines: 84
| Message-ID: <2B7C9EC0-C633-4485-9C42-44617AA3F0BE@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.dotnet.framework
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.dotnet.framework:31775
| X-Tomcat-NG: microsoft.public.dotnet.framework
|
| Running the ASP.NET with impersonation (as the logged on user in
Intranet).
| Does that impersonated user nead write as well as read permission on the
key
| file?
|
| "Steven Cheng[MSFT]" wrote:
|
| > Hi Sir,
| >
| > Welcome to MSDN newsgroup.
| > Regarding on the file path setting in enterprise library's
configuration
| > file problem, here are some of my understandings:
| >
| > For the file reference path in the enterprise library's configuration
file,
| > they are all absolute physical path by default. This is necessary
because
| > at the runtime enterprise library would be loaded by the target
| > application's process, and the runtime will use system IO api to locate
the
| > file, when encountering relative file path, it will consult the host
| > process's Current Directory enviornment value( this is changeable in
| > different process or condition). For asp.net application which running
in
| > the workerprocess( aspnet_wp or w3wp) , these processes are luanched by
IIS
| > process, so it's likely that the default current dir will derive from
the
| > IIS process which is under the %windir% system32.
| > So for such file reference in configuation file, we're always
recommended
| > to use the absolute physical path, and when deploying to different
server,
| > we need to adjust the path value to the correct value, that's also the
| > reasonable reasonable why use configure file to add additional
abstraction.
| >
| > Thanks,
| >
| > Steven Cheng
| > Microsoft Online Support
| >
| > Get Secure! www.microsoft.com/security
| > (This posting is provided "AS IS", with no warranties, and confers no
| > rights.)
| >
| >
| > --------------------
| > | Thread-Topic: Encrypting Data EDRA Conenction string
| > | thread-index: AcWtiZYsJtvg7ScfSoyyLHK7NjvOtQ==
| > | X-WBNR-Posting-Host: 198.240.129.49
| > | From: "=?Utf-8?B?UGF0cmljaw==?=" <questions@xxxxxxxxxxxxxxxx>
| > | Subject: Encrypting Data EDRA Conenction string
| > | Date: Tue, 30 Aug 2005 10:38:09 -0700
| > | Lines: 16
| > | Message-ID: <44C0DD9C-7D27-46D7-A2D0-A7B8D0166C8B@xxxxxxxxxxxxx>
| > | MIME-Version: 1.0
| > | Content-Type: text/plain;
| > | charset="Utf-8"
| > | Content-Transfer-Encoding: 7bit
| > | X-Newsreader: Microsoft CDO for Windows 2000
| > | Content-Class: urn:content-classes:message
| > | Importance: normal
| > | Priority: normal
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| > | Newsgroups:
| >
microsoft.public.vsnet.enterprise.tools,microsoft.public.dotnet.framework
| > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| > | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.dotnet.framework:31728
| > microsoft.public.vsnet.enterprise.tools:1303
| > | X-Tomcat-NG: microsoft.public.dotnet.framework
| > |
| > | With reference to
| > |
http://msdn.microsoft.com/msdnmag/issues/05/07/DataPoints/default.aspx
| > | (Encrypting Microsoft Data EDRA connection string with Enterprise
Library
| > | June 2005)
| > |
| > | A web.config that contains something like
<keyAlgorithmStorageProvider
| > | xsi:type="FileKeyAlgorithmPairStorageProviderData" name="File Key
| > Algorithm
| > | Storage Provider" path="C:\dev\myApp\encryptionKey.key"> is generated
in
| > | web.config.
| > |
| > | This is fine on MY Machine. Except that in a UAT/production
environment,
| > | the virtual directories are not c:\dev..... . When I leave out
| > | "C:\dev\myApp", IIS merely try to look for the key file in
| > c:\winnt\system32.
| > |
| > | How can I keep the key file in the virtual directory and use a
"relative
| > | path" so in an UAT/production environment, I would be fine.
| > |
| >
| >
|
.
- Prev by Date: Re: Logging & Instrumentation App Block & ASP
- Next by Date: Re: COM+ and NetworkCredential problem
- Previous by thread: Re: how to select a row from the listview?
- Next by thread: Re: COM+ and NetworkCredential problem
- Index(es):
Relevant Pages
|
