G
Guest
We have some .dlls that we have written that use config files to store
configuration information such as usernames and passwords. In a previous
posting I asked for some suggestions for encrypting the passwords. Someone
suggested DPAPI and after some research this sounded like a good idea. After
implementing this solution I find that there is a problem. DPAPI decryption
is user based. The password that is stored in the config file is only
decrypted correctly if the person running the application is the same person
who encrypted it. This works fine for simple apps. However in my case the
..dlls that I've written could be called by an application, a web service or a
windows service all which may be running under the context of a different
user account.
Now that I realize this, I think DPAPI is the wrong choice. Can anyone
offer a suggestion of a simpler method of encryption. FYI: The passwords
that I'm storing aren't admin password. The are usually just domain accounts
that have rights for certain directories.
configuration information such as usernames and passwords. In a previous
posting I asked for some suggestions for encrypting the passwords. Someone
suggested DPAPI and after some research this sounded like a good idea. After
implementing this solution I find that there is a problem. DPAPI decryption
is user based. The password that is stored in the config file is only
decrypted correctly if the person running the application is the same person
who encrypted it. This works fine for simple apps. However in my case the
..dlls that I've written could be called by an application, a web service or a
windows service all which may be running under the context of a different
user account.
Now that I realize this, I think DPAPI is the wrong choice. Can anyone
offer a suggestion of a simpler method of encryption. FYI: The passwords
that I'm storing aren't admin password. The are usually just domain accounts
that have rights for certain directories.