On Monday the 3 monthly password change happened and the account I use for testing this application also had it’s password changed. Oh joy.

This is an app that uses windows authentication but my test server has an identity impersonate to make sure it always uses the same account. Which is not the account I use to develop on my machine.

Anyway. I noticed that the password was wrong because of this.

Yay, it shows my username and password in plaintext.

It is to note that this also happens before Nancy even get’s in to the game.

So I would like to encrypt that section.

I could use aspnet_Regiis -pef system.web/identity pathtowebsite to get around that. But then I guess I would have to do that everytime that password changes. And I’m to lazy for that.

But I can also do that on Application startup in the Global.Asax. To make sure it is encrypted every time the application started.

So in the Gloabl.asax in the Application_Start method I put this.

vb.net
1
2
3
4
5
6
7
8
Log.Debug("Rootpath = {0}", "")
        Dim config = WebConfigurationManager.OpenWebConfiguration("")
        Dim section = config.GetSection("system.web/identity")
        Log.Debug("Section = {0}", section.ToString)
        If section IsNot Nothing AndAlso Not section.SectionInformation.IsProtected Then
            section.SectionInformation.ProtectSection("RSAProtectedConfigurationProvider")
            config.Save()
        End If
Log.Debug("Rootpath = {0}", "")
        Dim config = WebConfigurationManager.OpenWebConfiguration("")
        Dim section = config.GetSection("system.web/identity")
        Log.Debug("Section = {0}", section.ToString)
        If section IsNot Nothing AndAlso Not section.SectionInformation.IsProtected Then
            section.SectionInformation.ProtectSection("RSAProtectedConfigurationProvider")
            config.Save()
        End If

And now I get this errormessage.

So there, it works and I’m happy, let’s move on.