On Monday the 3 monthly password change happened and the account I use for testing this application also had it’s password changed. Oh joy.
This is an app that uses windows authentication but my test server has an identity impersonate to make sure it always uses the same account. Which is not the account I use to develop on my machine.
Anyway. I noticed that the password was wrong because of this.
Yay, it shows my username and password in plaintext.
It is to note that this also happens before Nancy even get’s in to the game.
So I would like to encrypt that section.
I could use aspnet_Regiis -pef system.web/identity pathtowebsite
to get around that. But then I guess I would have to do that everytime that password changes. And I’m to lazy for that.
But I can also do that on Application startup in the Global.Asax. To make sure it is encrypted every time the application started.
So in the Gloabl.asax in the Application_Start method I put this.
vbnet
Log.Debug("Rootpath = {0}", "")
Dim config = WebConfigurationManager.OpenWebConfiguration("")
Dim section = config.GetSection("system.web/identity")
Log.Debug("Section = {0}", section.ToString)
If section IsNot Nothing AndAlso Not section.SectionInformation.IsProtected Then
section.SectionInformation.ProtectSection("RSAProtectedConfigurationProvider")
config.Save()
End If
And now I get this errormessage.
So there, it works and I’m happy, let’s move on.