blue piranha
Reputation: 3876
Impersonation in ASP.NET without declaring password
I am trying to implement impersonation in ASP.NET. I am following this URL.
Microsoft beautifully explains the process.
However, I am a bit skeptical about declaring the password in web.config
Is there any way, we can achieve impersonation without declaring password?
Thank you
Upvotes: 1
Views: 2018
Answers (1)
oleksii
Reputation: 35925
If you want to use user name and password for impersonation you have to store it somewhere.
But here is a list of things you can try:
- Don't store credentials, but ask user to type them in. This will remove maintenance headache from you (user left company, password expired etc)
- Store credentials in web config using encryption
- Use Windows impersonation where currently logged in user passes a security descriptor automagically.
Upvotes: 1
Related Questions
- ASP.NET Impersonation in IIS
- Impersonalization - domain specific user without password - ASP.NET MVC
- Set up impersonation with ASP.NET
- Temporarily disable impersonation in ASP
- asp.net WindowsIdentity Impersonate from known credentials C#
- Hiding passwords for impersonation
- How to set ASP.NET security impersonation
- Impersonation in ASP.NET 2.0
- User impersonation with ASP.NET Forms Authentication
- asp.net impersonation