Impersonated User Password in Plain Text

This forum is now locked, since Gold Support is no longer offered.

Moderator: SourceGear

Locked
Tom.Wells
Posts: 65
Joined: Tue Sep 21, 2004 10:35 am

Impersonated User Password in Plain Text

Post by Tom.Wells » Thu Mar 23, 2006 10:09 am

After running the IdentitySwitcher I see that the password I entered for the domain user I selected is saved in plain text in the Web.config file. Is that the only option? Can it be encrypted? Leaving a password laying around in plain text is undesirable.

Also how do I return the server to non-impersonated security?

Thanks

Tom

lbauer
Posts: 9736
Joined: Tue Dec 16, 2003 1:25 pm
Location: SourceGear

Post by lbauer » Thu Mar 23, 2006 11:04 am

You might want to review these links from Microsoft on ASP.NET impersonation and options regarding the plaintext password:

http://msdn2.microsoft.com/en-us/library/xh507fc5.aspx

http://msdn2.microsoft.com/en-us/librar ... S.80).aspx
Also how do I return the server to non-impersonated security?
I'd suggest uninstalling (keep the database) and reinstalling the Vault Server, using the Machine\ASPNET (Win 2000 or XP) or NT Authority\Network Service (Win2003 Server) account.
Linda Bauer
SourceGear
Technical Support Manager

Locked