Using the tutorial:

Protecting Connection Strings and Other Configuration Information

http://www.asp.net/learn/data-access...ial-73-cs.aspx

The sample code works fine, but it does not work in my web application on my
local machine or on a test server.

When I try to encrypt my sql connection string, I get an error message:
Access to the path 'c:\inetpub\wwwroot\....\cjhspoo2.tmp' is denied.

web.config line 0

I assume it is here:
Configuration config =
System.Web.Configuration.WebConfigurationManager.O penWebConfiguration(Request.ApplicationPath);

I have tried changing settings in IIS 6.0 with no luck. The sample program
code works but not with my website.

Is there some other permission that needs to be set?

Will this ever work on a shared server or is there a better approach?
--
Thank you very much,

Greg G

the worker process would need write access to the webroot - nothing you want
to do!

better write a console app or use aspnet_regiis.exe (under an admin account)
to encrypt sections at deployment time.


-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

"Dominick Baier" wrote:

Uh... I'm having the same problem.
I got the idea to do this from page 113-114 of your book.

I'm working in an environment where I don't have access to the web server so
I cannot run any command line utilities or install utilities. All I can do
is publish my application there - given that I thought the solution in your
book would allow me to publish it and place code in the Application_Start
that would automatically encrypt my connection strings the first time the
application ran.

While the code works in local mode I cannot get it working once published to
the web server. I get the same errors the fellow who started this thread is
getting.