Archive for the ‘Security’ Category
Recently I’ve been looking into encrypting sections of web.config on a couple of web sites that reside on a web farm.
It’s not very difficult (once you figure out how to get around the fact that some of the instructions don’t work) and I’ll write another post on it once I’ve finished implementing it. But there is one major weak point: What happens if you forget the name of the key you are using? Where do you go to find the names of the RSA keys?
You’d think that listing the names of RSA key containers would be simple. After all, they are real easy to create just type:
aspnet_regiis -pc "MyKeys" -exp
(aspnet_regiis can be found in C:\WINDOWS\Microsoft.Net\Framework\v2.0.50727 or higher)
It’s so simple to do and yet if you forget the name you used then finding it again is virtually impossible.
After many, many searches on Google, Bing and DuckDuckGo, I finally found something that will list them. (Surprisingly it was highest on the DuckDuckGo search and that’s how I found it.)
It’s a simple open source app called KeyPal. Download it, open up a command prompt and run it. At start up it gives you a list of user keys, a list of commands and a blank prompt (with no “>” or anything to indicate it’s a prompt). To list machine level key containers just type “LM”, press Enter and there they are!
There is probably something in the bowels of Windows that will also do this, but I couldn’t find it after searching and searching, so kudos to the guys at JavaScience who wrote KeyPal.
I hope this gets onto search engines to help other poor slobs like me find out how to list RSA Key Container names without spending hours hunting.
ApplicationPoolIdentity is the default username you see assigned to an application pool in IIS 7.x. The only trouble with it is that Windows can’t find it when you try to assign permissions to it, such as when you want to read some files in a folder outside of your website.
Open up the Properties dialog on a folder or file and try to add ApplicationPoolIdentity to the user list on the Security tab. Ain’t gonna happen, Windows can’t find it.
But do not despair, dear reader, the answer is given here: How to assign permissions to ApplicationPoolIdentity account.
The short version: use the name “IIS APPPOOL\DefaultAppPool” and Windows will find it.
It works – I just tried it.
Hope that helps.