Impersonate and encrypt user account to call Web Service from ASP.NET application

Question

I have an ASP.NET Web Forms application and I need to impersonate an account to connect to a Web Service. The application always connects with the same account and has to be encrypted.

The client is MyWebServiceClient() my code is:

MyWebService.MyWebServiceClient client = new MyWebService.MyWebServiceClient();

client.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;
client.ClientCredentials.Windows.ClientCredential = new NetworkCredential(username, password, domain);

And it works perfectly. The problem is how to encrypt these data. Is it possible to do it inside the web.config within the web service binding?

<security mode="TransportCredentialOnly">
    transport clientCredentialType="Windows" realm="" />
<security>

If that is the case, how can I retrieve them from code? Thanks

What do you want to encrypt? The credentials in webconfig? The traffic between your application and the webservice? — Oscar, Sep 11 '12 at 14:09

score 1 · Answer 1 · edited May 23 '17 at 12:12

1

Add your credentials to the app settings section. Then encrypt that section using aspnet_regis tool

How to encrypt one entry in web.config

http://www.dotnetprofessional.com/blog/post/2008/03/03/Encrypt-sections-of-WebConfig-or-AppConfig.aspx

Best regards asere.

edited May 23 '17 at 12:12

Community

1
1

answered Sep 11 '12 at 14:12

Oscar

13,594
8
47
75

Thanks! what shall I put in the security section of the web.config as client credentials? – CiccioMiami Sep 11 '12 at 14:30
1

The kind of client credentials your ws is configured to receive... http://msdn.microsoft.com/en-us/library/system.servicemodel.httptransportsecurity.clientcredentialtype.aspx – Oscar Sep 11 '12 at 15:18

Impersonate and encrypt user account to call Web Service from ASP.NET application

1 Answers1