0

I am currently making a WCF service that is hosted on an IIS. There are however some of my parameters that are hardcoded as strings inside the service and I would like to be able to adjust these without having to restart the service or the IIS.

I was thinking about reading them from a file but preferably the parameters should not be adjustable by anyone but me. Then I thought about making a separate library with the parameters and add it as a dependency to the main project. Whenever I would have to change parameters I would just switch the library in the bin folder of the project on the IIS, but I don't know if this is even feasible.

You can think of what I am trying to accomplish as a licensing module. Say I have a license code and a date in my file/library and every 3 months (otherwise the service will not work) I have to replace it (if the customer renews) and it should only be me that can do it. I realize this is probably not how you would do licensing it is just an example.

Peter

PNS
  • 750
  • 1
  • 5
  • 19
  • why not add these settings in the web.config and than encrypt that part? – Cerveser Mar 15 '19 at 13:36
  • Hi Cerveser. Do you have a link to an article explaining how to do this? This sound like exactly what I need. – PNS Mar 15 '19 at 13:47
  • search for web.config encrypt: https://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff647398(v=pandp.10) – Cerveser Mar 15 '19 at 17:22
  • thanks Cerveser, I will look into this as well as DPAPI as suggested by alexrait below. – PNS Mar 19 '19 at 13:05

1 Answers1

0

You probably know that if it is a .NET app, then it is very easy to decompile and patch it.

You can use DPAPI for encryption like this: 1. Create a winform/console application which will do the encryption with "LocalMachine" context or a dedicated user on that server. 2. Encrypt a secret string with that app. 3. Decrypt the secret on web application startup with "LocalMachine" or run the application pool with a dedicated user.

Include reference to System.Security, then do something like below and you're done.

DPAPI password encryption in C# and saving into database.Then Decrypting it using a key

alexrait
  • 407
  • 3
  • 15
  • Hi alexrait, I will look into DPAPI, thanks. I do not have access to modify the actual application pool (only my own application within it), but this might not be necessary ?! Thanks for your input. – PNS Mar 19 '19 at 13:04
  • No need to touch the application pool. You can encrypt with LocalMachine. Look at the parameters of the Protect and Unprotect functions. – alexrait Mar 22 '19 at 16:49