Need to dynamically set the impersonate password value

Question

I've read a few posts on impersonation but I'm not sure I completely understand how it works.

We have an existing web app running under IIS. We are using identity impersonate in the Web.config file for the database connection id as follows:

<identity impersonate="true" userName="MY_DBID" password="mypassword"
xdt:Transform="SetAttributes(impersonate,userName,password)" />

We are now trying to remove the clear-text hardcoded passwords from the application.

We have a third party software package that stores/manages account passwords. I am calling that service from Application_Start in Global.asax.cs and obtaining the password for MY_DBID.

Is there a way I can pass/use this password in the password="mypassword" parm of the Web.config impersonation? Other suggestions are welcome. Thanks

Answer 1

Ended up using an Impersonator class scheme documented at the link below. Thanks http://www.codeproject.com/articles/10090/

Answer 2

The identity tag is running your entire web application as that user. Application_Start is too late, as the framework has already attempted to impersonate that user. You are not going to be able to accomplish this with code in your application.

You should store your impersonation credentials in encrypted form in the registry as per the remarks section of this page on the <identity> element.