I have a windows service with an accompanying config file. The service is going to be installed on a bunch of lab computers and monitor things such as diskspace, network connectivity, logins, etc.
After a set interval, it will report the statistics to a Database. In order to connect to the DB, I currently have the application user's name and password stored in the connection string, which can be found in the config file.
What's the best way to secure this, such that regular users cannot access it? We do a similar thing here with our webapps using the Web.config, and we have IIS setup such that people can't browse into the directory and read it.
Is there a best practice to securing a config file stored locally on each machine for a windows service?
Use the same method that you would use for web.config
1- Go to the windows service folder, where configuration file is located
2- Rename the config file to web.config (back it up first)
3- Execute:
c:\Windows\Microsoft.NET\Framework64\[the asp versino]\aspnet_regiis.exe -pef "[name of the config file to encrypt]" .
4- Rename the web.config back to the original name
More info here
https://msdn.microsoft.com/en-us/library/zhhddkxy.aspx
Related
I am running PHP 5 and MySQL with Apache 2 in my Windows 7 PC. Everything (in localhost) is working fine and the localhost is defined in port 80 (It works!). But I would like to password protect (or lock) and hide server folder including htdocs. I mean, I don't want want another user to access the server folder and files. I know that I can remove installation information from add/remove programs menu by removing registry entries (hope it won't affect the server framework). But how can I prevent the users from accessing the server folder? The server folder is a master folder, in which I installed Apache, PHP and MySQL. I made it in C: drive(to ensure security). I want to lock the master folder (password protected). Only I should have the access to them (my friends use my PC). But the content (localhost) should be delivered (I mean the pages should come, along with PHP and MySQL) for everyone. Only a single user account is there (Admin).
How can I lock and hide my folder while running server silent/hidden. Is this possible with or without any software?
http://www.devside.net/articles/windows/password
http://www.brandx.net/support/buildingwebsites/passwords.shtml
http://www.thesitewizard.com/apache/password-protect-directory.shtml
Implement User/Password-protected Directories for Apache Server
I need to use nodejs to write file to a password protected shared folder on a remote machine running Windows server 2008 r2, how can I do impersonation things within nodejs like .net app does?
Thx in advance!!!
PS:
Sorry for the unclear description. The folder is set to shared across the internal network on the remote windows server system, the folder is set to "readonly" for the windows account explicitly created by the admin. The nodejs server is on the same internal network and need to access the remote shared folder, thus I think nodejs need to impersonate the windows account on the remote machine to read contents from the shared folder. My question is how to do the sorry for the unclear description. The folder is set to shared across the internal network on the remote windows server system, the folder is set to "readonly" for the windows account explicitly created by the admin. The nodejs server is on the same internal network and need to access the remote shared folder, thus I think nodejs need to impersonate the windows account on the remote machine to read contents from the shared folder. My question is how to do the impersonation stuff for nodejs?
Late to the party - but since there is no accepted answer...
You'll need to launch your node process using the account that has access to the network share. How this is done differs based on your setup. For example, if you're runnning node on a lLinux server trying to connect to the remote Windows server, then it's not going to be straightforward with node.
However; if you're running node on a Windows server, trying to connect to a remote share on another Windows server (which is what it sounds like your situation probably is). Again, you'll have to run your node script as a user with access to the remote share. If you need to do it from code, I'd suggest taking a look at my module node-windows. It doesn't provide remote share access specifically, but it will allow you to run command line code with a different account from within your node script.
I am familiar with Linux, less with IIS. I have been using Linux/Apache to share user directories for a while set up like this:
/home/user1/public_html
/home/user2/public_html
etc.
...and users can type in a URL to view their public files at:
http://www.mycompany.com/~user1/
http://www.mycompany.com/~user2/
etc.
Combined with SMB sharing and drive mapping on client windows boxes makes it very convenient for corporate users to drop files into a publicly available folder temporarily for someone else to download. They just email the other person the URL.
Searching the internet for "IIS public folders" and variants, yields OWA and Exchange results which I don't want. What is the proper terminology for this setup in Windows/IIS? How do you do it in Windows for all domain users?
In IIS you have to create a virtual directory for each user. IIS does not have an equivalent of the Apache UserDir directive. That's because IIS does not have a concept of users (in the sense of a subscriber to a webserver host).
Of course you could roll your own definition of who users are in IIS. In IIS 7, things like virtual directories are stored in an XML file ApplicationHost.config. You can either create the virtual directories manually via the ISS console, or programmatically via the ApplicationHost.config file.
Reference:
(1) http://www.advancedinstaller.com/user-guide/tutorial-iis.html#virtual-directory
(2) http://httpd.apache.org/docs/2.0/mod/mod_userdir.html#userdir
(3) http://learn.iis.net/page.aspx/124/introduction-to-applicationhostconfig/
What exactly do I need from a host for my webmatrix project to work? I know Scott Hanselman from Microsoft gave out a few nice host sites but I was just wondering for fun.
In order to publish to a host from WebMatrix using Web Deploy, the host needs to be in a compliant state. First of all, it has to run WebDeploy and the remote service WMSvc has to be in a desired state (enabled and started). Delegation rules have to be set up, so that the user has permissions and the right scope to deploy various components like IIS application, database, ACLs, etc. In order to check whether a host is WebMatrix-friendly, ServerValidator tool can be used (see the article for a full list of host requirements).
If you want to publish to a host though FTP, all you need to ensure is that FTP publishing is enabled on the host.
Hope this helps.
You can use any .Net 4.0 host, but you'll need to copy a bunch of DLL files to yuor bin folder.
The exact files required depend on what libraries your site uses.
At a minimum, you'll probably need
Microsoft.Web.Infrastructure.dll
Microsoft.Web.Helpers.dll
System.Web.Helpers.dll
System.Web.Razor.dll
System.Web.WebPages.dll
System.Web.WebPages.Deployment.dll
System.Web.WebPages.Razor.dll
WebMatrix.Data.dll
WebMatrix.WebData.dll
These can be found in Program Files\Microsoft ASP.Net.
If it still doesn't work, copy any additional files from FileNotFound errors.
To publish your website from WebMatrix - your hosting provider must support one of the two publishing technologies - FTP and/or WebDeploy.
In case of FTP, you would need to manually enter the following ftp settings: FTP Server, username, password and destination url. Optionally you can also specify the site path
In case of WebDeploy, you could just get the publishsettings file for your host and import the settings. Else, you can also manually enter these settings.
I'd developed a WCF Service using netTCPBinding and embedded it in a Windows Service.
The configuration data of wcf is located in standart app.config file.
After that i had created an installation project and include my code (wcf in widows service) there. So I have the setup.exe file to install my windows service with wcf on board.
I've installed the windows service to my local drive (C:\Programs Files...\Service) and started it using the services page (pane) of my OS.
It works fine.
The app.config file was copied to the local drive and located across the same folder (C:\Programs Files...\Service).
One day i've tried to change the part of my endpoint address (PORT) in app.config (C:\Program Files...\app.config) and restarted the service using an appropriate page of services (services.msc) in windows.
I thought that the service would be working on another port (I've setted in app.config) but i was wrong. The service continued working on the previous PORT. As I've understood, it continued working using the copy of starting version of app.config. It stores the copy of this file in another path.
I need the ability to change the app.config file and get the updated windows service after it's restarting.
I am going to let my users set the specified port number where the developed wcf service will listening to.
Where am I wrong? Could you help me to find the solution of my problem?
Thank you for your help.
At the risk of stating the obvious...
How literally do you mean that you changed a file called app.config? Do you mean that you changed the file called [exename].exe.config? 'Coz if you changed a file called "app.config" in the installed-to folder, that file won't have any effect. You need to make the change in the file called [exename].exe.config.
--Shawn.