Adding encrypted security to the impersonation account
To increase the level of security of the impersonation account created during installation, you can encrypt the ID and password of the account.
The default impersonation account is stored in clear text in the web.config file, which is located in the installation directory. By default the directory is:
You can use the Microsoft ASP.NET utility to encrypt the ID and password and store them in the registry under a secure key. See the following web site to download the tool and instructions for using the utility. For details, go to:
and search for “How to use the ASP.NET utility to encrypt credentials and session state connection strings”.
You must make the following modifications to the instructions:
1 Under “Use encrypted attributes in the configuration file”, perform these changes to the steps:
Step 1. Complete the following at the end of Step 1. After starting the Reged32.exe Microsoft Windows Registry program, search for the key and property created.
Step 2. Replace the current instructions with the following.
Note the key path and properties, then for example on MS Windows Server 2008R2 the entries you add to your web.config are for example:
Reload the SAXT starting page again in your browser.
2 Continue with the steps under “Use Regedt32.exe to grant permissions for the ASP.NET account on these registry keys”.
If an “Error reading configuration information from the registry” message is displayed, you must give the correct account that is accessing the registry “Read” permissions on the key, for example; ASPNET or ISS_USERS. In the Regedt32.exe Microsoft Windows Registry program, complete the following steps.
3 Right click the key, and then click Permissions.
4 In Security, click Add.
For additional information if prompted to enter the impersonator user name and password, see: