I’m currently hosting a web application written in VB.NET 4. the app uses impersonation

Question

0

Asked: May 26, 20262026-05-26T08:47:03+00:00 2026-05-26T08:47:03+00:00

I’m currently hosting a web application written in VB.NET 4. the app uses impersonation

0

I’m currently hosting a web application written in VB.NET 4. the app uses impersonation which stores a username and password in the web.config. My problem is when the impersonate account is locked (which takes down the site), the site displays an error page with a stack trace revealing the username and password in clear text.

Custom error messages are set to off so I’m not sure why this is happening. I don’t have the option of encrypting this portion of the web.config because we have a staging server that replicates to the production server, and the encryption keys are different on each server.

Entry in the web.config that is being displayed:

<identity impersonate="true" userName="test\myservice.account" password="123"/>
<machineKey validationKey="11111111" decryptionKey="222222222" validation="SHA1"/>

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-26T08:47:04+00:00

Editorial Team

2026-05-26T08:47:04+00:00Added an answer on May 26, 2026 at 8:47 am

You stated that custom errors mode is off, which means you’ll see web.config output. Set custom errors to true, specify the error page, and then you shouldn’t see web.config output.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’m currently hosting a web application written in VB.NET 4. the app uses impersonation

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply