Ive been asked to fix a security issue for a webbapplication. The issue is

Question

0

Asked: May 27, 20262026-05-27T04:51:32+00:00 2026-05-27T04:51:32+00:00

Ive been asked to fix a security issue for a webbapplication. The issue is

0

Ive been asked to fix a security issue for a webbapplication. The issue is that the webbapplication uses impersonation in the web config to log on to a domain. If the password is incorrect an exception is throwned in wich the web config credentials is shown on the screen.

Its not clear why the webbapp logs into the domain, but i need to

Make sure the credentials info is not shown in the exception.
Get the password from a database instead of storing it in web config.
Keep the impersonation function intact.

< system.web>

< identity impersonate=”true” userName=”Domain\AdminUser” password=”1234ABCD”>

< /system.web>

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-27T04:51:32+00:00

Editorial Team

2026-05-27T04:51:32+00:00Added an answer on May 27, 2026 at 4:51 am

You could encrypt your web.config file and impersonate using web.config credentials in code to control the exception handling.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Ive been asked to fix a security issue for a webbapplication. The issue is

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply