How to find SQL credentials from a .Net binary? - sql

I have an .Net application named "abcd.EXE" with a "abcd.exe.config" file beside it.
Content of config file is:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<appSettings>
<add key="SqlPath" value="data source=192.168.1.1\companyname;connection timeout=120;integrated security=SSPI;persist security info=False;workstation id=SOMETHING;packet size=4096;initial catalog=" />
</appSettings>
< /configuration>
I can decompile EXE file with reflector.
How should I find the connection password?
Regards

integrated security=SSPI
Luckly the program authors used a proper authentication strategy and did not embed passwords in the program or config file. Integrated authentication means the program will connect using the credentials of the principal running the process.

The connection string uses the integrated security=SSPI
the value can be true/false/yes/no or SSPI (the Security Support Provider Interface).
When SSPI is used it is equal to true!
false: User ID and Password are specified in the connection.
true: the current Windows account credentials are used for authentication.
more info: SqlConnection.ConnectionString Property

Related

Clickonce application deployment, hiding password in app.config

I have an application that i deploy to a client. In the config file there is a username/password that connects to a database. This config file gets stored in their local directory on their computer. I don't want them to see the password. How can i exclude the config to be installed on their machine or does it have to be there. and if so, how can I hide the password using encryption? thanks
You can encrypt, for example, the connection strings in your app.config file.
An example of an encrypted section from the MSDN documentation:
<connectionStrings configProtectionProvider="DataProtectionConfigurationProvider">
<EncryptedData>
<CipherData>
<CipherValue>AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAH2...</CipherValue>
</CipherData>
</EncryptedData>
</connectionStrings>

.NET 4.0 Medium Trust Level and MYSQL connection

I have a problem and I think a proper answer will help a lot of people which is having same problem.Because it is a common and not well answered problem.
The problem is about "Medium trust level" configuration in IIS.A few months ago I coded my website with "Full trust level" configuration on my local machine and when I uploaded it to host that was working fine.
But my hosting company have a new rule about trust level,now they only allows "Medium trust level".
My web page doesn't work now.I tried to adapt my website but I have no idea how to do that.And that's sure a lot of people don't know either..
So I will tell what I have done so far, can you help me?
First I tried to changed my local configuration by going here,
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config
and opened my webconfig file,and changed
<trust level="Full" originUrl="" />
to
<trust level="Medium" originUrl="" />
After that just for testing I created a new website with ASP Default template.It was working.Then I add Mysql.dll as references to connect to Mysql database.But it throwed Security Exception with that stack:
[SecurityException: Request for the permission of type
'System.Security.Permissions.SecurityPermission, mscorlib,
Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'
failed.] MySql.Data.MySqlClient.MySqlTrace..cctor() +0
So what now? Can't we connect to mysql database anymore? Or is there a solution?I never changed my webconfig file in website project folder do I need to change something here?
Please help me guys?
Hi everyone I finnally find solution to my problem, so I will try to help that people having same problem.Partial trust and Medium Trust level are same thing note that out.
My first step at the question is absolutely necessary.Don't forget to change your trust level to "Medium". After that you need to get right .Net Connector version from
The Oficial Website
Be careful to choose version that your hosting provider using. For example my Hosting company is using Mysql Connector Net 6.5.4
Secondly you need to configure your projects webconfig file that will use your .dll files and get the necessary permisson under Medium Trust Level.
You need to add under your <configuration> something like this;
<mscorlib>
<security>
<policy>
<PolicyLevel version="1">
<SecurityClasses>
<SecurityClass Name="MySqlClientPermission" Description="MySql.Data.MySqlClient.MySqlClientPermission, MySql.Data, Version=6.6.4.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d"/>
</SecurityClasses>
</PolicyLevel>
</policy>
</security>
</mscorlib>
And if your system doesn't add it automatically under your <system.web> you need to add;
<assemblies>
<add assembly="MySql.Data, Version=6.5.4.0, Culture=neutral, PublicKeyToken=C5687FC88969C44D"/>
<add assembly="MySql.Data.Entity, Version=6.5.4.0, Culture=neutral, PublicKeyToken=C5687FC88969C44D"/>
<add assembly="MySql.Web, Version=6.5.4.0, Culture=neutral, PublicKeyToken=C5687FC88969C44D"/>
</assemblies>
Sometimes this steps may not be enough and you need to edit your web_mediumtrust.config under the
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config
You need to add this lines under the
<SecurityClasses>
<securityclass Name="MySqlClientPermission" Description="MySql.Data.MySqlClient.MySqlClientPermission, MySql.Data, Version=6.5.4.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" />
and
<NamedPermissionSets>
<iPermission class = "MysqlClientPermission" version = "1">
<add connectionString = "Server =; Database =;" restrictions = "User =; User Id =; Password =; Port =; Pooling =;" KeyRestrictionBehavior = "(Prevent Usage | Allow Only)" />
</iPermission>
Be careful about version you are using dont forget to change lines according to that. If still you can't figure that out there is a pretty useful link for you
Trust Level Under the Partial Trust
Here is how I solved a similar issue with trying to get MySql to work in a medium trust environment.
We tried everything to the ‘book’ and simply could not get it to work!
Turns out the MySql connecter version is the key. Ask you web hosting company what version of the MySqlClient they have installed on their server in GAC.
(GAC simply means the library is installed on the server so that it can be referenced directly and without you having to upload the MySql.Data.dll to your bin folder. The latest installable version is available here: http://dev.mysql.com/downloads/connector/net/).
Once the driver is installed on the server in GAC you just need to reference it in your web.config like this, but replace Version=6.6.5.0 with your web hosting companies version:
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="MySql.Data, Version=6.6.5.0, Culture=neutral, PublicKeyToken=C5687FC88969C44D"/>
</assemblies>
</compilation>

Add user credentials to access server drive path from winforms in app.config vb.net

I want to create upload file to the server drive c.
But there is user credentials require to access the server file path.
So i use this code in app.config
<configuration>
....
<appSettings>
<add key="DocumentVault" value="\\10.100.100.10\C$\SomePath\SomeWhere\Else\"/>
</appSettings>
....
</configuration>
How to add the user credentials inside?

worklight http adapter and NTLM authentication

i'm trying to implement NTLM authentication in a Worklight HTTP Adapter in order to connect to M$ back-end servers, such as Sharepoint Web services.
i've set-up my adapter.xml file with <ntlm>.
The adapter.xml structure first version was:
<authentication>
<ntlm />
<serverIdentity>
<username>user</username>
<password>password</password>
</serverIdentity>
</authentication>
My tests are done locally with Worklight studio, i get the following issues:
1) error when invocating WL procedure:
Procedure invocation failed:Could not resolve placeholder 'local.hostname'
where do i have to put this 'local.hostname' setting?
2) i tried to specifiy the hostname property of ntlm tag as given in documentation (IBM infocenter), WL Studio says that the xml is bad formed.
<authentication>
<ntlm hostname="myComputer.intranet.com"/>
<serverIdentity>
<username>user</username>
<password>password</password>
</serverIdentity>
</authentication>
Where "myComputer.intranet.com" is my computer's name within my corporate network.
Attribute 'hostname' is not allowed to appear in element 'ntlm'
Response from IBM Service Request:
The username used to authenticate with NTLM-enabled back-end system must be left padded with the windows domain name followed by a \, and the username.
<serverIdentity>
<username>domain\user</username>
<password>password</password>
</serverIdentity>
This works with hard-coded serverIdentity feature.
Due to security governance in my company, there can't be "generic" server identity. So i have to forward the end users' credentials to back-end systems to authenticate.
How to do this with Worklight authentication mecanisms (adapter-based for instance), where can i set the domain for my username?
Can i mix several kinds of security realms depending on adapters?

(407) Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied. )

I am getting an error when my application tries to communicate with a web service
(407) Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied. )
I saw a few topics but I could not understand. I am using VB.net
As the error says, your proxy server is preventing access to the service. You can either write some code to ask the user for credentials for the proxy, or (easier) you can put the following in your applications app.config:
<system.net>
<defaultProxy useDefaultCredentials="true"/>
<system.net>
There are other settings if you have more complex requirements. Try here for guidance
http://msdn.microsoft.com/en-us/library/09361bca
Your app.config file should look like this:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.net>
<defaultProxy useDefaultCredentials="true" />
</system.net>
</configuration>
I think the error referring to TraceUtility is unrelated - different problem.