I have an ASP.NET MVC3 C# .NET Application running on IIS 7.5.
We have a Windows NT service account we Impersonate in our code in order to read/write documents to a file share. The user id is compiled in the code and the service account password is stored in the web.config file.
The password contains an ampersand character (i.e.: p&ssword).
This broke the site. When accessing the site we received this error :”Sorry, an error occurred while processing your request”.
Here is the code that uses the password:
var password = ConfigurationManager.AppSettings.Get(Common.SVC_PWD);
bool isSuccess = LogonUser(
@"my_svc_acct",
"my.domain.net",
password,
LOGON32_LOGON_NEW_CREDENTIALS,
LOGON32_PROVIDER_DEFAULT, ref token
);
Why would this cause the site to break?
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
I suspect that you didn’t encode the password properly in the web.config file. Remember that web.config is a XML file, so entities must be encoded.
Instead of
my&password
try
my&password
You can use sites such as FreeFormatter.com to escape/unescape XML strings.
Method 2
You will need to put the encoded value in the web.config. It will read it out properly once you pull it but in the config file itself it needs to be encoded.
eg:
Password: your&password (what you expect)
Encoded version: your&password (what should be stored in your web.config)
Your wrapper method that reads out the value should unencode it automatically to your&password.
You will need to do this for all ‘special’ characters:
< = < > = > " = " ' = ' & = &
Method 3
store the password in the web.config using CDATA
replace the password with this
<![CDATA[MyPassw&rd]]>
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0