Share via

App Config File and Modify permission

Lee, Dana 1 Reputation point
2020-08-05T09:17:52.897+00:00

Hi, I'd like to get some advice for App config file and permission to modify.

Currently, we are using SQlite DB and .NET for client application on Windows OS.
We are trying to set access password on database, and tested to use RsaProtectedConfigurationProvider class on .NET.
There will be exe (application), application configuration file, and database.
15793-image.png

And the process will be
(1) The password is encrypted on the application file by the .NET class.
(2) When the application opens database, it calls the password on config file.
(3) The password is decrypted by .NET and app receive the PW.

The problem is when the DB gets the password, it requires admin permission(on OS) to modify the config file at some point.
Could you please advice if there is a way to control the permission to modify the config file?

I am not a developer, so may not provided enough info. Please leave comment if any detailed information requied.

Thank you!

Not Monitored
Not Monitored
Tag not monitored by Microsoft.
39,702 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. KalyanChanumolu-MSFT 8,336 Reputation points
    2020-08-06T12:13:42.277+00:00

    @Lee, Dana Thank you for reaching out

    When you say "the DB gets the password", is there is a functionality in the application that allows users to change the database password?
    And this password needs to be updated in the config file?

    You shouldn't require admin permissions to modify the file unless it is in a protected location like Windows directory or "Program Files".
    Please consider installing the application to the users AppData folder instead. You should be able to write to the file without any issues.

    --

    If an answer is helpful, please "Accept answer" and "Up-Vote" for the same which might be beneficial to other community members reading this thread.

    0 comments
  2. Lee, Dana 1 Reputation point
    2020-08-14T07:27:54.643+00:00

    Hi! Thank you for the answer.

    DB password is not changed by users.
    It requires admin privilege when running the exe.
    I think it is because of Machine-level RSA key container.

    As machine-level has been used as default,
    it requires admin permission to decrypt the password on the config file.

    Machine-level : It requires admin permission to encrypt and decrypt the password on app.config file encrypted by RsaProtectedConfigurationProvider.
    User-Level : It doesn't require admin permission as the container is searched under the path C:\Documents and Settings[user name]\Application Data\Microsoft\Crypto\RSA.

    Please advise my understanding is correct.

    Thank you.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.