ASPNET_SETREG does not care about your password–Or DOES IT

If you are developing an ASP.NET application and required to have the password placed in the configuration file then you have seen this condition. The thing is that usually we would want to put the password encrypted and one way that existed since ASP.NET 1.1 is the placement of the password in the registry with encryption with the tool aspnet_setreg and then refer to the password as a registry key in the configuration file. I used this before and had no problems with it. BUT today I was faced with the weirdest issue I could ever think of. The thing is that I used this on an environment and it kept giving me that the user or password are not valid although I was using the local machine administrator. I banged my head to the wall several times until I tried to change the user password and it worked.

So I traced the error and found that the problem happens if the password has a " (double quote) in it Surprised smile

So bottom line do not use the double quotes in your password if you intend to use an encrypted version of this password.

Comments (0)