Recently I got chance to work with security audit team for my web application, and one suggestion I got from them is to encrypt connection strings section in web.config. I thought it involves lot of coding changes, and I was not aware of ASP.Net utility which will help to encrypt and decrypt the connection strings or appsettings sections of the web application. There is no extra coding required to use this feature. You can encrypt /decrypt the connection strings / appsettings using the ASPNET_REGIIS utility. You can find this utility in your Framework folder, normally in C:\Windows\Microsoft.NET\Framework\[Version]. Or you can invoke this from Visual Studio Command Prompt.
Encrypt the connection string
aspnet_regiis -pe ConnectionString –app "/docs"
where –pe is the parameter used to encrypt the section. Connection string is the section, if you want to encrypt AppSettings, use appsettings instead of Connectionstrings. And the –app parameter is used to specify the application (it must be virtual path and need to start with “/”), if –app parameter is not specified it will encrypt the Root web.config. If the application is in File System, you need to specify –pef and Physical location as the parameter.
aspnet_regiis -pef ConnectionString –app "D:\MyWebApp"
Decrypt the connection string
It is almost same as Encryption, only difference is instead of –pe use –pd. And in the case of –pef use –pdf.
aspnet_regiis -pd ConnectionString –app "/docs"
and
aspnet_regiis -pdf ConnectionString –app "D:\MyWebApp"
You can also specify the Provider for Encryption too. Use –prov parameter for providing custom provider (You can create your own provider, for this you need to inherit from ProtectedConfigurationProvider class). By default it will be RsaProtectedConfigurationProvider.
Screenshots – Before and After encrypting the app settings.
Before Encryption
After Encryption
As I am working in a Windows Application, client asked about the Windows 7 and Windows Vista compatibility. As I was writing only managed code I was not worried about the compatibility and most of the time it was working fine. (I was using Windows Vista). Today evening one of my colleague was testing the application on his Windows 7 machine, the application was crashing 
After initial diagnostics I was able to find the solution, it was because of Tracing. I was using TextWriterTraceListener,from System.Diagnostics namespace, and the File was created in the application path.Because he installed the application in C:\Program Files\AppFolder, Windows was denied access to write the File. The easily solution was, Right Click on the Application, Select RUNAS option, select Administrator. The other solution was writing the Log File in some temporary location, and use it. Then I found some nice feature in .Net called Isolated Storage. It is helpful to Run your application by less privileged users. With these stores, you can read and write data that less trusted code cannot access and prevent the exposure of sensitive information that can be saved elsewhere on the file system. Data is stored in compartments that are isolated by the current user and by the assembly in which the code exists. Additionally, data can be isolated by domain. Roaming profiles can be used in conjunction with isolated storage so isolated stores will travel with the user’s profile.
We can access the Isolated Storage related classes from System.IO.IsolatedStorage namespace.
//Getting the User scoped Store corresponding to the calling codes assembly identity.
//IsolatedStorageFile class provides basic functionality to create files or folders.
IsolatedStorageFile isolatedStorageFile = IsolatedStorageFile.GetUserStoreForAssembly();
//Checking whether Directory Exists. Directory.Exists will not work. Also do some wildcard
//search like "dotnet*" or "dotnet?"
string[] directories = isolatedStorageFile.GetDirectoryNames("dotnetthoughts");
//Creating the directory if it is not exists.
if (directories.Length == 0)
{
isolatedStorageFile.CreateDirectory("dotnetthoughts");
}
//IsolatedStorageFileStream encapsulates stream, used to create files
IsolatedStorageFileStream isolatedStorageFileStream =
new IsolatedStorageFileStream(@"dotnetthoughts\\System.log",
FileMode.OpenOrCreate, isolatedStorageFile);
//Writing the content to IsolatedStorage.
using (StreamWriter streamWriter = new StreamWriter(isolatedStorageFileStream))
{
streamWriter.WriteLine("Hello Isolated Storage");
}
//Reading the contents from Isolated storage – If you try to read like this it will throw //exception.(Stream is not Readable)
using (StreamReader streamReader = new StreamReader(isolatedStorageFileStream))
{
MessageBox.Show(streamReader.ReadToEnd());
}
isolatedStorageFileStream.Close();
isolatedStorageFile.Close();
There is some permission attributes too, which is used to grant code to access IsolatedStorage.
[IsolatedStorageFilePermission(SecurityAction.Demand)]
static class Program
{
//Code
}
The IsolatedStorage can be used in Silverlight assemblies too, which will helps to access local file system from Silverlight.
Normally when we are writing to the File Systems or I/O devices, Windows will cache the request or response to get better performance. This behavior is a good feature, but sometimes we require immediate change. By caching Windows sometimes mislead us. And I don’t think there is a way to avoid this option available in Windows. In my current project I got a chance to explore / work on this, but I need to avoid this caching. 
I checked various options with File class and Stream class but there was no option available to avoid Caching. Later our VC++ developer gives me some code, which in WIN32 API, which will avoid caching. It was using “CreateFile()” method in Kernal32.dll with FILE_FLAG_NO_BUFFERING option. Then I was able to create same in C# code base on the input using PInvoke. But I have to find a managed code, with that we can write / read stream without caching. Later I found FileStream class, which supporting both synchronous and asynchronous read and write operations. But it also doesn’t have a NonCahce file option. Then I tried FileStream class with FILE_FLAG_NO_BUFFERING option. And it worked 
const FileOptions FILE_FLAG_NO_BUFFERING = (FileOptions) 0x20000000;
using(FileStream fs = new FileStream("Path",FileMode.OpenOrCreate, FileAccess.ReadWrite, FileShare.None, 1024, FileOptions.WriteThrough | FILE_FLAG_NO_BUFFERING))
{
fs.Write("HelloWorld");
}
This FileStream class also got a nice option, FileOptions.DeleteOnClose, if you are creating a File with this option enabled, it will delete the File after you close the FileStream. This can be used for creating real temporary files.
string TempFile = Path.GetTempFileName();
using(FileStream fs = new FileStream(TempFile, FileMode.OpenOrCreate, FileAccess.ReadWrite, FileShare.None, 1024, FileOptions.DeleteOnClose))
{
fs.Write("HelloWorld");
} //Deletes the File.
I think this FileStream class is available from .Net 2.0 Framework onwards.
One of colleague once asked a question to me, like what is the risk by distributing the windows application without obfuscating it. The only problem I found is user can use some tools like .Net Reflector and explore our assemblies. But few days before I found some nice .Net Framework tools, ildasm.exe and ilasm.exe, IL Disassembler and IL Assembler respectively. These tools are available with .Net Framework SDKs. These tools can used to generate IL code for .Net assemblies and re-create assemblies from IL code. You can achieve it in code via .Net Reflection.Emit namespace. (In Community Techdays @ Cochin, one session is on Reflection.Emit. Don’t miss it.) As it is a vast topic I am only explaining basics
Generate IL code using ILDASM.exe
- First create a HelloWorld.cs and compile it to HelloWorld.exe
using System;
public class HelloWorld
{
static int Main(string[] args)
{
Console.WriteLine("Hello World");
return(0);
}
}
- Use
csc.exeto compile the cs file to exe. – csc HelloWorld.cs
- Use
ildasm.exe HelloWorld.Exe to view the IL Code. You can find ILDASM in the Microsoft .Net SDK Path
ILDASM - Exploring HelloWorld.exe
- To generate the IL code use Select Dump option from File Menu or Press Ctrl+D. It will asks for a location to save the IL code.
IL Code Generated
- Use any Editor to modify the IL code. You can find all the string values ( “Hello World” in this example ) as it is in the IL code. Modify it.( I am modifying it as “Hello World from IL Code”).
IL Code - Notepad
So we created the IL code and modified.
Generate Assembly from IL code using ILASM.exe
- Invoke the ILASM.exe with IL file as the parameter.
ilasm helloworld_il.il
- It will show some details about assembling the IL code to assembly. And if the operation is successful you will get an exe in the location with HelloWorld_IL.exe.
Assembling the IL code to EXE
- If you invoke the exe from command prompt it will display the modified string instead of Hello World.(In this example “Hello World from IL Code”).
You can do more if you know how IL works. Happy IL Programming
Few days before one of my colleague twitted a link about GodMode in Windows 7. I just visited the link and I found it is kind of Easter egg from Microsoft, which gives a list of Program tasks like control panel. The website is also mentioned like it is also available in Windows Vista, but Microsoft is not recommended it in x64 machines. As I am working as part of some Windows application development team, I am using Windows Vista as my dev OS. So I thought of exploring God Mode in Windows Vista.
To enable GodMode, just right click, Select New, Select Folder. Then type “GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}“. Now the Icon will change, and it will become similar to control panel Icon. And on double clicking you can able to see lot of options (in my Windows 7 machine it is giving 279 items). I just created one folder and renamed it. Wow the Icon changed.
Godmode in Window 7
After that I double clicked it. Windows Explorer crashed I was using x86 machine, and my Explorer crashed. But I started explorer again using Task Manager. Then I right clicked and select the Explore option. Yes there is an explore option available in Windows Vista, but it is not available in Windows 7. Then the explorer crashed again expected. So I thought I will stop exploring God Mode in Windows Vista, but the sad thing is when ever I start explorer using Task Manager, it is crashing.
Then I searched about how to fix this issue, but no one is reported the problem with x86 machines. Based on most of the solutions provided, I deleted this folder using Command line(cmd.exe). Restarted, still the problem exists. Then again I searched, later I found a solution to delete some registry key. I tried it, restarted it and it worked.
Solutions to Fix God mode problems in Windows Vista
- Delete the God mode directory using CMD tool. Go to the location where you created the God Mode directory, use RmDir Godmode.{ED7BA470-8E54-465E-825C-99712043E01C} to delete it. Restart the machine. Normally it will fix the issue.
- If your explorer still crashing, Open RegEdit, Search for {ED7BA470-8E54-465E-825C-99712043E01C}. And delete all instances *. I found only one instance in my Windows Vista machine. Restart. It fix the issue.
Thanks to Jayan for giving me link to GodMode
* Changes made to the Windows registry happen immediately, and no backup is automatically made. Do not edit the Windows registry unless you are confident about doing so.
