Click here to Skip to main content
Click here to Skip to main content
Search within:



 
Comments & Discussions (33)

Encrypt Your Web.config, Please

By , 16 Jul 2009
 

Introduction

If you follow me on Twitter, you may notice me talk about #BadVendor from time to time. Actually, they were recently upgraded to #EpicFailVendor when I discovered they weren’t cleaning strings before passing them into SQL queries. Needless to say, everyday has been a little more shocking than the next.

For the most part, all of these systems are things I can’t make changes to — either it’s compiled code, or I just don’t have the authority to go in and make the fixes, but there is something that I can do — encrypt their web.config files.

Making Encrypting Easier

Encrypting normally involves logging onto the server in question, locating a few mildly obscure pieces of information, and then running aspnet_regiis. It’s not that hard but it isn’t point and click easy as well.

I wanted to make it easier to update these files without needing to locate all the information each time, so I wrote a little application to make the whole process a bit easier. The utility uses credentials you supply to log into your servers via WMI and locate the required information and then encrypt your files without needing to pull up a command prompt.

I’m not really a WinForms guy and WMI is certainly not my specialty, but this program came together pretty quickly and seems to be fairly decent. It’s certainly not bug free and could use a round of refactoring to make it nicer, so any feedback is appreciated.

How It Works

The first step is to provide your credentials to the server you want to log into. If you choose to run the tool on the actual server itself, then you can leave all those fields blank (since WMI won’t use them for local connections anyways). If you aren’t an admin for that server or at least have an account with some elevated credentials, then this may not work for you.

nkript.screen1

Once you successfully connect to the server, a list of the sites on the server will be loaded along with any virtual directories (since they could potentially contain a web.config file). At this point, you can simply browse around and find the web.config you’re wanting to encrypt.

nkript.screen2

It’s worth noting that if there aren’t any web.config (that name specifically) found inside the directory then it won’t be listed. If you happened to have something named web.temp.config then it won’t show up on this list.

At this point, the program is going to do a little painful WMI magic and connect out to your server and load the web.config file into the view. The config file will be parsed and all the root nodes will be listed as available to be encrypted.

nkript.screen3

There are apparently some rules about what can or cannot be encrypted, so if the actual aspnet_regiis call fails, you’ll just end up with the same file as before, but you don’t get an explicit message as to why (still trying to find out how I can access messages like that in a semi-reliable WMI fashion).

There isn’t much configuration for this application. The default settings are used to perform the encryption and decryption of the web.config files, so if you are wanting to add some features on, you are more than welcome to add them in. I’d love to hear about your changes so I can add them to this version.

2gmLEwHP/vZ/NYLeiTattLFnylc= *

It’s not hard to encrypt your web.config files and keep your sensitive information safe. The command line tool aspnet_regiis offers a lot of great functions to further protect your data. Hopefully, this tool allows you to get your work done even faster (that thing up there is SHA1.ComputeHash(”*I <3 Encryption") as Base64 string).

Now, if you’ll excuse me, I need to share this tool with #EpicFailVendor. I dunno about the rest of you, but enough is enough! I’ve had it with these monkey fighting vendors not encrypting their Monday to Friday web.configs!

Mandatory disclaimer: This program is certified as ‘Works On My Machine’ – The author makes no warranties about how it might behave in your environment (but most likely, you have nothing to worry about).

Downloads

Use these links for the latest versions:

License

This article, along with any associated source code and files, is licensed under The Creative Commons Attribution-ShareAlike 2.5 License

About the Author

 webdev_hb
United States United States
Member
No Biography provided

Article Top
 
Sign Up to vote   Poor Excellent
Add a reason or comment to your vote: x
Votes of 3 or less require a comment

Comments and Discussions

 
You must Sign In to use this message board.
Search this forum  
    Spacing  Noise  Layout  Per page   
First Prev Next
QuestionWhat to put in the domainmemberIdanShechter17 Feb '13 - 13:59 
What do I put in the domain section?
Sign In·View Thread·Permalink
GeneralMy vote of 5memberhypermellow6 Mar '12 - 1:31 
Thanks, it's a really usefull utility that makes light work of encrypting multiple servers and sites.
Sign In·View Thread·Permalink
GeneralMy vote of 5memberjfriedman3 Mar '12 - 10:48 
Straight to the point! Excellent wording and good examples. I love how the way the article is written in such a way as that it begs the reader to employ his own form of encryption and decryption in not so many words (IMHO). Perfect as perfect can be (IMHO).
Sign In·View Thread·Permalink
Generallogin.aspxmemberAjay Kale New27 Sep '10 - 0:05 
Hi,
 
in my application - when I traverse for sometime to various tabs - suddenly login,aspx page is displayed.
When I checked logs - but no debugger statement printed there..and no javascript alerts are seen.
 
So I verified web.config for timeout properties but couldnot find anything to be changed
 
&lt;authentication mode="Forms"&gt;
&lt;forms loginUrl="login.aspx" protection="All" timeout="600" slidingExpiration="true" &gt;
&lt;/forms&gt;
&lt;/authentication&gt;
 
and
 
&lt;sessionState mode="InProc" timeout="600" /&gt;
 

Thanks and regards,
- Ajay Kale
Sign In·View Thread·Permalink
Generalautomatic redirection to login.aspxmemberAjay Kale New10 Sep '10 - 4:21 
Hi
 
I have a query regarding redirection to Login page, which I am not being able to trace out.
 
When I click on any of the tab in my application (which internally loads a new aspx page) sometimes it
is redirected to Login.aspx, which is unexpected. Couldnot debug why this is happening even by javascript alerts and C# debugging statements.
 
Below is the view source piece from Login.aspx which is unexpectedly displayed,
just for clue
<form name="Form1" method="post" action="login.aspx?ReturnUrl=%2fAppName%2fClickedPage.aspx" id="Form1">
 

 
- we have put the logger statements and put alerts everywhere, but no trace...and can't say for sure whether request goes to server or not as no logg is availavle when login.aspx is displayed.
 
- <authorization>
<deny users="?"/>
 
</authorization>
 
-suddenly while traversing in the application it redirects to login.aspx including return url as stated earlier and also if we keep the application idle for 5-10 mins and clicks somewhere, still redirects....
 
- we have also AjaxPro.dll for async calls.
 
- when the login.aspx page is not closed then, below logger statements are seen after 5 mins
-public Global()
{
_log4netLogger.Debug("Global:Global");
InitializeComponent();
}
- catch of Session_End (because System.Web.HttpContext.Current.Application["userPool"]; is null)
- Application_End
 

Can you please help me...?
 
- Ajay K
Sign In·View Thread·Permalink
Generali agree encrypt the filememberDonsw21 Aug '09 - 17:04 
More people should encrypt it. I agree
 
cheers,
Donsw
My Recent Article : Backup of Data files - Full and Incremental
Sign In·View Thread·Permalink
Generalthe Namespace used here support only Win 2003 Server ? [modified]membervrajaraman27 Jul '09 - 20:36 
1.Any inputs for making it work for IIS 5.1 (Win XP SP3) and/or Windows 2008 Server?
2.Is there any limits executing this application from Win XP machine SP3,.Net 3.5 SP1 installed
connect to Windows 2003 and/or Windows 2008. Any special permissions required?
I could see Firewall should be turned off other than admin rights.
Is it a must to be in same Domain?
3.What about Virtualised Servers. in same machine?
 
Thank you,
Rajaraman
 
modified on Tuesday, July 28, 2009 5:17 AM
Sign In·View Thread·Permalink
GeneralRe: the Namespace used here support only Win 2003 Server ?memberwebdev_hb28 Jul '09 - 3:44 
Those are some great questions.
 
1. Not sure about IIS5 -- I'm actually not sure that it works with IIS7 now that you mention it. It uses WMI to connect and get the list of websites, so if the WMI is compatible then I anticipate it might work, but I'm not sure.
 
2. No special restrictions/requirements for running the app other than maybe .NET 3.* on the PC that runs it. The server needs to at least have .NET 2.0 installed. As far as permissions are concerned - you must use credentials that at least have enough access to communicate with the box and do the same process manually. I'm not positive, but a Power User might be sufficient.
 
3. I suppose it should work fine on virtual devices since it connects to the server by name/ip - not the physical box.
 
I hope that helps
Sign In·View Thread·Permalink
GeneralMy vote of 1memberGary Noter21 Jul '09 - 6:51 
The title of the Article is not to the point enough
 
One of these other titles should be chosen
 
- Encrypt Your web.config, fool!
- Before your job ends up in a crypt, Encrypt!
- Easy Brownie Points: Encrypt Your web.config!
 
My choice:
 
- Confused | :confused: This Article Not For Stupid Developers and/or Server Administrators D'Oh! | :doh: ~ Then, Again, Perhaps It Should Be! WTF | :WTF:
 
'nuff said.
 
(BTW: I actually voted 4 ... Thumbs Up | :thumbsup: Thumbs Up | :thumbsup: Thumbs Up | :thumbsup: Thumbs Up | :thumbsup: )
 
ASPX ~ Apple Simply Performs eXcellently
Sign In·View Thread·Permalink
GeneralRe: My vote of 1memberwebdev_hb21 Jul '09 - 7:20 
Laugh | :laugh: Very funny - I wonder what we would end up if we put it to a vote!
Sign In·View Thread·Permalink
QuestionHow about encrypting using RSA?membervrajaraman20 Jul '09 - 16:39 
And If So machine based, then it cannot be decrypted in any other machine.
If not any how they can decrypt this string? (64 Base string)
 
Please clarify.
 
Thanks for providing excellent tool to avoid re-inventing.
 
Rajaraman
Sign In·View Thread·Permalink
AnswerRe: How about encrypting using RSA?memberwebdev_hb20 Jul '09 - 17:05 
The WMI actually starts the process on the remote server for you so it shouldn't affect anything with the encryption. Is that what you were asking?
Sign In·View Thread·Permalink
GeneralRe: How about encrypting using RSA?membervrajaraman20 Jul '09 - 17:30 
I agree the aspnet_regiis runs remotely hence no issues. but since i did not find any thing about the Provider used for encryption, you use the "DAAPI" ?
 
Edited: I realise it used the default RSA only. Thanks for reply.
Sign In·View Thread·Permalink
GeneralRe: How about encrypting using RSA?memberwebdev_hb20 Jul '09 - 17:37 
In this tool I just used the default settings - I plan to add the rest of the options so you can have further control over your encryption.
Sign In·View Thread·Permalink
GeneralRe: How about encrypting using RSA?membervrajaraman20 Jul '09 - 17:41 
Yes, good.
 
Would you thing the following option is more protected?
 
1. Let us say we encrypt always in one machine.
2. Distribute to other machine. (Remember, Even the administrator of this machine may not be able to decrypt).
 
Reference: RSA Key Container exporting.
Sign In·View Thread·Permalink
GeneralRe: How about encrypting using RSA?memberwebdev_hb20 Jul '09 - 18:35 
I honestly couldn't say with any certainty, but I would mention the following...
 
- The 'key' files are saved to the 'All Users' folder on the server, however, the file locked down in such a way that only members of the local admin group can read the file.
 
- You can change the permissions on the file, but that removes some of the security.
 
- You can move the file, but I'm not sure that the ASP.net application will be able to find it when it is time to actually decrypt it.
 
- If there is a way to find it you will have to open a network share to another server that hosts the key -- but essentially, the file is still just as accessible as if it were sitting on the same server -- and even then, the server you are hosting it on now would have access to read the file which in turn further decreases it's security.
 
Some of these are just speculation on how it 'could work' -- I wouldn't take me as any sort of authority on this topic Smile | :)
Sign In·View Thread·Permalink
QuestionCouldn't read the filememberGregSawin20 Jul '09 - 9:11 
This sounds very impressive. Finally easy enough for even the laziest of us to encrypt web.config files. One problem though, I get a dialog box that says "Couldn't ever read the file." Using this program I can connect to a server and load up all the sites/vroots and see the web.config files but when I click on one of the web.config entries I get that message after awhile. After I hit ok I get a 2nd message that says "Failed to read file [Path to file here]"
Sign In·View Thread·Permalink
AnswerRe: Couldn't read the filememberwebdev_hb20 Jul '09 - 9:21 
Interesting - Are you running remotely or on the server itself? It sounds like you're trying to do it remotely.
 
In the post you notice that I mention 'painful' WMI magic -- in order to read a file using WMI you have to create a network share, read the file and then close up the network share.
 
It creates a share something like 'IIIWebConfigEncryptTempIII' -- Do you know if the account you are using is allowed to do that? or if maybe some security policies might be preventing it? Are you able to try it directly from the box (just so you can tell if it works or not)
 
I appreciate the feedback - I'm interested in improving this utility.
 
Thanks!
Sign In·View Thread·Permalink
GeneralRe: Couldn't read the filememberGregSawin20 Jul '09 - 9:34 
I'm connecting remotely, via a slow VPN connection if that makes a difference. The account info I'm typing into the connect screen is the local administrator account for that remote machine. I'm using a WinXP machine and the server I'm connecting to is Windows 2003. Which machine would the share be created on? I have local admin privileges to my WinXP machine as well. Both machines are on a domain, perhaps some Group Policy restrictions? They also have antivirus/firewall software that occasionally gets in the way.
 
By the way, when I run the program locally on that webserver it does work.
Sign In·View Thread·Permalink
GeneralRe: Couldn't read the filememberwebdev_hb20 Jul '09 - 10:02 
I have a time out of 60 (or maybe it was 30) seconds to get that completed.
 
The WMI process was slow even when on the same network and same building as the web servers, so a time out issue is possible, but it seems like it should be able to get it's work done in that time frame.
 
At the same time though, I'm assuming you're using the same credentials for remote and local, so it 'works' -- but just not in the alloted time, which means it could still be a timeout issue... ugh Smile | :)
 
If you don't mind trying one more test for me, could you try it remotely again, but examine if the network share is even created?
 
Thanks for checking this for me. I think in the meantime I'll change the setting to allow the user to set a timeout window so there is a little more time to work (in case it is needed)
Sign In·View Thread·Permalink
GeneralRe: Couldn't read the filememberGregSawin20 Jul '09 - 11:06 
I can't replicate it anymore, it's working fine now. Takes about 7sec to open a web.config. About half my office is still out to lunch so maybe the reduced network traffic allowed it to start working.
Sign In·View Thread·Permalink
GeneralRe: Couldn't read the filememberwebdev_hb20 Jul '09 - 11:14 
Well thanks for the feedback anyways - I may go back and refactor section to be a little more informative about what failed.
 
Thanks!
Sign In·View Thread·Permalink
GeneralMy vote of 1memberTawani Anyangwe17 Jul '09 - 2:17 
This article is pointless.
- Quote any high security site that uses an encrypted config file!
- If somebody has physical access to your config file/web server, you are as well doomed
Sign In·View Thread·Permalink
GeneralRe: My vote of 1 [modified]memberwebdev_hb17 Jul '09 - 6:09 
Interesting that you felt that required a vote of a 1 Smile | :)
 
Encrypting a web.config file isn't to defend against your server being compromised, but even if it were then I don't think you understand exactly how aspnet_regiis works. The keys are written and locked down so that only members of the Administrators group can even read it, any lesser privileged accounts still can't decrypt your web.config. Since typically website worker processes are running as NETWORK SERVICE, then unless you did something REALLY silly, your web.config should still be safe. Laugh | :laugh:
 
Even though that isn't bullet-proof security, think about this scenario -- You've have some junior developer right out of college working on a project that allows people to go out and download documents off your web server. He wants to send back the file as a download so he writes the bytes to the response stream and makes a change to the content-disposition and viola - freshly served documents all with a nice and neat little download dialog box.
 
But if your developer left a tiny little bug in the app and it was possible to download "../web.config" -- What would you prefer to be served up? Encrypted or unencrypted?
 
In my opinion, an encrypted web.config file is 100% better than no encryption at all. Logging onto the server and running aspnet_regiis was very inconvenient way to get this done - this tool was made just try and help people get it done without needing to invest a lot of time into it.
 
In any case, I appreciate your feedback - Thanks!
 
modified on Saturday, July 18, 2009 5:41 PM
Sign In·View Thread·Permalink
GeneralRe: My vote of 1memberGavin Harriss21 Jul '09 - 0:02 
Also handy for encrypting smtp, database, etc. connection details I guess. If one server is compromised it reduces the chance of another server being compromised.
 

Gavin Harriss
Portfolio: gavinharriss.com
Sign In·View Thread·Permalink
GeneralRe: My vote of 1memberXmen W.K.21 Jul '09 - 19:24 
webdev_hb wrote:
But if your developer left a tiny little bug in the app and it was possible to download "../web.config"

wait a minute, how's that happen ? would you like to give an example ?
 


TVMU^P[[IGIOQHG^JSH`A#@`RFJ\c^JPL>;"[,*/|+&WLEZGc`AFXc!L
%^]*IRXD#@GKCQ`R\^SF_WcHbORY87֦ʻ6ϣN8ȤBcRAV\Z^&SU~%CSWQ@#2
W_AD`EPABIKRDFVS)EVLQK)JKQUFK[M`UKs*$GwU#QDXBER@CBN%
R0~53%eYrd8mt^7Z6]iTF+(EWfJ9zaK-i’TV.C\y<pŠjxsg-b$f4ia>
-----------------------------------------------
128 bit encrypted signature, crack if you can
Sign In·View Thread·Permalink
GeneralRe: My vote of 1memberwebdev_hb21 Jul '09 - 19:51 
Sure - let's use MVC for an example - Let's pretend your junior developer wrote this code for downloading files.
 
public ActionResult GetFile(string name) {
    string path = this.Server.MapPath("~/Content/" + name);
    byte[] file = System.IO.File.ReadAllBytes(path);
    return this.File(file, "html/text");            
}
 
Seems like a reasonable example - To me this looks like safe enough code. So try this code out with a couple different values (you'll need to use file names that exist in your site you try this on of course)
 
/GetFile?name=FileInContentFolder.txt
 
Cool - no big deal? Works just fine -- but try this one...
 
/GetFile?name=../web.config
 
Ouch -- guess where your web.config just went... I've said it before -- encrypting your web.config is cheap insurance from mistakes like this.
Sign In·View Thread·Permalink
GeneralRe: My vote of 1memberXmen W.K.21 Jul '09 - 19:59 
okay thanks, so is there any other way to download web.config without code ? I mean I'm just a member of site and I'm allowed to upload files, move files, rename directories...so can I download ? I know it may sound bit silly but I just need to know because I've developed a files manager for my site and now this this scaring...
 


TVMU^P[[IGIOQHG^JSH`A#@`RFJ\c^JPL>;"[,*/|+&WLEZGc`AFXc!L
%^]*IRXD#@GKCQ`R\^SF_WcHbORY87֦ʻ6ϣN8ȤBcRAV\Z^&SU~%CSWQ@#2
W_AD`EPABIKRDFVS)EVLQK)JKQUFK[M`UKs*$GwU#QDXBER@CBN%
R0~53%eYrd8mt^7Z6]iTF+(EWfJ9zaK-i’TV.C\y<pŠjxsg-b$f4ia>
-----------------------------------------------
128 bit encrypted signature, crack if you can
Sign In·View Thread·Permalink
GeneralRe: My vote of 1memberIssa Qandil21 Jul '09 - 20:08 
And that was a good answer, Just in it's right place Smile | :)
Sign In·View Thread·Permalink
GeneralRe: My vote of 1memberwebdev_hb28 Jul '09 - 3:55 
Thanks!
Sign In·View Thread·Permalink
JokeRe: My vote of 1memberGary Noter28 Jul '09 - 5:46 
You asked:
 

TVMU^P[[IGIOQHG^JSH`A#@`RFJ\c^JPL>;"[,*/|+&WLEZGc`AFXc!L
%^]*IRXD#@GKCQ`R\^SF_WcHbORY87֦ʻ6ϣN8ȤBcRAV\Z^&SU~%CSWQ@#2
W_AD`EPABIKRDFVS)EVLQK)JKQUFK[M`UKs*$GwU#QDXBER@CBN%
R0~53%eYrd8mt^7Z6]iTF+(EWfJ9zaK-i’TV.C\y<pŠjxsg-b$f4ia>
 
-----------------------------------------------
128 bit encrypted signature, crack if you can
 
--------------------
Simple, your 128-bit encrypted signature decrypts to one of the following:

 
"You cracked the signature! Your prize is one bona-fide doggie bone treat." Laugh | :laugh:
 

"Did you hear the joke about the 3 strings that went into a bar where they don't serve strings? So, one tied the top of his string and cut it in strands. The barkeep asked, "Aren't you a string?!" The string replied, "I'm a frayed Knot (I'm afraid not)". Dead | X|
 

"I'm being held captive on an Island of beautiful people, serving and attending to my every desire, as if I were a god. Please, I beg of you, come rescue me! Then again, never-mind!" Cool | :cool:
 

And, most likely:
 
"I forgot my encryption key, so could you send me the key you discovered so I can unlock my more important encrypted files before my boss finds out? Thx!" D'Oh! | :doh: ~ Thumbs Up | :thumbsup: Thumbs Up | :thumbsup: Thumbs Up | :thumbsup: Thumbs Up | :thumbsup: Thumbs Up | :thumbsup:
 

Try to encrypt my signature! (between the lines, without the return cr/lf; that is, the null value):
 
----------
 
----------
 
'Nuff said!
 
GaryN
 
ASPX ~ Apple Simply Performs eXcellently
Sign In·View Thread·Permalink
GeneralRe: My vote of 1memberXmen W.K.28 Jul '09 - 6:48 
well dude, you need some rest...Rose | [Rose]
 


TVMU^P[[IGIOQHG^JSH`A#@`RFJ\c^JPL>;"[,*/|+&WLEZGc`AFXc!L
%^]*IRXD#@GKCQ`R\^SF_WcHbORY87֦ʻ6ϣN8ȤBcRAV\Z^&SU~%CSWQ@#2
W_AD`EPABIKRDFVS)EVLQK)JKQUFK[M`UKs*$GwU#QDXBER@CBN%
R0~53%eYrd8mt^7Z6]iTF+(EWfJ9zaK-i’TV.C\y<pŠjxsg-b$f4ia>
-----------------------------------------------
128 bit encrypted signature, crack if you can
Sign In·View Thread·Permalink
GeneralRe: My vote of 1memberSky Sanders16 Aug '09 - 10:20 
You post indicates perhaps a bit of naïveté on your part, Tawani.
 
connectionStrings and other sensitive sections are routinely encrypted.
 
Certainly physical access to servers can be controlled. Somewhat. But where is it written that everyone who has legitimate 'physical' access to a server also has the need or right to know SQL server account details?
 
You can take a drive in this idea until you arrive at the logical conclusion.
 
Best regards,
Sky
Sign In·View Thread·Permalink
Last Visit: 31 Dec '99 - 18:00     Last Update: 19 May '13 - 16:32Refresh1

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

About Article
A Technical Blog, originally posted at http://somewebguy.wordpress.com/?p=309
Are you encrypting your web.config files? It's not that hard to do, but in this post, I share a program I wrote to make it as easy as point and click. Now, you can remotely encrypt and decrypt your web.config files without needing to use a command prompt or look up IIS information!
Type Technical Blog
Licence CC (ASA 2.5)
First Posted 16 Jul 2009
Views 35,191
Downloads 601
Bookmarked 78 times

, +
Top News

Math Primers for Programmers

Get the Insider News free each morning.
Related Videos
jQuery Mobile Basics
French C# Tutorial Lesson 24 - Refactoring
Creating a Java Application Using a Package
Edit and Encrypt Web.Config Sections Using C# 2.0
DPAPI and Triple DES: A powerful combination to secure connection strings and other application settings
Encryption of Connection Strings Inside the Web.config in ASP.NET 2.0
The Art & Science of Storing Passwords
Secutirty at your Hands: Encryption of Configuration file in Whidbey
Encrypting the app.config File for Windows Forms Applications
ASP.NET - reCAPTCHA Mailhide
ASP.NET authentication and authorization
Role-based Security with Forms Authentication
Programmatic Adding Custom Encrypted Configuration Section in ASP.NET
Gnu Privacy Guard (GPG/PGP) for .NET [v1.0]
Forms Authentication and Role based Authorization: A Quicker, Simpler, and Correct Approach
Beginner's Guide To View State
Managing Connection Strings for Web Farms in ASP.NET 2.0
How to make ViewState secure in ASP.NET
Problems and solutions to Microsoft Configuration Management Application Block's "XmlFileStorage" in Web Applications
Custom Authentication provider by implementing IHttpModule, IPrincipal and IIdentity
Encrypt .Net Configuration file
Encrypt or Decrypt Connection Strings in web.config file using ASP.NET
Custom WSE 3.0 Policy Assertions for Signing and Encrypting SOAP Messages with Username Tokens
Permalink | Advertise | Privacy | Mobile
Web04 | 2.6.130516.1 | Last Updated 16 Jul 2009
Article Copyright 2009 by webdev_hb
Everything else Copyright © CodeProject, 1999-2013
Terms of Use
Layout: fixed | fluid