MFA Guides

Use Windows Authentication Instead of SQL Authentication

CRITICAL

Configure AppPool User Service Account that has Database Owner permissions for the database being connected to.

Sample Config Files
SMTP Config
############################

<system.net>
<mailSettings>
<smtp deliveryMethod="network" from="RapidIdentity@idauto.net">
<network host="relay.idauto.net" port="25" userName="SVC_RapidID"password="badPassw0rd5"/></smtp>
</mailSettings>
</system.net>
Database Config
############################

<connectionStrings>
<remove name="LocalSqlServer" />
<add name="LocalSqlServer" connectionString="Data Source=.\SQLExpress;Integrated Security=True;User Instance=True;AttachDBFilename=|DataDirectory|aspnetdb.mdf" />
<add name="MasterCMConnection" connectionString="" providerName="System.Data.SqlClient" /><add name="CMConnection" connectionString="Server=sqlBoi01;Database=ONEdb;Trusted_Connection=True;User Id=x;Password=x;Integrated Security=SSPI" providerName="System.Data.SqlClient" />
</connectionStrings>

Note

You have the ability to replace the connectionString, even if it is encrypted, by replacing everything between the <connectionStrings> tags.

Make sure to make the connectionStrings update in all four web.config files.

Decrypt the Web.config Files
  1. Open up Administrator: Command Prompt

  2. Navigate to C:\Windows\Microsoft.NET\Framework64\v4.0.30319

aspnet_regiis -pd “connectionStrings” -app “/api”
aspnet_regiis -pd “connectionStrings” -app “/ONE”
aspnet_regiis -pd “connectionStrings” -app “/oneService”
aspnet_regiis -pd “connectionStrings” -app “/RestServices”

Note

connectionStrings do not have to be re-encrypted to be able to test whether the application works with the updated configurations. However, to re-encrypt the connectionStrings, use the following command:

aspnet_regiis -pe “connectionStrings” -app “/one”

This is because the authenticated user will be reading in from the AppPool users.

PowerShell Decrypt

cd 'C:\windows\microsoft.net\framework64\v2.0.50727'

./aspnet_regiis.exe -pd "connectionStrings" -app "/One"

./aspnet_regiis.exe -pe "connectionStrings" -app "/One"

The decrypted value will be located at:

C:\Program Files\2FA\ONE Server\website\web.config