Use Windows Authentication Instead of SQL Authentication
CRITICAL
Configure AppPool User Service Account that has Database Owner permissions for the database being connected to.
Sample Config Files
SMTP Config
############################ <system.net> <mailSettings> <smtp deliveryMethod="network" from="RapidIdentity@idauto.net"> <network host="relay.idauto.net" port="25" userName="SVC_RapidID"password="badPassw0rd5"/></smtp> </mailSettings> </system.net>
Database Config
############################ <connectionStrings> <remove name="LocalSqlServer" /> <add name="LocalSqlServer" connectionString="Data Source=.\SQLExpress;Integrated Security=True;User Instance=True;AttachDBFilename=|DataDirectory|aspnetdb.mdf" /> <add name="MasterCMConnection" connectionString="" providerName="System.Data.SqlClient" /><add name="CMConnection" connectionString="Server=sqlBoi01;Database=ONEdb;Trusted_Connection=True;User Id=x;Password=x;Integrated Security=SSPI" providerName="System.Data.SqlClient" /> </connectionStrings>
Note
You have the ability to replace the connectionString
, even if it is encrypted, by replacing everything between the <connectionStrings>
tags.
Make sure to make the connectionStrings
update in all four web.config
files.
Decrypt the Web.config Files
Open up Administrator: Command Prompt
Navigate to C:\Windows\Microsoft.NET\Framework64\v4.0.30319
aspnet_regiis -pd “connectionStrings” -app “/api” aspnet_regiis -pd “connectionStrings” -app “/ONE” aspnet_regiis -pd “connectionStrings” -app “/oneService” aspnet_regiis -pd “connectionStrings” -app “/RestServices”
Note
connectionStrings
do not have to be re-encrypted to be able to test whether the application works with the updated configurations. However, to re-encrypt the connectionStrings
, use the following command:
aspnet_regiis -pe “connectionStrings” -app “/one”
This is because the authenticated user will be reading in from the AppPool users.
PowerShell Decrypt
cd 'C:\windows\microsoft.net\framework64\v2.0.50727'
./aspnet_regiis.exe -pd "connectionStrings" -app "/One"
./aspnet_regiis.exe -pe "connectionStrings" -app "/One"
The decrypted value will be located at:
C:\Program Files\2FA\ONE Server\website\web.config