Enabling Impersonation - DeficiencyPop - Foundation 23.1 - Foundation 23.1 - Ready - OnBase - Premier - Standard - external - Standard - Premier

DeficiencyPop

Platform
OnBase
Product
DeficiencyPop
Release
Foundation 23.1
License
Standard
Premier

Impersonation allows DeficiencyPop to run under a specified user account whose credentials are encrypted in the registry.

Note:

Full details on creating encrypted account registry keys are available in the Microsoft article: “How to use the ASP.NET utility to encrypt credentials and session state connection strings” available at: http://support.microsoft.com/kb/329290/

To manually configure impersonation, complete the following steps:

  1. From a command line, change the directory to the location where the aspnet_setreg.exe tool resides. A copy of this tool is provided in the ..\utilities\MISC subdirectory of the distributed build.
  2. Enter the following command, where DOMAIN is the domain for the impersonation account, name is the user name of an account that has rights to the Application Server's virtual directory, and password is the password for the user account.
    aspnet_setreg.exe -k:SOFTWARE\Hyland\AppNet\Identity -u:"DOMAIN\name" -p:"password"
  3. Open a Run dialog box and enter regedt32.
  4. Grant the application pool's identity account Read permissions for the necessary registry key.
    • In 32-bit environments, grant the Read permission on HKLM:SOFTWARE\Hyland\AppNet\Identity\ASPNET_SETREG .

    • In 64-bit environments, grant the Read permission on HKLM:SOFTWARE\Wow6432Node\Hyland\AppNet\Identity\ASPNET_SETREG . The aspnet_setreg utility automatically stores the encrypted credentials in this key when impersonation is configured for the application in a 64-bit environment.

      Note:

      If the application pool is configured to use the built-in ApplicationPoolIdentity account, then the IIS_IUSRS group must be granted Read access to the registry key.

  5. Grant the impersonated identity account Modify permissions to the OnBase disk group storage locations and other domain locations where resources (such as style sheets) are stored.
  6. Open the DeficiencyPop Web.config file from the directory where it was installed (e.g., C:\inetpub\wwwroot\DeficiencyPop).
  7. Uncomment the <identity> element by removing the <!-- and --> comment tags that enclose it.
  8. Set impersonate to true.
  9. Ensure the userName and password values point to the registry paths created using the aspnet_setreg utility.
  10. Save Web.config.