Impersonation allows the Healthcare Form Manager to run under a specified user account, whose credentials are encrypted in the registry. To manually configure impersonation, complete the following steps:
Full details on creating encrypted account registry keys are available in the Microsoft article: “How to use the ASP.NET utility to encrypt credentials and session state connection strings” available at: http://support.microsoft.com/kb/329290/
- From a command line, change the directory to the location where the aspnet_setreg.exe tool resides. A copy of this tool is provided in the ..\utilities\MISC subdirectory of the distributed build.
Enter the following command, where DOMAIN is the domain for the impersonation account, name is the user name of an account that has rights to the Application Server virtual directory, and password is the password for the user account.
aspnet_setreg.exe -k:SOFTWARE\Hyland\AppNet\Identity -u:"DOMAIN\name" -p:"password"
- Open a Run dialog box and enter regedit.
Grant the application pool identity account Read permissions for the necessary registry key.
In 32-bit environments, grant the Read permission on HKLM:SOFTWARE\Hyland\AppNet\Identity\ASPNET_SETREG.
In 64-bit environments, grant the Read permission on HKLM:SOFTWARE\Wow6432Node\Hyland\AppNet\Identity\ASPNET_SETREG. The aspnet_setreg utility automatically stores the encrypted credentials in this key when impersonation is configured for the application in a 64-bit environment.Note:
If the application pool is configured to use the built-in ApplicationPoolIdentity account, then the IIS_IUSRS group must be granted Read access to the registry key.
- Grant the impersonated identity account Modify permissions to the OnBase disk group storage locations and other domain locations where resources (such as style sheets) are stored.
- Open the Healthcare Form Manager Web.config file from its installation directory (e.g., C:\inetpub\wwwroot\HealthcareFormManager).
- Uncomment the <identity> element by removing the <!-- and --> located above and below it.
- Set impersonate to true.
- Ensure the userName and password values point to the registry paths created using the aspnet_setreg utility.
- Save Web.config.