Encrypting the CPE Credentials - Web Services Publishing - Foundation 25.1 - Foundation 25.1 - Ready - OnBase - external - OnBase/Web-Services-Publishing/Foundation-25.1/Web-Services-Publishing/Installation/Installation/Connecting-to-a-CPE-Server/Encrypting-the-CPE-Credentials

Encrypting the CPE Credentials - Web Services Publishing - Foundation 25.1 - Foundation 25.1 - Ready - OnBase - external - OnBase/Web-Services-Publishing/Foundation-25.1/Web-Services-Publishing/Installation/Installation/Connecting-to-a-CPE-Server/Encrypting-the-CPE-Credentials - 2025-03-17

Web Services Publishing

Platform

OnBase

Product

Web Services Publishing

Release

Foundation 25.1

License

It is possible to encrypt your CPE credentials and reference the stored credentials' location within the registry.

Note:

For full details on creating encrypted account registry keys, see the Microsoft Knowledge Base article How to use the ASP.NET Core | Open-Source web framework for .NET utility to encrypt credentials and session state connection strings available at https://support.microsoft.com.

To manually configure impersonation, complete the following steps:

From a command line, change the directory to the location where the aspnet_setreg.exe tool resides. A copy of this tool is provided in the ..\utilities\MISC subdirectory of the Core Services build.
Enter the following command, where username is the user name of your CPE account, and password is the password for your CPE account.
```
aspnet_setreg.exe -k:SOFTWARE\Hyland\CPE\Identity -u:"username" -p:"password"
```
Open a Run dialog box and enter regedt32.
Grant the application pool's identity account Read permissions to the appropriate registry key.
- In 32-bit environments, grant the Read permission on HKLM:SOFTWARE\Hyland\CPE\Identity\ASPNET_SETREG.
- In 64-bit environments, grant the Read permission on HKLM:SOFTWARE\Wow6432Node\Hyland\CPE\Identity\ASPNET_SETREG.
The aspnet_setreg utility automatically stores the encrypted credentials in these keys.
Note:
If the application pool is configured to use the built-in ApplicationPoolIdentity account, then the IIS_IUSRS group (or the individual users within that group) must be granted Read access to the registry key. Depending on your system's configuration, it may be more secure to grant Read access to a single user, rather than the entire IIS_IUSRS group.

CAUTION:
Modify the registry at your own risk. Incorrectly editing the Windows registry can cause serious problems that may require you to reinstall your operating system. Be sure to back up the registry before making any changes to it.