2.2 Configuring the standalone authentication service

Important: The installation procedure currently sets up the password for SQL Authentication incorrectly; you must follow the instructions in this section to encrypt and store your database password.

When you install the standalone authentication service, the installation program configures the service with the database connection details for your main MyID database and the MyID authentication database.

If you need to update the database connection details, for example if you are using SQL Authentication and the password has changed, you can edit the appsettings.Production.json file.

  1. In a text editor, open the appsettings.Production.json file for the web service.

    By default, this is:

    C:\Program Files\Intercede\MyID\web.oauth2.ext\appsettings.Production.json

    This file is the override configuration file for the appsettings.json file for the web service.

  2. Set the following options in the MyID:Database section:

    • ConnectionStringCore – contains the connection string for the main MyID database.

    • ConnectionStringAuth – contains the connection string for the MyID authentication database.

  3. If you need to update the password:

    1. Log on to the server as the MyID Authentication user.

      This is the user under which the standalone authentication service runs – you can check the identity used for the myid.web.oauth2.ext.pool application pool to confirm.

    2. Open a PowerShell command prompt, and navigate to the web.oauth2.ext web service folder.

      By default, this is:

      C:\Program Files\Intercede\MyID\web.oauth2.ext\

    3. Run the following PowerShell script:

      .\DPAPIEncrypt.ps1 <password>

      For example:

      .\DPAPIEncrypt.ps1 mypassword1234

      The script outputs an encrypted copy of your new password; for example:

      PS C:\Program Files\Intercede\MyID\web.oauth2.ext> .\DPAPIEncrypt.ps1 mypassword1234
      AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA7X [...] cJ0kGfzCRQAAAApCVkhSoyCs4xotykfdKZ3w9gitg==

      (Encrypted output string truncated for documentation purposes.)

    4. Copy the encrypted password, then add it to the PasswordDPAPI field in the connection string.

      For example:

      "ConnectionStringCore": "Database=MyID; Server=myserver.example.com; User Id=sa; PasswordDPAPI=AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA7X [...] cJ0kGfzCRQAAAApCVkhSoyCs4xotykfdKZ3w9gitg==;",

  4. Save the appsettings.Production.json file.

  5. Recycle the web service app pool:

    1. On the MyID web server, in Internet Information Services (IIS) Manager, select Application Pools.
    2. Right-click the myid.web.oauth2.ext.pool application pool, then from the pop-up menu click Recycle.

    This ensures that the web service has picked up the changes to the configuration file.