2.2 Configuring the standalone authentication service

Important: The installation procedure currently sets up the password for SQL Authentication incorrectly; you must follow the instructions in this section to encrypt and store your database password.

When you install the standalone authentication service, the installation program configures the service with the database connection details for your main MyID database and the MyID authentication database. These settings are initially stored in the appsettings.json file. If you need to update the database connection details, for example if you are using SQL Authentication and the password has changed, you can edit the appsettings.Production.json file to override the settings in the appsettings.json file.

Note: If you subsequently install or upgrade MyID again and provide different database connection information in the MyID installation program, and you have set the ConnectionStringCore or ConnectionStringAuth options in the appsettings.Production.json file, the values you enter in the installation program are ignored; the appsettings.Production.json file is never updated by the installation program, and always takes precedence over the appsettings.json file.

To edit the database connection strings:

  1. In a text editor, open the appsettings.Production.json file for the web service.

    By default, this is:

    C:\Program Files\Intercede\MyID\web.oauth2.ext\appsettings.Production.json

    This file is the override configuration file for the appsettings.json file for the web service.

  2. Set the following options in the MyID:Database section:

    • ConnectionStringCore – contains the connection string for the main MyID database.

    • ConnectionStringAuth – contains the connection string for the MyID authentication database.

    You can copy the original details from the appsettings.json file if necessary.

    Your appsettings.Production.json file may already contain commented-out entries for these values; remove the double-slash // to uncomment the entries.

  3. If you need to update the password:

    1. Log on to the server as the MyID Authentication user.

      This is the user under which the standalone authentication service runs – you can check the identity used for the myid.web.oauth2.ext.pool application pool to confirm.

    2. Open a PowerShell command prompt, and navigate to the web.oauth2.ext web service folder.

      By default, this is:

      C:\Program Files\Intercede\MyID\web.oauth2.ext\

    3. Run the following PowerShell script:

      .\DPAPIEncrypt.ps1 <password>

      For example:

      .\DPAPIEncrypt.ps1 mypassword1234

      The script outputs an encrypted copy of your new password; for example:

      PS C:\Program Files\Intercede\MyID\web.oauth2.ext> .\DPAPIEncrypt.ps1 mypassword1234
      AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA7X [...] cJ0kGfzCRQAAAApCVkhSoyCs4xotykfdKZ3w9gitg==

      (Encrypted output string truncated for documentation purposes.)

    4. Copy the encrypted password, then add it to the PasswordDPAPI field in the connection string.

      For example:

      "ConnectionStringCore": "Database=MyID; Server=myserver.example.com; User Id=sa; PasswordDPAPI=AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA7X [...] cJ0kGfzCRQAAAApCVkhSoyCs4xotykfdKZ3w9gitg==;",

  4. Save the appsettings.Production.json file.
  5. Recycle the web service app pool:

    1. On the MyID web server, in Internet Information Services (IIS) Manager, select Application Pools.
    2. Right-click the myid.web.oauth2.ext.pool application pool, then from the pop-up menu click Recycle.

    This ensures that the web service has picked up the changes to the configuration file.