Adding encrypted security to the accounts in web.config
Introduction
System Architect XT can access encyclopedias using Windows authentication mode or SQL authentication mode. The web.config file can be configured to use one or the other. If you decide to use SQL authentication then there is a DBUser and DBPassword that have been added to the connectionStrings section of the web.config file. If the connectionString value of the DBUser item is not empty then the system will attempt to connect to the selected server using the values provided in the connectionString fields. If the connectionStrings value of the DBUser item is empty, then the system will continue to use the Windows authentication mode using the identity account. The fixed identity account should be a low-privilege account that has been granted only necessary permissions in the database.
The example below will cause the system to attempt connection to the database server using SQL authentication mode, using the user ID saxtuser and password saxtpwd.
The fixed identity account that is used for Windows authentication is stored in the <identity> element of the <system.web> section of the web.config file.
The information in the connectionStrings section and identity element can be encrypted with standard Microsoft utilities. We have summarized use of Machine-Level Key encryption in Machine-Level Key; the complete text can be found at the Microsoft page below:
You should receive the message below if the utility was successful.
Encrypting configuration section... Succeeded!
Note IIS might fail to validate the <identity> element when it is encrypted. For that reason, you must disable the configuration validation in the web.config file. To do this, edit the web.config file using any text editor and under the <system.webserver> line add the entry below: