ECMToolBox Workflow - Secure Connections

This article is to provide information on the steps needed to provide secure connections to the components used by ECMT Workflow.

These connections are database connection strings and by following the steps below, the utilized accounts and passwords can be removed from the configuration files to provide additional security to the application.

The below steps are necessary to implement secured connections to the database(s) from ECMToolbox Workflow.

1. User or Service Account.

   1. Determine an account that will be used to run the ECMToolbox Workflow service.

      1. The account needs to have local Admin access on the server running Workflow.

      2. The account needs to be able to run executables and services.

   2. Provide the account dbowner access to the SQL databases below:

      1. ECMT Workflow

      2. ECMT AIM

      3. Appxtender/Appenhancer, EasyFile or other storage repository.

2. Navigate to the ECMT Workflow installation folder - Default is C:\Program Files (x86)\CASO Document Management\ECMToolbox Workflow

   1. Locate the ECMToolbox.Workflow.Service.exe.config file

   2. Edit the file and locate the connectionStrings section.

   3. Update each connection string to remove the User ID= and the Password details and replace with the needed trusted security settings as below.

BEFORE:

<connectionStrings>
<add name="WorkflowDB" connectionString="Server=DBServ;DataBase=DataBase;User ID=UserName;Password=UserPass;TrustServerCertificate=true;" providerName="System.Data.SqlClient" />
<add name="AXConn" connectionString="Data Source=DBServ;Initial Catalog=AXData;User Id=UserName;Password=UserPass" providerName="System.Data.SqlClient" />
<add name="WFConn" connectionString="Data Source=DBServ;Initial Catalog=WFData;User Id=UserName;Password=UserPass" providerName="System.Data.SqlClient" />
<add name="IRConn" connectionString="Data Source=DBServ;Initial Catalog=AIMData;User ID=UserName;Password=UserPass" providerName="System.Data.SqlClient" />
</connectionStrings>

AFTER:

<connectionStrings>
<add name="WorkflowDB" connectionString="Server=DBServ;DataBase=DataBase;Persist Security Info=True;Integrated Security=SSPI;TrustServerCertificate=true;" providerName="System.Data.SqlClient" />
<add name="AXConn" connectionString="Data Source=DBServ;Initial Catalog=AXData;Persist Security Info=True;Integrated Security=SSPI;" providerName="System.Data.SqlClient" />
<add name="WFConn" connectionString="Data Source=DBServ;Initial Catalog=WFData;Persist Security Info=True;Integrated Security=SSPI;" providerName="System.Data.SqlClient" />
<add name="IRConn" connectionString="Data Source=DBServ;Initial Catalog=AIMData;Persist Security Info=True;Integrated Security=SSPI;" providerName="System.Data.SqlClient" />
</connectionStrings>

Take note on the first line, if TrustServerCertificate=true is in place, the Double quote goes to the end of this and not to the end of Integrated Security = SSPI;” as the other lines.

You can then save the file

3. Update the ECMToolbox Workflow service to run as the account specified in step 1.

4. Restart the ECMToolbox Workflow service and verify access is working as desired.