ECMToolBox AIM- Secure Connections

This article is to provide information on the steps needed to provide secure connections to the components used by ECMT AIM.

These connections are database connection strings and by following the steps below, the utilized accounts and passwords can be removed from the configuration files to provide additional security to the application. The below steps are necessary to implement secured connections to the database(s) from ECMToolbox AIM.

  1. User or Service Account.

    1. Determine an account that will be used to run the ECMToolbox AIM website.

      1. The account needs to have local Admin access on the server running AIM.

    2. Provide the account access to the SQL databases below:

      1. ECMT AIM (DBOWNER)

      2. AX (DB READER)

      3. WF (DB READER)

  2. Navigate to the ECMT AIM installation folder - Default is C:\Program Files (x86)\CASO Document Management\ECMT_AIM

    1. Locate the web.config file

    2. Edit the file and locate the connectionStrings section.

    3. Update each connection string to remove the User ID= and the Password details and replace with the needed trusted security settings as below.

BEFORE:

<connectionStrings>
<add name="AXConn" connectionString="Data Source=DBServer;Initial Catalog=AXDatabase;User Id=UserName;Password=UserPass" providerName="System.Data.SqlClient" />
<add name="WFConn" connectionString="Data Source=DBServer;Initial Catalog=WFDatabase;User Id=UserName;Password=UserPass" providerName="System.Data.SqlClient" />
<add name="IRConn" connectionString="Data Source=DBServer;Initial Catalog=AIMDatabase;User Id=UserName;Password=UserPass" providerName="System.Data.SqlClient" />
</connectionStrings>

AFTER:

<connectionStrings>
<add name="AXConn" connectionString="Data Source=DBServer;Initial Catalog=AXDatabase;Persist Security Info=True;Integrated Security=SSPI;" providerName="System.Data.SqlClient" />
<add name="WFConn" connectionString="Data Source=DBServer;Initial Catalog=WFDatabase;Persist Security Info=True;Integrated Security=SSPI;" providerName="System.Data.SqlClient" />
<add name="IRConn" connectionString="Data Source=DBServer;Initial Catalog=AIMDatabase;Persist Security Info=True;Integrated Security=SSPI;" providerName="System.Data.SqlClient" />
</connectionStrings>

  1. Update the ECMToolbox AIM app pool run as the account specified in step 1.

  2. Restart the ECMToolbox AIM app pool and verify access is working as desired

CASO Knowledge Base