Documentation Center

Configuring Content Delivery databases for integrated authentication

If you are running Content Delivery software as a .NET Web application or as a Windows Service and its database is Microsoft SQL Server, you can use integrated authentication. This applies to the Content Data Store, Experience Manager database, UGC database, and the Outbound E-mail tracking and subscription databases.

About this task

Integrated security allows you to log the user under which the Content Delivery process is running automatically onto a Content Delivery database rather than configuring credentials in the Storage layer Configuration file.

Procedure

  1. If you are running Content Delivery as a .NET Web application, open IIS and change your Application Pool to run on an specific account.
  2. Add this user account to the SQL Server database(s) under Security > Logins. Make this user a member of the db_datareader and db_datawriter roles.
  3. Open cd_storage_conf.xml located in the config\ subdirectory of your Content Delivery root location in a plain-text editor or XML editor.
  4. In your configured a Storage element:
    1. Comment out the name and password properties:
      <!--Property Name="user" Value="sa" />
      <Property Name="password" Value="tridion" /-->
    2. Add the following property:
      <Property Name="integratedSecurity" Value="true" />
    The following is an example of a Storage element configured for integrated security:
    <Storage Type="persistence" Id="msSqlStorage" dialect="MSSQL" Class="com.tridion.storage.persistence.JPADAOFactory">
    	<Pool Type="jdbc" Size="100" MonitorInterval="60" IdleTimeout="120" CheckoutTimeout="120" />
    	<DataSource Class="com.microsoft.sqlserver.jdbc.SQLServerDataSource">
    		<Property Name="serverName" Value="localhost" />
    		<Property Name="portNumber" Value="1433" />
    		<Property Name="databaseName" Value="Tridion_Broker" />
    		<Property Name="integratedSecurity" Value="true" />
    		<!--Property Name="user" Value="sa" />
    		<Property Name="password" Value="tridion" /-->
    	</DataSource>
    </Storage>
  5. Save and close the cd_storage_conf.xml file.
  6. If Content Delivery is running as a Web application, restart the Web application by performing iisreset.
  7. Use sqljdbc_auth.dll file in your MS SQL Server JDBC Driver installation to set up a JVM argument.
  8. Configure the location of sqljdbc_auth.dll as a JVM parameter, either in your registry or in the jvm.xml configuration file. For example, configure the following property: -Djava.library.path=C:\Microsoft JDBC Driver 4.0 for SQL Server\sqljdbc_4.0\enu\auth\x86.