Documentation Center

Configuring Content Delivery databases for integrated authentication

If you are running Content Delivery software as a .NET web application or as a Windows Service and its database is Microsoft SQL Server, you can use integrated authentication. This applies to the Content Data Store, Experience Manager database, the (deprecated) UGC database, and the (deprecated) Outbound E-mail tracking and subscription databases.

About this task

Integrated security allows you to log the user under which the Content Delivery process is running automatically onto a Content Delivery database, rather than configuring credentials in the Storage layer Configuration file.

Procedure

  1. If you are running Content Delivery as a .NET web application, open IIS and change your Application Pool to run on a specific account.
  2. Add this user account to the SQL Server database(s) under Security > Logins. Make this user a member of the db_datareader and db_datawriter roles.
  3. Open cd_storage_conf.xml, located in the config\ subdirectory of your Content Delivery root location, for editing.
  4. In your configured Storage element, do the following:
    1. Comment out the name and password properties:
      <!--Property Name="user" Value="sa" />
      <Property Name="password" Value="tridion" /-->
    2. Add the following property:
      <Property Name="integratedSecurity" Value="true" />
    The following is an example of a Storage element configured for integrated security:
    <Storage Type="persistence" Id="msSqlStorage" dialect="MSSQL" Class="com.tridion.storage.persistence.JPADAOFactory">
    	<Pool Type="jdbc" Size="100" MonitorInterval="60" IdleTimeout="120" CheckoutTimeout="120" />
    	<DataSource Class="com.microsoft.sqlserver.jdbc.SQLServerDataSource">
    		<Property Name="serverName" Value="localhost" />
    		<Property Name="portNumber" Value="1433" />
    		<Property Name="databaseName" Value="Tridion_Broker" />
    		<Property Name="integratedSecurity" Value="true" />
    		<!--Property Name="user" Value="sa" />
    		<Property Name="password" Value="tridion" /-->
    	</DataSource>
    </Storage>
  5. Save and close the cd_storage_conf.xml file.
  6. Open deployer-conf.xml, located in the configuration location of your combined Content Deployer or of your Content Deployer worker and endpoint, for editing.
  7. Within the State section, in your configured Storage element, do the following:
    1. Comment out the name and password properties:
      <!--Property Name="user" Value="${dbuser}" />
      <Property Name="password" Value="${dbpassword}" /-->
    2. Add the following property:
      <Property Name="integratedSecurity" Value="true" />
    The following is an example of a State element configured for integrated security:
    <State>
       <Storage Adapter="mssql" driver="com.microsoft.sqlserver.jdbc.SQLServerDriver">
          <Property Name="host" Value="mssql.myorg.dev" />
          <Property Name="port" Value="1433" />
          <Property Name="database" Value="StateStoreDB" />
          <!--Property Name="user" Value="DB_USER"/>
           <Property Name="password" Value="DB_PASSWORD"/-->
          <Property Name="IntegratedSecurity" Value="true" />
       </Storage>
    </State>
  8. Save and close the deployer-conf.xml file.
  9. If Content Delivery is running as a web application, restart the web application by performing iisreset.
  10. Use sqljdbc_auth.dll file in your MS SQL Server JDBC Driver installation to set up a JVM argument.
  11. Configure the location of sqljdbc_auth.dll as a JVM parameter, either in your registry or in the jvm.xml configuration file. For example, configure the following property: -Djava.library.path=C:\Microsoft JDBC Driver 4.0 for SQL Server\sqljdbc_4.0\enu\auth\x86.