THE INFORMATION IN THIS ARTICLE APPLIES TO:
- EFT Web Admin, v3.6 and later
DISCUSSION
- Make a backup of EFT Web Admin application files (e.g. C:\Program Files (x86)\Globalscape\EFT WebAdmin\webapps\).
- Open a Command prompt with Elevated permissions and Unencrypt your web.config connection strings section.
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -pdf "connectionStrings" "C:\Program Files (x86)\Globalscape\EFT WebAdmin\webapps\EFTWebAdmin"
- Open your Web.config (e.g. C:\Program Files (x86)\Globalscape\EFT WebAdmin\webapps\EFTWebAdmin\web.config).
- Go to connection strings section and change your ADAuthConnectionString connection string. Change your default value from this $(ReplacableToken_ADAuthConnectionString-Web.config Connection String_0) to your LDAP/AD server Your connection string should look like:
<connectionStrings >
<add name="EFTWebAdmin" connectionString="Data Source=[SQLSERVERHOST]\[INSTANCE];Initial Catalog=[EFTWEBADMIN_DATABASE];User ID =[SQL_SERVER_USER];Password=[SQL_SERVER_PASSWORD] "/>
<add name=" ADAuthConnectionString" connectionString="[LDAP_QUERY_PATH]" />
</connectionStrings>
- Go to connection string section and change your ADRPConnectionString conncetion string. Change your default value from this $(ReplacableToken_ADRPConnectionString-Web.config Connection String_0) to your LDAP/AD server Your connection string should look like:
<connectionStrings >
<add name="EFTWebAdmin" connectionString="Data Source=[SQLSERVERHOST]\[INSTANCE];Initial Catalog=[EFTWEBADMIN_DATABASE];User ID =[SQL_SERVER_USER];Password=[SQL_SERVER_PASSWORD] "/>
<add name="ADAuthConnectionString" connectionString="LDAP://dc.demo.vm/CN=Users,DC=demo,DC=vm" />
<add name="ADRPConnectionString" connectionString="LDAP://DC=demo,DC=vm" />
</connectionStrings>
[LDAP_SERVER_LESSQUERY_PATH]: replace with your own LDAP query. For example
LDAP://DC=demo,DC=vm
NOTE: LDAP Server-less format is not supported.
- Use the following membership section:
<membership defaultProvider="ADMembershipProvider">
<providers>
<clear />
<add name="ADMembershipProvider"
connectionStringName="ADAuthConnectionString"
applicationName="EFTWebAdmin"
connectionUsername="demo\username"
connectionPassword="password"
attributeMapUsername="sAMAccountName"
enableSearchMethods="true"<
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</membership>
- Use the following Role manager section:
<roleManager enabled="true" defaultProvider="ADRoleProvider">
<providers>
<clear/>
<add name="ADRoleProvider"
applicationName="EFTWebAdmin"
type="Globalscape.EFT.Web.Providers.AdRoleProvider"
connectionStringName="ADRPConnectionString"
groupMode="Additive"
enableSqlCache="True"
sqlConnectionString="EFTWebAdmin"
cacheTimeInMinutes ="5"
groupsToUse="EFTWebAdminUser,EFTWebAdminSuperUser,EFTAdmins"
groupsToIgnore="Senior Management"
usersToIgnore="asmith, ksose"/> </providers>
</roleManager>
- Make sure at least one account is allowed in the admin Settings for the EFT Web Admin.
<location path="Admin" allowOverride="true">
<system.web>
<authorization>
<allow roles ="EFTWebAdminSuperUser"/>
<allow roles="ServerManagement"/>
<allow roles="Administrators"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
- Save Web.config.
- Encrypt your Web.config connection section again:
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -pef "connectionStrings" "C:\Program Files (x86)\Globalscape\EFT WebAdmin\webapps\EFTWebAdmin"
- If you wish to encrypt your membership provider due to adding passwords to your AD, you can encrypt this section too by using:
