| 12 | === 1. Create Database for Users and Roles === |
| 13 | You have to add a database named `HeuristicLab.Authentication` to your local SQL Server instance which stores users, roles, etc.: |
| 14 | 1. Start the Visual Studio Command Prompt which is automatically installed and added to your programs by Visual Studio. |
| 15 | 2. Execute the following command which creates the `HeuristicLab.Authentication` database and adds all required tables, views, etc.: |
| 16 | {{{ |
| 17 | aspnet_regsql.exe -C "data source=.\SQLEXPRESS;Integrated Security=SSPI" -A all -d HeuristicLab.Authentication |
| 18 | }}} |
| 19 | 3. Optionally you can start the SQL Server Management Studio or create a new data connection in Visual Studio to check, if the database is really there. |
| 20 | |
| 21 | This database is usually used by HeuriticLab services for authentication and authorization. The two classes `System.Web.Security.SqlMembershipProvider` and `System.Web.Security.SqlRoleProvider` are used to access this database and to read and write users or roles. Usually there should be no need to access the database directly and you should not have to worry about its data model. |
| 22 | |
| 23 | === 2. Create a Self-Signed Certificate === |
| 24 | For encrypting the service communication, a certificate has to be created for your machine: |
| 25 | 1. Start the Visual Studio Command Prompt again and run it with Administrator privileges (choose `Run as administrator` in the context menu). |
| 26 | 2. Execute the following command which creates a new self-signed certificate named `localhost` and adds it to the `Personal` category of the `LocalMachine` certificate store: |
| 27 | {{{ |
| 28 | makecert.exe -r -pe -sky exchange -sr LocalMachine -ss My -n CN=localhost |
| 29 | }}} |
| 30 | 3. Optionally you can start the Microsoft Management Console (`mmc.exe`) to check, if the certificate is really there (choose `File` -> `Add/Remove Snap-in` to add the `Certificates` snap-in and to explore the content of the `LocalMachine` certificate store). |
| 31 | |
| 32 | === 3. Allow Read Access to the Certificate's Private Key === |
| 33 | Network services must have read access to the private key of the certificate created in the previous step. Therefore, you have to locate the private key file on your hard disk first and then you have to grant read access to it for the `Network Service` account of your machine: |
| 34 | 1. Start the Visual Studio Command Prompt again and run it with Administrator privileges (choose `Run as administrator` in the context menu). |
| 35 | 2. Execute the following command (please note that the console application `findprivatekey.exe` is attached to this page, if you do not have it on your system): |
| 36 | {{{ |
| 37 | findprivatekey.exe My LocalMachine -n CN=localhost |
| 38 | }}} |
| 39 | 3. Have a look at the output. It shows you the path and the filename of the private key and should look like: |
| 40 | {{{ |
| 41 | C:\...>findprivatekey.exe My LocalMachine -n CN=localhost |
| 42 | Private key directory: |
| 43 | C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys |
| 44 | Private key file name: |
| 45 | fef2c81190d59a105313d83fb ... eb8c6a |
| 46 | }}} |
| 47 | 4. Allow read access to this file for the `Network Service` account of your machine (in the context menu of the file choose `Properties` -> `Security` -> `Edit` -> `Add`). |