Configure the Application Pool Account

By default, the Meridian Explorer web application is configured with the Integrated Windows authentication option enabled. This allows you to use Windows user accounts and groups to configure the security of the application. The Meridian Explorer clients will connect to the repository using the security account of the Internet Information Services (IIS) application pool. By default, Meridian Explorer will use the BCEnterprise application pool, which runs under the Network Service account.

Note:
  • The region and language settings of the application pool identity determine how Meridian Explorer data is shown to users. For example, the format of dates.

  • If a feedback type page will be used in web browsers other than Internet Explorer (for example, Firefox or Chrome), access denial errors can occur if the Meridian Enterprise Server application pool account is not the same as the Meridian Enterprise EDM Server service account.

  • If a .NET Framework 2.0 application pool will be used instead of the BCEnterprise application pool created by the setup program, internal server errors can occur when the Meridian Explorer home page is loaded. These can be prevented by removing the following line from the application's web.config file.

    <section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection,
    System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"
    requirePermission="false" allowDefinition="MachineToApplication"/>

If SQL Server authentication is selected for the repository database connection, a dedicated application pool may not be necessary.

If Windows authentication is selected for the repository database connection, we recommend that you create a dedicated application pool that will run under a domain account with the rights described in Security Requirements.

To configure the application pool account:

  1. Open the Internet Information Services Manager in Computer Management and select Application Pools in the Connections tree.

  2. Select the BCEnterprise application pool.

  3. On the Actions menu, select Advanced Settings.

    The application pool’s Advanced Settings dialog box appears.

  4. Expand Process Model and select Identity.

  5. Click the browser button in the value column.

    The Application Pool Identity dialog box appears.

  6. Select Custom account and click Set.

    The Set Credentials dialog box appears.

  7. Type an account name in User name and type the account password in Password and Confirm Password.

    Note:

    This account must be a domain administrator and the BCEnterprise site must connect with the Application user (pass-through authentication) option enabled.

  8. Click OK.

    The dialog box closes and the account name appears in Custom account.

  9. Click OK.

    The dialog box closes and the account name appears in Identity.

  10. Click OK.

    The dialog box closes.

After changing the account, contact your database administrator to grant the account access to the Meridian Explorer configuration and Meridian Explorer repository databases.

2021 R2