Skip to main content

Constructing a Connection String

Cortex accepts a standard .NET connection string, which is a series of semicolon-separated key-value pairs. The official microsoft documentation and these examples can be helpful, but a valid Cortex connection string tends to look like the following:

server=server-hostname,1433;uid=username;password=the-password;database=Cherwell;MultipleActiveResultSets=true

Required settings

  • server - the hostname/FQDN and port of a SQL Server instance on another machine, or the name of a named instance on the local machine
  • Authentication (mirrors "Database Login Account Credentials" here. Your DBA might know which option is correct; if you're unsure, please ask us)
    • If you use SQL Authentication (this is recommended)
      • uid or user id - the SQL username to connect with
      • password - the password to use to connect
    • If you use Windows Authentication (this is prevalent in high-security environments, but requires additional IIS configuration; see below)
      • Integrated Security=true
  • database or initial catalog - the name of the database that holds your Cherwell data
  • MultipleActiveResultSets - this MUST be true

Windows Authentication (for your SQL Server connection)

warning

Using Windows Authentication for the SQL Server connection affects only the SQL Server connection. User authentication to Cortex still has to be configured separately via Open ID Connect or SAML.

  1. In IIS manager, configure the AppPool that Cortex will run under to use a specific user account. This user account must have access to the SQL server you wish to connect to (typically this is a domain account).

  2. Update your SQL connection string to look like the following:

    server=server-hostname,1433;Integrated Security=true;database=Cherwell;MultipleActiveResultSets=true

    Specifically, the uid and password options are omitted and replaced by the Integrated Security option. Depending on your setup, you may also need one or more of the options listed below.

Optional (or "maybe-required" settings)

These settings may be required depending on your specific configuration (or desired security requirements).

  • Encrypt - recommended to be true but can be false if the database is on the local machine
  • TrustServerCertificate - set to true (i.e. TrustServerCertificate=true) if your certificate is self-signed or doesn't use a trusted chain (see troubleshooting for situations when this might be required)