Difference between revisions of "Web.config"
From Agility
(→Cross origin request sequrity settings (CORS)) |
|||
| (5 intermediate revisions by 2 users not shown) | |||
| Line 10: | Line 10: | ||
The important entry is this section is the system name parameter:- | The important entry is this section is the system name parameter:- | ||
| − | |||
| − | |||
<?xml version="1.0" encoding="utf-8" ?> | <?xml version="1.0" encoding="utf-8" ?> | ||
| Line 76: | Line 74: | ||
/> | /> | ||
| + | === Cross origin request security settings (CORS) === | ||
| + | |||
| + | Agility can be used as source of data for different systems. In case that is used directly on browser it is limited due to CORS security. It prevents accessing other sites then current page origin site. To allow this following settings has to be added to Web.config: | ||
| + | <configuration> | ||
| + | <system.webServer> | ||
| + | <httpProtocol> | ||
| + | <customHeaders> | ||
| + | <add name="Access-Control-Allow-Origin" value="*" /> | ||
| + | <add name="Access-Control-Allow-Method" value="POST, GET, OPTIONS" /> | ||
| + | <add name="Access-Control-Allow-Credentials" value="true" /> | ||
| + | <add name="Access-Control-Allow-Headers" value="X-Requested-With" /> | ||
| + | <add name="P3P" value="CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"" /> | ||
| + | </customHeaders> | ||
| + | </httpProtocol> | ||
| + | </system.webServer> | ||
| + | </configuration> | ||
| + | |||
| + | This settings are default web.config settings in Agility because it is required by Agility for Android. | ||
| − | |||
=== GeneralService WCF communication settings === | === GeneralService WCF communication settings === | ||
<pre> | <pre> | ||
Latest revision as of 12:22, 3 October 2016
Contents
Web.config
This file is located within the IIS system immediately beneath the application directory. It contains many settings which are related to the .NET environment which are outside of the scope of this document.
System Name Parameter
<appSettings> Section
The important entry is this section is the system name parameter:-
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<appSettings>
<add key="SystemName" value="sxp2.1" />
</appSettings>
The “SystemName” parameter is used to locate the configuration file stored in the systems registry under
HKEY_LOCAL_MACHINE\SOFTWARE\SoftSolutions\SXP
There should then be an entry in this location matching the above name. If the Web.config file does not contain a SystemName parameter then “Default” is used instead to search the registry.
The “SystemConfigFilePath” parameter within the system name in the registry should point to the file which contains the full configuration information. The default name for this parameter file is “sxp.Default.config.xml”.
Controlling the size of document size which can be uploaded.
The Web.config file also contains information regarding the maximum size of document which can be uploaded into the database. If these parameters are omitted then there will be a default size of 4 M/B. Both entries should appear within the <system.web> section.
<httpRuntime
maxRequestLength="20000"
enableKernelOutputCache="true"
/>
“MaximumRequestLength” is the maximum upload size on Kilobytes. In this example the limit is 20000 * 1024 bytes( i.e. 20 Megabytes).
<sessionState> Settings
By default ASP.NET uses cookies to identify which requests belong to a particular session. If cookies are not available, a session can be tracked by adding a session identifier to the URL.
To disable cookies, set sessionState cookieless="true", leaving it as “false” enables cookies.
<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"
cookieless="false"
timeout="30"
/>
Cross origin request security settings (CORS)
Agility can be used as source of data for different systems. In case that is used directly on browser it is limited due to CORS security. It prevents accessing other sites then current page origin site. To allow this following settings has to be added to Web.config:
<configuration>
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Method" value="POST, GET, OPTIONS" />
<add name="Access-Control-Allow-Credentials" value="true" />
<add name="Access-Control-Allow-Headers" value="X-Requested-With" />
<add name="P3P" value="CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>
This settings are default web.config settings in Agility because it is required by Agility for Android.
GeneralService WCF communication settings
<!-- Only uncomment this section if WCF communication is being used
WCF requires installation of additional IIS components please consult latest docuemntation for details
If the required compnents are not installed and this section is uncommented it will potentially cause errors.
-->
<!--<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="ag">
<clientCredentials>
<clientCertificate findValue="WCFSoap1Client" storeLocation="LocalMachine"
storeName="My" x509FindType="FindBySubjectName" />
<serviceCertificate>
<defaultCertificate findValue="WCFSoap1Server" storeLocation="LocalMachine"
storeName="My" x509FindType="FindBySubjectName" />
<authentication certificateValidationMode="None" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="GeneralServiceBehavior">
<serviceMetadata httpGetEnabled="true" externalMetadataLocation="../GeneralServices.wsdl"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="None" revocationMode="NoCheck"/>
</clientCertificate>
<serviceCertificate findValue="WCFSoap1Server" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="BusinessObjects.Services.sxpUserNamePasswordValidator, BusinessObjects"/>
</serviceCredentials>
</behavior>
<behavior name="NamedServiceBehavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="None" revocationMode="NoCheck"/>
</clientCertificate>
<serviceCertificate findValue="WCFSoap1Server" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="BusinessObjects.Services.sxpUserNamePasswordValidator, BusinessObjects"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<client>
<endpoint address="http://localhost:6001/Web/services/GeneralService.svc" behaviorConfiguration="ag" binding="basicHttpBinding" bindingConfiguration="bssec" contract="System.ServiceModel.Channels.IRequestChannel" name="Agility">
<identity>
<dns value="WCFSoap1Server"/>
</identity>
</endpoint>
<endpoint address="http://localhost:6001/Web/services/GeneralService.svc/cs" behaviorConfiguration="ag" binding="customBinding" bindingConfiguration="cs" contract="System.ServiceModel.Channels.IRequestChannel" name="Agilityc">
<identity>
<dns value="WCFSoap1Server"/>
</identity>
</endpoint>
<endpoint address="http://localhost:50712/PCH/PCHWSDL/PCH_AGV.asmx" binding="basicHttpBinding" bindingConfiguration="PCH_AGVSoap" contract="AgilityInterfaces.PCH.AGV.PCH_AGVSoap" name="PCH_AGVSoap"/>
<endpoint address="http://localhost:50712/PCH/PCHWSDL/PCH_BIM.asmx" binding="basicHttpBinding" bindingConfiguration="PCH_AGVSoap" contract="AgilityInterfaces.PCH.BIM.PCH_BIMSoap" name="PCH_BIMSoap"/>
<endpoint address="http://localhost:6001/Web/Services/TestService.svc" binding="basicHttpBinding" bindingConfiguration="PCH_AGVSoap" contract="AgilityInterfaces.Test.ITestService" name="ITestService"/>
</client>
<services>
<service name="AgilityInterfaces.Test.TestService" behaviorConfiguration="NamedServiceBehavior">
<endpoint address="" name="AgilityTestService_bs" binding="basicHttpBinding" contract="AgilityInterfaces.Test.ITestService"/>
<endpoint address="" name="AgilityTestService_bs" binding="wsHttpBinding" bindingConfiguration="bs" contract="AgilityInterfaces.Test.ITestService"/>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
<service name="AgilityInterfaces.PCH.Service" behaviorConfiguration="NamedServiceBehavior">
<endpoint address="" name="AgilityInterfacesAGV_ws" binding="wsHttpBinding" bindingConfiguration="ws" contract="AgilityInterfaces.PCH.AGV.PCH_AGVSoap"/>
<endpoint address="bs" name="AgilityInterfacesAGV_bs" binding="wsHttpBinding" bindingConfiguration="bs" contract="AgilityInterfaces.PCH.AGV.PCH_AGVSoap"/>
<endpoint address="" name="AgilityInterfacesBIM_ws" binding="wsHttpBinding" bindingConfiguration="ws" contract="AgilityInterfaces.PCH.BIM.PCH_BIMSoap"/>
<endpoint address="bs" name="AgilityInterfacesBIM_bs" binding="wsHttpBinding" bindingConfiguration="bs" contract="AgilityInterfaces.PCH.BIM.PCH_BIMSoap"/>
<endpoint address="" name="AgilityInterfacesOracle_ws" binding="wsHttpBinding" bindingConfiguration="ws" contract="AgilityInterfaces.PCH.ORACLE.PCH_ORACLESoap"/>
<endpoint address="" name="AgilityInterfacesRTLS_ws" binding="wsHttpBinding" bindingConfiguration="ws" contract="AgilityInterfaces.PCH.RTLS.PCH_RTLSSoap"/>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
<service name="BusinessObjects.Services.GeneralService" behaviorConfiguration="GeneralServiceBehavior">
<endpoint address="ws" name="GeneralService_WS" binding="wsHttpBinding" bindingConfiguration="ws" contract="BusinessObjects.Services.IGeneralService">
<identity>
<dns value="WCFSoap1Server"/>
</identity>
</endpoint>
<endpoint address="cs" name="GeneralService_CS" binding="customBinding" bindingConfiguration="cs" contract="BusinessObjects.Services.IGeneralService">
<identity>
<dns value="WCFSoap1Server"/>
</identity>
</endpoint>
<endpoint address="" name="GeneralService_BS" binding="wsHttpBinding" bindingConfiguration="bs" contract="BusinessObjects.Services.IGeneralService">
<identity>
<dns value="WCFSoap1Server"/>
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="ws">
<security mode="Message">
<message clientCredentialType="None"/>
<message negotiateServiceCredential="false" clientCredentialType="UserName" establishSecurityContext="false"/>
<message clientCredentialType="UserName"/>
<message clientCredentialType="UserName" negotiateServiceCredential="false"
establishSecurityContext="false" algorithmSuite="Default"/>
</security>
<reliableSession enabled="false"/>
</binding>
<binding name="bs">
<security mode="None">
<transport clientCredentialType="None"/>
</security>
<reliableSession enabled="false"/>
</binding>
</wsHttpBinding>
<basicHttpBinding>
<binding name="bssec">
<security mode="None">
<message clientCredentialType="Certificate"/>
</security>
</binding>
<binding name="PCH_AGVSoap"/>
</basicHttpBinding>
<customBinding>
<binding name="cs">
<transactionFlow/>
messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
<security authenticationMode="MutualCertificateDuplex" requireSignatureConfirmation="true" defaultAlgorithmSuite="Basic128" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10" messageProtectionOrder="SignBeforeEncrypt" allowSerializedSigningTokenOnReply="true" requireDerivedKeys="false" securityHeaderLayout="Lax">
<secureConversationBootstrap messageProtectionOrder="SignBeforeEncrypt" messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"/>
</security>
<textMessageEncoding/>
<httpTransport/>
</binding>
</customBinding>
</bindings>
<serviceHostingEnvironment aspNetCompatibilityEnabled="false" multipleSiteBindingsEnabled="true">
<serviceActivations>
<add relativeAddress="Services/TestService.svc" service="AgilityInterfaces.Test.TestService"/>
<add relativeAddress="Services/PCH_AGV.svc" service="AgilityInterfaces.PCH.PCH_AGV"/>
<add relativeAddress="Services/PCH_BIM.svc" service="AgilityInterfaces.PCH.PCH_BIM"/>
</serviceActivations>
</serviceHostingEnvironment>
<diagnostics>
<messageLogging logMessagesAtTransportLevel="true" logMessagesAtServiceLevel="true" logMalformedMessages="true" logEntireMessage="true" maxSizeOfMessageToLog="65535000" maxMessagesToLog="500"/>
</diagnostics>
</system.serviceModel> -->
<!-- WCF System diagnostics configuration -->
<!--<system.diagnostics>
<sources>
<source name="System.ServiceModel" switchValue="Information, ActivityTracing" propagateActivity="true">
<listeners>
<add name="xml"/>
</listeners>
</source>
<source name="System.ServiceModel.MessageLogging">
<listeners>
<add name="xml"/>
</listeners>
</source>
</sources>
<sharedListeners>
<add name="xml" type="System.Diagnostics.XmlWriterTraceListener" initializeData="s:\temp\logfiles\Tracesser-svr.svclog"/>
</sharedListeners>
</system.diagnostics>-->
</configuration>
