Services (WebAPI, OpenID)

Version 7.1 by Linus Karlsson on 2019/02/06 17:34

General

Please read the recommendations under Preparing the server (Windows 2012 Server R2) and the information about Security before you install IMPACT 15.

Security

It's not recommended to run the OpenId or WebAPI without https (SSL) configured on the internet. If you do that then all traffic including the login and passwords of the user can easily be intercepted by a 3rd party.

Its recommended that the SQL Server cannot be connected too through the internet. If needed then configure the SQL Server to only accept traffic from the OpenId Server and WebAPI.

If you are running on your local intranet you can skip the advanced topics. If you are accessing the services through a VPN to your local network you can also skip the advanced topics.

Windows

Preparing the server (Windows 2012 Server R2)
Install OpenId Server (Windows)
Install WebAPI (Windows)
 

Advanced topics

Https (SSL)

If you are running your servers publicly on the net we recommend getting a valid SSL-certificate from an trusted organisation like Comodo or Gandi (if you are using a provider like Amazon or Azure SSL-certificates can also be obtained through them). Follow the instructions below but remember to remove the unencrypted ports:

If you are using ssl you need to change or add the following to the Web.config in the OpenId server under <appSettings>

<add key="RequireSSL" value="false" />

and set the value to true like this:

<add key="RequireSSL" value="true" />

Local IIS

Install instructions for certificates in IIS 8 (external link)
Install instructions for certificates in IIS 7 (external link)

Using Azure, Amazon or other third party with load balancer

Please follow the instructions for the provider. Remember to add the settings for the load balancer as below in the recommended way for the provider.

Using an load balancer or portf orwarder

If you are using an ip/url other than the one to the one assigned to the OpenId Server you need to add/edit the Web.config file under <AppSettings>

<add key="PublicOrigin" value="theUrlOrIp:optionalPort"/>

examples:

<add key="PublicOrigin" value="https://strusoft.com"/>
or
<add key="PublicOrigin" value="https://strusoft.com:234"/>
or
<add key="PublicOrigin" value="https://strusoft.com/OpenIdServer"/>
or
<add key="PublicOrigin" value="https://strusoft.com/OpenIdServer:234"/>
or
<add key="PublicOrigin" value="127.0.0.1"/>
or
<add key="PublicOrigin" value="127.0.0.1:234"/>
or
<add key="PublicOrigin" value="127.0.0.1/OpenIdServer"/>
or
<add key="PublicOrigin" value="127.0.0.1/OpenIdServer:234"/>