Enabling HTTPS for the LEADTOOLS Medical Viewer and Service on IIS

HTTPS (HTTP over SSL/TLS) security is a requirement for many web applications. When properly implemented, HTTPS ensures that the traffic received was really sent from the expected endpoint, protecting the client and server. When a web application is secured via HTTPS, all resources, including web services, must also be secure. Fortunately, HTTPS support is ubiquitous and most of the plumbing is already in place. However, because HTTPS requires a machine-specific certificate, HTTPS is not enabled in the LEADTOOLS Medical Viewer and Service by default.

Adding HTTPS Support to the Service Hosted on IIS

Perform the following steps to add HTTPS support to the Medical Viewer and Service:

  1. Create a self-signed certificate -OR- Obtain an SSL (Secure Sockets Layer) certificate

  2. Add IIS binding to the certificate you obtained

  3. In IIS, configure the SSL settings for the virtual directory of the web service

  4. Configure the web.config file to a secure binding

More detail about each step follows.

Obtain an SSL Certificate

There are two methods that can be used to obtain a certificate, as follows:

Create a Self-Signed Certificate

There are many resources on the Internet that explain each option described above in more detail. For information about creating a self-signed certificate, refer to https://docs.microsoft.com/en-us/dotnet/framework/wcf/feature-details/how-to-configure-an-iis-hosted-wcf-service-with-ssl, and search for "Create a Self-Signed Certificate".

The advantage of this option is that it is free, making it a popular choice for development and internal deployments. The drawback is that the certificate is only trusted on the machine that created it.

Perform the following steps to create a self-signed certificate:

  1. Open the Internet Information Services Manager (inetmgr.exe), and select your computer name in the left-hand tree view. On the right-hand side of the screen select Server Certificates, as shown in the following figure:

    Internet Information Services Manager
  2. In the Server Certificates features view, click the Create Self-Signed Certificate action, as shown in the following figure:

    The Create Self-Signed Certificate Action
  3. In the Create Self-Signed Certificate dialog, enter a friendly name for the self-signed certificate and click OK. See the following figure.

    The Create Self-Signed Certificate Dialog

    The newly created self-signed certificate details are now shown in the Server Certificates window, as shown in the following figure:

    The Server Certificates Features View

    The generated certificate is installed in the Trusted Root Certification Authorities store.

Add SSL Binding to the Certificate

  1. Still in the Internet Information Services Manager, expand the Sites folder and then the Default Web Site folder in the tree view on the left-hand side of the screen.

  2. Click the Bindings…. Link in the Actions section in the upper-right-hand portion of the window, as shown in the following figure:

    The Bindings Action
  3. In the Site Bindings window, click the Add button, as shown in the following figure:

    The Add Button
  4. In the Add Site Binding dialog, select "https" for the type and the friendly name of the self-signed certificate you just created. The dialog is shown in the following figure:

    The Add Site Binding Dialog

Configure a Virtual Directory for SSL

  1. Still in the Internet Information Services Manager, select the virtual directory containing your WCF secure service.

  2. In the center pane of the window, select SSL Settings in the IIS section, as shown in the following figure:

    SSL Settings
  3. In the SSL Settings Features View, select the Require SSL check box and click the Apply action in the Actions section on the right-hand-side of the window, as shown in the following figure:

    The Require SSL Check Box

Configure WCF Service for HTTP Transport Security

  1. Update the web.config file for the MedicalViewerService, update each endpoint declaration (except for the Leadtools.Medical.WebViewer.Wcf.AnnotationsService) with a new bindingConfiguration attribute, as follows:

    1. If the endpoint has bindingConfiguration="HandleLargeData", change it to bindingConfiguration="SSLHandleLargeData"
      <service  
          name="Leadtools.Medical.WebViewer.Wcf.PatientAccessRightsService"  
          behaviorConfiguration="WebViewerServiceBehavior"> 
          <endpoint  
              address=""  
              binding="webHttpBinding" 
              bindingConfiguration="SSLHandleLargeData" 
              contract="Leadtools.Medical.WebViewer.ServiceContracts.IPatientAccessRightsService" 
              behaviorConfiguration="WebViewerServiceBehavior"> 
          </endpoint> 
      </service> 
    2. If the endpoint has binding="webHttpBinding" and has no bindingConfiguration defined, add bindingConfiguration="SSLBinding".
      <service  
          name="Leadtools.Medical.WebViewer.Wcf.ObjectQueryService"  
          behaviorConfiguration="WebViewerServiceBehavior"> 
          <endpoint  
              address=""  
              binding="webHttpBinding" 
              bindingConfiguration="SSLBinding" 
              contract="Leadtools.Medical.WebViewer.ServiceContracts.IPatientAccessRightsService" 
              behaviorConfiguration="WebViewerServiceBehavior"> 
          </endpoint> 
      </service> 
    3. Change all:
      <endpoint address="mex" binding="mexHttpBinding">
      to
      <endpoint address="mex" binding="mexHttpsBinding">
  2. Update all of the .svc files in the MedicalViewerService to remove the highlighted Factory attribute.

    Original:

    <% @ServiceHost Language=C# Debug="true" Factory="System.ServiceModel.Activation.WebServiceHostFactory" Service="Leadtools.Medical.WebViewer.Wcf.ArchiveQueryService" CodeBehind="ArchiveQueryService.cs"%>

    Updated:

    <% @ServiceHost Language=C# Debug="true" Service="Leadtools.Medical.WebViewer.Wcf.AnnotationsService" CodeBehind="AnnotationsService.cs"%>

Configure Web Client for HTTP Transport Security

In the MedicalWebViewer\Scripts\config.ts & config.js, configure the service URLs to use https instead of http

serviceUrl: "http://local....

Becomes

serviceUrl: "https://local

Conclusion

Enabling HTTPS support is an important first step in bridging the gap between secured browser applications and the desktop. However, HTTPS is not enabled by default because a machine-specific certificate is required to encrypt the connection. Fortunately, the steps required can be performed easily and without necessarily having to purchase a certificate.

Help Version 20.0.2018.9.25
Products | Support | Contact Us | Copyright Notices
© 1991-2018 LEAD Technologies, Inc. All Rights Reserved.

LEADTOOLS Medical Web Viewer