logo
Welcome Guest! To enable all features, please Login or Register.

Notification

Icon
Error

HOW TO: Enable HTTPS for LEADTOOLS Medical Viewer Service on IIS

Options
View
Last Go to last post Unread Go to first unread post
Previous Topic Next Topic
#1 Posted : Tuesday, November 7, 2017 1:39:55 PM(UTC)

Anthony Northrup  
Anthony Northrup

Groups: Registered, Tech Support, Administrators
Posts: 199

Was thanked: 28 time(s) in 28 post(s)

Overview

HTTPS (HTTP over SSL/TLS) security is a requirement for many web applications. When properly implemented, HTTPS ensures that the traffic received was really sent from the expected endpoint, protecting the client and server. When a web application is secured via HTTPS, all resources, including web services, must also be secure. Fortunately, HTTPS support is practically ubiquitous and most of the plumbing is already in place. However, HTTPS requires a machine-specific certificate, which is why HTTPS is not enabled in the LEADTOOLS Medical Viewer Service by default.

Add HTTPS Support to the Service hosted on IIS

Adding HTTPS support to the Medical Viewer Service requires the following steps:

  1. Obtain an SSL certificate
    -OR-
    Create a self-signed certificate (best for testing and development)

  2. Add IIS binding to the certificate you have

  3. Configure SSL settings in IIS for the virtual directory of the web service

  4. Configure web.config to a secure binding


Obtain an SSL certificate

Options are:

  • Create a certificate signed by an internal or domain Certificate Authority (CA). These certificates are usually trusted across the domain, but the IT department might need to be involved and it is possible that your organization does not have an internal CA. Still, each client that will be running the host will need a machine-specific SSL certificate, but it could allow users to share a scanner.

  • Purchase an SSL certificate from an external trusted authority such as Symantec (VeriSign), Thawte, or GoDaddy. This has the same benefits as a domain certificate, but does not require a domain certificate authority. The drawback is that this is the most expensive option, which could be prohibitive.

There are many resources on the Internet that explain each of the options described above in more detail.

Create a self-signed certificate

Source: https://msdn.microsoft.com/en-us/library/hh556232(v=vs.110).aspx

The drawback of this option is that the certificate is only trusted on the machine the certificate is created. This means that the web application calling the service will only work on that computer. However, for development and internal deployments, it is hard to beat the cost (nothing).

  1. Open Internet Information Services Manager (inetmgr.exe), and select your computer name in the left-hand tree view. On the right-hand side of the screen select Server Certificates

    IIS - Server Certificates

  2. In the Server Certificates window click the Create Self-Signed Certificate…. Link.

    Create Self-Signed Certificate

  3. Enter a friendly name for the self-signed certificate and click OK.

    Specify Friendly Name

    The newly created self-signed certificate details are now shown in the Server Certificates window.

    Server Certificates

    The generated certificate is installed in the Trusted Root Certification Authorities store.

Add SSL Binding

  1. Still in Internet Information Services Manager, expand the Sites folder and then the Default Web Site folder in the tree view on the left-hand side of the screen.

  2. Click the Bindings…. Link in the Actions section in the upper right hand portion of the window.

    Edit Bindings

  3. In the Site Bindings window click the Add button.

    Add Site Binding

  4. In the Add Site Binding dialog, select https for the type and the friendly name of the self-signed certificate you just created.

    Specify Binding Type and Certificate

Configure Virtual Directory for SSL

  1. Still in Internet Information Services Manager, select the virtual directory that contains your WCF secure service.

  2. In the center pane of the window, select SSL Settings in the IIS section.

    SSL Settings

  3. In the SSL Settings pane, select the Require SSL checkbox and click the Apply link in the Actions section on the right hand side of the screen.

    Require SSL

Configure WCF Service for HTTP Transport Security

  1. In the WCF service’s web.config configure the HTTP binding to use transport security, you need to visit every service and modify 2 attributes:

    1. Modify service binding configuration to become either SSLBinding or SSLHandleLargeData (if the service had HandleLargeData as a bindingConfiguration)

    2. Modify meta data endpoint to be https, rename mexHttpBinding to mexHttpsBinding


Example 1:

Code:

<service name="Leadtools.Medical.WebViewer.Wcf.AuthenticationService" behaviorConfiguration="WebViewerServiceBehavior">
    <endpoint address="" binding="webHttpBinding" contract="Leadtools.Medical.WebViewer.ServiceContracts.IAuthenticationService" behaviorConfiguration="WebViewerServiceBehavior" [h]bindingConfiguration="SSLBinding"[/h]>
    </endpoint>
    <endpoint address="mex" [h]binding="mexHttpsBinding"[/h] contract="IMetadataExchange" />
</service>


Example 2:

Code:

<service name="Leadtools.Medical.WebViewer.Wcf.StoreService" behaviorConfiguration="WebViewerServiceBehavior">
    <endpoint address="" binding="webHttpBinding" contract="Leadtools.Medical.WebViewer.ServiceContracts.IStoreService" behaviorConfiguration="WebViewerServiceBehavior" bindingConfiguration="SSLHandleLargeData"/>
    <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
</service>


Conclusion

Enabling HTTPS support is an important first step in bridging the gap between secured browser applications and the desktop. However, HTTPS is not enabled by default because a machine-specific certificate is required to encrypt the connection. Fortunately, the steps required can be done easily and without the need to purchase a certificate.

Edited by user Wednesday, November 8, 2017 10:08:35 AM(UTC)  | Reason: Not specified

Anthony Northrup
Developer Support Engineer
LEAD Technologies, Inc.

LEAD Logo
 

Try the latest version of LEADTOOLS for free for 60 days by downloading the evaluation: https://www.leadtools.com/downloads

Wanna join the discussion? Login to your LEADTOOLS Support accountor Register a new forum account.
Back to top  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

Powered by YAF.NET | YAF.NET © 2003-2024, Yet Another Forum.NET
This page was generated in 0.129 seconds.