We’ve developed some resources to help you work effectively from home during COVID-19 Click to learn more

Support for HTTPS

In this article

    HTTPS is supported in 7.Web and Web Extensions but requires a special setup in IIS.

    Configuring SSL on IIS 7


    First install the SSL public/private key certificate into IIS.

     

    Edit the web site bindings to add HTTPS protocol support to the web site:

     

    Add the HTTPS binding, and select the certificate you installed earlier.

     

    Once the HTTPS protocol is added, you can make it mandatory:

     

    Configuring SSL on IIS 6

    1.       In IIS Manager, double-click the local computer, and then double-click the Web Sites folder.

    2.       Right-click the Web site or file that you want to protect with SSL, and then click Properties.

    3.       Under Web site identification click Advanced.

    4.       In the Advanced Web site identification box, under Multiple identities for this Web site, verify that the Web site IP address is assigned to port 443, the default port for secure communications, and then click OK. Optionally, to configure more SSL ports for this Web site, click Add under Multiple identities of this Web site, and then click OK.

    5.       On the Directory Security or File Security tab, under Secure communications, click Edit.

    6.       In the Secure Communications box, select the Require secure channel (SSL) check box.

    7.       To enable SSL client certificate authentication and mapping features, select the Enable client certificate mapping check box, click Edit, add the 1-to-1 or many-to-1 mappings you need, and then click OK three times.

     

    Web.config changes

    For SuperOffice Web 7.0 and 7.1

    Netserver's Web.config comes with 2 predefined bindings for its webservices. By default the "binding1" is enabled which is used for webservices running over HTTP. If you want to use HTTPS you need to comment out all lines with "binding1" and uncomment lines with "bindingHttps". Don't forget to do this also for Web Extentions and Mail link services. Leave the "mex" endpoint as it is.

    Example:

    HTTP binding:

    <service name="SuperOffice.TrayApp.Server.TrayAppServer" behaviorConfiguration="SoWcfBehavior">
        <endpoint binding="basicHttpBinding" bindingConfiguration="binding1" contract="TrayAppService" />
        <!-- endpoint binding="basicHttpBinding" bindingConfiguration="bindingHttps" contract="TrayAppService" / -->
        <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
    </service>

    changed to HTTPS binding:

    <service name="SuperOffice.TrayApp.Server.TrayAppServer" behaviorConfiguration="SoWcfBehavior">
        <!-- endpoint binding="basicHttpBinding" bindingConfiguration="binding1" contract="TrayAppService" / -->
        < endpoint binding="basicHttpBinding" bindingConfiguration="bindingHttps" contract="TrayAppService" />
        <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
    </service>

     

    For SuperOffice Web 7.5

    If you are running SuperOffice Web 7.5 with SuperOffice authentication you don't need to do any changes in Web.config in order to switch from HTTP to HTTPS. 

    If you want to run SuperOffice Web 7.5 with AD authentication over HTTP or over HTTPS you need to change just 2 lines in Web.config:

    Change from:

    <protocolMapping>
        <add scheme="http" binding="basicHttpBinding" bindingConfiguration="" />
        <add scheme="https" binding="basicHttpBinding" bindingConfiguration="bindingHttps" />
    </protocolMapping>

    Change to:

    <protocolMapping>
        <add scheme="http" binding="basicHttpBinding" bindingConfiguration="WindowsAuth" />
        <add scheme="https" binding="basicHttpBinding" bindingConfiguration="WindowsAuthHttps" />
    </protocolMapping>

     

    For all SuperOffice Web 7 versions

    Also make sure the httpGetEnabled is set to False on production environments. It should be set to True only for development and debugging purposes:

    <behavior>
          <serviceMetadata httpGetEnabled="false" />
          <serviceDebug includeExceptionDetailInFaults="true" httpHelpPageEnabled="true" />
         <dataContractSerializer maxItemsInObjectGraph="6553600" />
    </behavior>