LEADTOOLS Support
Medical
Medical SDK Examples
HOW TO: Enable HTTPS for LEADTOOLS Medical Viewer Service on IIS
#1
Posted
:
Tuesday, November 7, 2017 1:39:55 PM(UTC)
Groups: Registered, Tech Support, Administrators
Posts: 199
Was thanked: 28 time(s) in 28 post(s)
OverviewHTTPS (HTTP over SSL/TLS) security is a requirement for many web applications. When properly implemented, HTTPS ensures that the traffic received was really sent from the expected endpoint, protecting the client and server. When a web application is secured via HTTPS, all resources, including web services, must also be secure. Fortunately, HTTPS support is practically ubiquitous and most of the plumbing is already in place. However, HTTPS requires a machine-specific certificate, which is why HTTPS is not enabled in the LEADTOOLS Medical Viewer Service by default.
Add HTTPS Support to the Service hosted on IISAdding HTTPS support to the Medical Viewer Service requires the following steps:
- Obtain an SSL certificate
-OR-
Create a self-signed certificate (best for testing and development)
- Add IIS binding to the certificate you have
- Configure SSL settings in IIS for the virtual directory of the web service
- Configure web.config to a secure binding
Obtain an SSL certificateOptions are:
- Create a certificate signed by an internal or domain Certificate Authority (CA). These certificates are usually trusted across the domain, but the IT department might need to be involved and it is possible that your organization does not have an internal CA. Still, each client that will be running the host will need a machine-specific SSL certificate, but it could allow users to share a scanner.
- Purchase an SSL certificate from an external trusted authority such as Symantec (VeriSign), Thawte, or GoDaddy. This has the same benefits as a domain certificate, but does not require a domain certificate authority. The drawback is that this is the most expensive option, which could be prohibitive.
There are many resources on the Internet that explain each of the options described above in more detail.
Create a self-signed certificateSource: https://msdn.microsoft.com/en-us/library/hh556232(v=vs.110).aspxThe drawback of this option is that the certificate is only trusted on the machine the certificate is created. This means that the web application calling the service will only work on that computer. However, for development and internal deployments, it is hard to beat the cost (nothing).
- Open Internet Information Services Manager (inetmgr.exe), and select your computer name in the left-hand tree view. On the right-hand side of the screen select Server Certificates
- In the Server Certificates window click the Create Self-Signed Certificate…. Link.
- Enter a friendly name for the self-signed certificate and click OK.
The newly created self-signed certificate details are now shown in the Server Certificates window.
The generated certificate is installed in the Trusted Root Certification Authorities store.
Add SSL Binding
- Still in Internet Information Services Manager, expand the Sites folder and then the Default Web Site folder in the tree view on the left-hand side of the screen.
- Click the Bindings…. Link in the Actions section in the upper right hand portion of the window.
- In the Site Bindings window click the Add button.
- In the Add Site Binding dialog, select https for the type and the friendly name of the self-signed certificate you just created.
Configure Virtual Directory for SSL
- Still in Internet Information Services Manager, select the virtual directory that contains your WCF secure service.
- In the center pane of the window, select SSL Settings in the IIS section.
- In the SSL Settings pane, select the Require SSL checkbox and click the Apply link in the Actions section on the right hand side of the screen.
Configure WCF Service for HTTP Transport Security
- In the WCF service’s web.config configure the HTTP binding to use transport security, you need to visit every service and modify 2 attributes:
- Modify service binding configuration to become either SSLBinding or SSLHandleLargeData (if the service had HandleLargeData as a bindingConfiguration)
- Modify meta data endpoint to be https, rename mexHttpBinding to mexHttpsBinding
Example 1:
Code:
<service name="Leadtools.Medical.WebViewer.Wcf.AuthenticationService" behaviorConfiguration="WebViewerServiceBehavior">
<endpoint address="" binding="webHttpBinding" contract="Leadtools.Medical.WebViewer.ServiceContracts.IAuthenticationService" behaviorConfiguration="WebViewerServiceBehavior" [h]bindingConfiguration="SSLBinding"[/h]>
</endpoint>
<endpoint address="mex" [h]binding="mexHttpsBinding"[/h] contract="IMetadataExchange" />
</service>
Example 2:
Code:
<service name="Leadtools.Medical.WebViewer.Wcf.StoreService" behaviorConfiguration="WebViewerServiceBehavior">
<endpoint address="" binding="webHttpBinding" contract="Leadtools.Medical.WebViewer.ServiceContracts.IStoreService" behaviorConfiguration="WebViewerServiceBehavior" bindingConfiguration="SSLHandleLargeData"/>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
</service>
ConclusionEnabling HTTPS support is an important first step in bridging the gap between secured browser applications and the desktop. However, HTTPS is not enabled by default because a machine-specific certificate is required to encrypt the connection. Fortunately, the steps required can be done easily and without the need to purchase a certificate.
Edited by user Wednesday, November 8, 2017 10:08:35 AM(UTC)
| Reason: Not specified
Anthony Northrup
Developer Support Engineer
LEAD Technologies, Inc.
LEADTOOLS Support
Medical
Medical SDK Examples
HOW TO: Enable HTTPS for LEADTOOLS Medical Viewer Service on IIS
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.