HEXAGON

WebGIS Q&A

How to make Consumer Portal working with HTTPS?

- edited (2,135 Views)

Question

How can I configure Consumer Portal layout to work under secured (HTTPS) protocol?

Answer

In order to make Consumer Portal work under secured connections there are few additional configuration settings needed.

Background Information

The Consumer Portal is a lightweight client application and thus requires a server backend service to provide necessary data and search services. There are two backend services used:

Backend
Default Application Pool assigned: BackendAppPool
Location: C:\Program Files\Common Files\Hexagon\Services\AdminInstances\Backend
BackendWMPS
Default Application Pool assigned: BackendWMPSAppPool
Please see comment below how to properly configure this service...

Those backend services use unsecured HTTP protocol by default and this will cause either mixed-content errors or service unavailable errors (depending on IIS settings) when HTTPS Consumer Portal tries to access them.

Solution

To fix this, make copies of the backend services under the secured web site, or simply make sure that you can access them through HTTPS.

This sample request can be used to check if the backend works with HTTPS: https://<server_address>/backend/v2/connection/setcookie

It should respond with a blank page and 200 OK status (e.g. when checking in browser developer console).

Please refer to attached screenshot showing a sample configuration.

Additional Constraints

In default configuration, OSM tiles will throw mixed-content errors in the console, since they use HTTP protocol. Still, they will display.
- You can specify different OSM tile server which supports HTTPS in the <ConsumerInstance>\data\Default_OSM.json file, "services" JSON configuration section.
Only HTTPS services (WMS/WMTS) can be used in such Consumer portal configuration
WMPS won't work as it currently does not support HTTPS

Everyone's Tags:

Rate this article:

Yes No

Comments

Hi Jan,

Would you mind explaining a little bit more?

We following your example, but the site still calles search with url such as http://ygaovm05/BackendWMPS/MapService.svc/v1.0/Stateless/GetFeatures

We also try to change the search url from http to https but it still doesn't work

  "services": [
    {
      "id": "468151e1-3c47-4681-8db3-2d551104cd04",
      "name": "WMPSService",
      "type": "WMPSSearch",
      "url": "https://ygaovm05/BackendWMPS/MapService.svc"
    }
  ],
  "searchables": [
    {
      "id": "02b99838-5c05-4b90-8462-3da6ef3c1cac",
      "name": "ratetype",
      "dataset": "d4b0a432-ecbb-42c7-b5c7-10d30af97c41"
    }
  ]

Appreciate all the help

Kind regards

Permalink

Hi Bob,

I didn't test the BackendWMPS extensively and as pointed in the article, the WMPS service itself doesn't work properly under HTTPS.

BackendWMPS is just a specific variant of WMPS instance. I have seen attempts converting WMPS service to HTTPS and some of them seemed to partially work. Perhaps @fmak gathered some ideas from recent support tickets.

You still should be able to utilize the Oracle search alternative / or it is possible to develop your own search backend using Portal SDK.

Jan

Permalink

Hi guys, I was able to convince WMPS to work under HTTPS protocol by following these steps:

1) Create a copy of BackendWMPS folder (to keep original one for HTTP traffic or just as reference). I gave it a name such as 'BackendWMPSSec'
2) Enable Full control to the cache subfolder as permission settings get lost during copy. Use 'IIS AppPool\BackendWMPSAppPool' user for such.
3) Create a new application in IIS pointing to the new folder. You can use the same AppPool - 'BackendWMPSAppPool'.
4) Make sure that Require SSL is checked in IIS on that service.
5) Make web.config changes to convince WMPS to work under HTTPS (see my config attached).
6) Assign a WMPS search to secured Consumer instance and then change service URL in the Consumer's satellite_asset.json to use HTTPS. For example:

"services": [
{
"id": "43251148-5cfb-4e7b-95dd-902c28fb6d1e",
"name": "WMPSService",
"type": "WMPSSearch",
"url": "https://win2016/BackendWMPS/MapService.svc"
}

7) Both WMPS search and location service should work now.

Permalink

Just a quick note - our local team tried last suggestion and after the change the 'red pin' that has results of search does not show in map. We are still very keen to find a solution as mixing http and https is getting to be harder and harder all the time. Also loose the ability to find user location as that requires site to run under https.

Permalink

Jan,

I am trying to follow your advice on enabling HTTPS for BackendWMPS with a regular 2018 update 1 WMPS to make it work over HTTPS. Using your updated web.config and enabling Require SSL in IIS Manager does result in the WMPS running over HTTPS and it connects fine and displays data on Geospatial Portal but when accessed through Consumer Portal (via HTTP or HTTPS) the HTTPS WMPS layer is not loaded with the message "Layer doesn't support current Coordinate Reference System".

This seems odd as it works fine in Geospatial Portal.

I've cleared .NET cache for the WMPS instance but there was no change to the issue.

Do you have an idea what could be causing this issue?

Thanks,

Colin

Permalink

Users online (122)