Hexagon Geospatial
MENU

WebGIS

Need a push in the right direction when configuring WebMap, Portal or SDI services? Looking for hints and tips, or just looking for Ideas and information? The WebGIS discussion board is where you start those discussions, connect and share information.
Showing results for 
Search instead for 
Do you mean 
Reply
Frequent Contributor
Posts: 145
Registered: ‎02-17-2016

HTTPS Portal and services

We are looking again at implementing HTTPS for a Geospatial Portal and all the connected web services from WebMap, as well as having authenticated access to the web services. The Portal will have it's own login page.

Has anyone implemented HTTPS for all web services into a HTTPS Portal? Did you have any issues? Can the HTTPS Portal be configured via AdminPortal?  Do the certificiates for HTTPS have to be 'proper' or can you use self signed? Thanks, 

Frequent Contributor
Posts: 145
Registered: ‎02-17-2016

Re: HTTPS Portal and services

This will potentially include a WMPS service as well. 

Regular Contributor
Posts: 185
Registered: ‎08-10-2016

Re: HTTPS Portal and services

 

Experiencing the same problem. I can access the Admin console via HTTPS after following this guide but on running the web services and portal application they default back to HTTP. On enforcing https by manually typing it in the url of the web service or portal i get a resource not found error!

 

Hope someone can chip in and help.

Regular Contributor
Posts: 185
Registered: ‎08-10-2016

Re: HTTPS Portal and services

I think I have found a solution....for the web services, i have not tested with the portal yet. Edit the web.config file and locate the following:

<serviceBehaviors>
        <behavior name="SDIProFacadeInterfaceBehavior">
          <!--If you plan on using SSL, please switch httpsGetEnabled below to true-->
          <serviceMetadata httpGetEnabled="true" httpGetUrl="" httpsGetEnabled="true" httpsGetUrl="" />
          <serviceDebug includeExceptionDetailInFaults="true" />
        </behavior>
      </serviceBehaviors>

Change httpsGetEnabled to true

 

<webHttpBinding>
        <binding name="webHttpBinding">
          <!-- If you wish to run the service over HTTPS transport change the mode from None to Transport -->
          <security mode="Transport">
            <transport clientCredentialType="None" />
          </security>
        </binding>
      </webHttpBinding>
      <basicHttpBinding>
        <binding name="basicHttpBinding">
          <!-- If you wish to run the service over HTTPS transport change the mode from None to Transport -->
          <security mode="Transport">
            <transport clientCredentialType="None" />
          </security>
        </binding>
      </basicHttpBinding>

Change the security mode to Transport

 

Am not quite sure if this is the ideal solution but it worked for me. 

Staff
Posts: 609
Registered: ‎11-12-2015

Re: HTTPS Portal and services

[ Edited ]

I've only every used self-signed certificates and they work for me.

 

If instance configuration is necessary after securing the Admin Console the Portal Instances should be set to HTTPS as well to match that of the Admin Console or else there will be a binding mismatch between the Portal Instance (HTTP) and the AdminService of Administration Console (HTTPS) as it is needed for configuration.

 

I've tried matching the web.config serviceBehaviors of the Portal instance to that of the web.config of the services (as in Elvon example previous) but had no success.

I was able to achieve the same end via IIS with following configuration which may help this discussion

***Assumes secured Admin Console set to Basic Auth

 

 

AdminService of AdminPortal of AdminConsole set to allow ‘anonymous’ auth

 

Portal Instance set to Basic Auth (also works if set to Anonymous)

 

Portal instance set to Require SSL

 

Portal instance AdminService allow ‘Anonymous’

 

 

 

Staff
Posts: 609
Registered: ‎11-12-2015

Re: HTTPS Portal and services

Ive only had success with self signed certificate as I haven't tried any other method.

 

After securing the Admin Console (HTTPS) there will be a binding mismatch with Portal instance (HTTP) when attempting to configure the instance. These must match as instance configuration utilizes the AdminService of the Admin Console.

I have tried to match these using serviceBehaviors (as in Elvon example previous) in web.config of Portal instance without success.

 

I was able to match the bindings with following configuration (essentially same thing as for service) via IIS. It may help this discussion.

***Assumes secured AdminConsole with Basic Auth

 

Capture.PNG

Capture.PNG

Frequent Contributor
Posts: 145
Registered: ‎02-17-2016

Re: HTTPS Portal and services

Applying this to a WMPS service that has HTTPS required does not resolve the issue I have in that the service does not run from the AdminConsole. 

Staff
Posts: 609
Registered: ‎11-12-2015

Re: HTTPS Portal and services

[ Edited ]

Have you set httpsGetEnabled="true" in service behavior of WMPS?

It would be helpful to see your web.config for the WMPS so we can see for sure what is configured.

Frequent Contributor
Posts: 145
Registered: ‎02-17-2016

Re: HTTPS Portal and services

[ Edited ]

Ok, so I had a typo in my WMPS Web.Config - the service does now return however there is a mix of http:// and https:// in teh response, see attached.

 

Also, I still cannot configure a HTTPS portal via AdminConsole. The Admin Console Service log shows -

 

2017-07-13 11:50:41,384 [10] ERROR ErrorHandler [(null)] - The service encountered an unhandled exception
System.ServiceModel.Security.SecurityNegotiationException: Could not establish trust relationship for the SSL/TLS secure channel with authority 'swi-sgiv-gm22'. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

Staff
Posts: 609
Registered: ‎11-12-2015

Re: HTTPS Portal and services

The http/https mix is likely tied to the binding settings and I would need to have a closer look before providing a meaningful response.

 

 

The configuration of the Portal instance that brings about the trust relationship message is likely tied to the site binding for 443 and it should be reviewed for 'Host Name' setting. Is the 'hostname alias' option from Admin Console in use here?

 

 

In either case to better assist you, might I suggest that you open a support ticket(s) with details describing your workflow and your observations/results.  There are many variables (IIS settings, web.config parameters, etc.) in this case and it may be tough to provide an effective answer without a more focused investigation of the root cause.

Do you need immediate support?
If you encounter a critical issue and need immediate assistance please submit a Service Request through our Support Portal.