Introduction
Securing the KnowledgeLake Management Service in CSPro can help keep document content secure when indexing and uploading documents. In order to do this, we will be using the URL Rewrite and Application Request Routing plugins for IIS. These can both be downloaded from Microsoft through the following links:
https://www.iis.net/downloads/microsoft/url-rewrite
https://www.iis.net/downloads/microsoft/application-request-routing
NOTE: If you would like assistance with this, please submit a request with the KnowledgeLake Support Team as this is an advanced configuration setting.
Implementation
Setting up URL Rewrite
- Download both plugins shown above on the CSPro server
- Create a new folder in your inetpub directory where Web Applications is located (C:\inetpub\wwwroot\KnowledgeLake by default) - Name this folder "Management Service"
- Open IIS on the CSPro server, and select the server name on the left pane of IIS, and double-click "Server Certificates" in the main window.
- In the pane on the right, click "Create Self-Signed Certificate..." and continue through to prompts to create the certificate
- Create a new site by right-clicking the Sites folder on the left panel:
- Site Name: Management Service
- Click "Select..." next to Application Pool and select the "Web Applications" app pool
- Physical Path: Folder path created in step 2
- Type: https
- Port: Any unused port (we usually use 4312)
- SSL certificate: choose certificate created in step 4 if using self-signed certificate
- Click OK
- Select the newly created site, and double-click "URL Rewrite" in the main panel
- Click "Add Rule(s)..." in the right pane, and double-click "Reverse Proxy" and accept the warning message
- Inbound Rules: Enter server name as noted in the certificate being used, along with the original Management Service port (7212 by default). For example: "howardcspro.howardce.local:7212"
- Check the box under "Outbound Rules". Leave the From entry the same, and enter the To with just the server name as stated in the certificate. For Example: "howardcspro.howardce.local", and click OK
Changing CSPro Apps web.config File and Re-Save Endpoint
- Open a text editor on the server as an administrator
- Open the web.config file located in the web applications install folder (C:\inetpub\wwwroot\KnowledgeLake\Web Applications\web.config by default)
- In the area labeled <!-- Services--> you will need to change the following 3 key entries:
FROM:
<add key="CoreServiceUrlFormat" value="http://{0}:{1}/coreservice/CoreService" />
<add key="MonitorServiceUrlFormat" value="http://{0}:{1}/coreservice/MonitorService" />
<add key="MTOMServiceUrlFormat" value="http://{0}:{1}/coreservice/CoreService/MTOM" />
TO:
<add key="CoreServiceUrlFormat" value="https://{0}:{1}/coreservice/CoreService" />
<add key="MonitorServiceUrlFormat" value="https://{0}:{1}/coreservice/MonitorService" />
<add key="MTOMServiceUrlFormat" value="https://{0}:{1}/coreservice/CoreService/MTOM" />
4. Scroll down to the <bindings> node of the file, and change the following 2 entries:
FROM:
<binding name="MTOMServiceBinding" messageEncoding="Mtom" openTimeout="00:10:00" closeTimeout="00:10:00" receiveTimeout="00:10:00" sendTimeout="00:10:00" maxReceivedMessageSize="2147483647" maxBufferPoolSize="2147483647">
<readerQuotas maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxDepth="2147483647" maxNameTableCharCount="2147483647" maxStringContentLength="2147483647" />
<security mode="None" />
</binding>
<binding name="CoreServiceBinding" openTimeout="00:05:00" closeTimeout="00:05:00" receiveTimeout="00:05:00" sendTimeout="00:05:00" maxReceivedMessageSize="2147483647" maxBufferPoolSize="2147483647">
<readerQuotas maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxDepth="2147483647" maxNameTableCharCount="2147483647" maxStringContentLength="2147483647" />
<security mode="None" />
</binding>
TO:
<binding name="MTOMServiceBinding" messageEncoding="Mtom" openTimeout="00:10:00" closeTimeout="00:10:00" receiveTimeout="00:10:00" sendTimeout="00:10:00" maxReceivedMessageSize="2147483647" maxBufferPoolSize="2147483647">
<readerQuotas maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxDepth="2147483647" maxNameTableCharCount="2147483647" maxStringContentLength="2147483647" />
<security mode="Transport" />
</binding>
<binding name="CoreServiceBinding" openTimeout="00:05:00" closeTimeout="00:05:00" receiveTimeout="00:05:00" sendTimeout="00:05:00" maxReceivedMessageSize="2147483647" maxBufferPoolSize="2147483647">
<readerQuotas maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxDepth="2147483647" maxNameTableCharCount="2147483647" maxStringContentLength="2147483647" />
<security mode="Transport" />
</binding>
5. Save the web.config file and close the text editor
6. Perform an IIS reset on the CSPro machine
7. Navigate to your CSPro apps page, and click on the Configuration app
8. Click "Endpoints" on the left panel, change the port number next to the Management Service from its original port to the port chosen for the URL rewrite web app (Step 5 of first implementation section)
Comments
0 comments
Please sign in to leave a comment.