Enabling HTTPS for the LEADTOOLS Medical Viewer and Service on IIS

HTTPS (HTTP over SSL/TLS) security is a requirement for many web applications. When properly implemented, HTTPS ensures that the traffic received was really sent from the expected endpoint, protecting the client and server. When a web application is secured via HTTPS, all resources, including web services, must also be secure. Fortunately, HTTPS support is ubiquitous and most of the plumbing is already in place. However, because HTTPS requires a machine-specific certificate, HTTPS is not enabled in the LEADTOOLS Medical Viewer and Service by default.

Adding HTTPS Support to the Service Hosted on IIS

Perform the following steps to add HTTPS support to the Medical Viewer and Service:

1. Create a self-signed certificate -OR- Obtain an SSL (Secure Sockets Layer) certificate

2. Add IIS binding to the certificate you obtained

3. In IIS, configure the SSL settings for the virtual directory of the web service

4. Configure the web.config file to a secure binding

More detail about each step follows.

Obtain an SSL Certificate

There are two methods that can be used to obtain a certificate, as follows:

• Create a certificate signed by an internal or domain Certificate Authority (CA). These certificates are usually trusted across the domain, but the IT department may need to be involved and it is possible that your organization may not have an internal CA. Although each client running the host will still need a machine-specific SSL certificate, some equipment (like scanners) could be shared. The drawback is that the certificate is only trusted on the machine on which the certificate is created.

• Purchase an SSL certificate from an external trusted authority such as Symantec (VeriSign), Thawte, or GoDaddy. This has the same benefits as a domain certificate, but does not require a domain certificate authority. The drawback is that this is the most expensive (and possibly prohibitive), option.

Create a Self-Signed Certificate

There are many resources on the Internet that explain each option described above in more detail. For information about creating a self-signed certificate, refer tohttps://docs.microsoft.com/en-us/dotnet/framework/wcf/feature-details/how-to-configure-an-iis-hosted-wcf-service-with-ssl, and search for "Create a Self-Signed Certificate".

这种op的优点tion is that it is free, making it a popular choice for development and internal deployments. The drawback is that the certificate is only trusted on the machine that created it.

Perform the following steps to create a self-signed certificate:

1. Open the Internet Information Services Manager (inetmgr.exe), and select your computer name in the left-hand tree view. On the right-hand side of the screen select Server Certificates, as shown in the following figure:

   

2. 在e Server Certificates features view, click the Create Self-Signed Certificate action, as shown in the following figure:

   

3. 在e Create Self-Signed Certificate dialog, enter a friendly name for the self-signed certificate and click OK. See the following figure.

   

   The newly created self-signed certificate details are now shown in the Server Certificates window, as shown in the following figure:

   

   The generated certificate is installed in the Trusted Root Certification Authorities store.

Add SSL Binding to the Certificate

1. Still in the Internet Information Services Manager, expand the Sites folder and then the Default Web Site folder in the tree view on the left-hand side of the screen.

2. Click the Bindings…. Link in the Actions section in the upper-right-hand portion of the window, as shown in the following figure:

   

3. 在e Site Bindings window, click the Add button, as shown in the following figure:

   

4. 在e Add Site Binding dialog, select "https" for the type and the friendly name of the self-signed certificate you just created. The dialog is shown in the following figure:

   

Configure a Virtual Directory for SSL

1. Still in the Internet Information Services Manager, select the virtual directory containing your WCF secure service.

2. 在e center pane of the window, select SSL Settings in the IIS section, as shown in the following figure:

   

3. 在e SSL Settings Features View, select theRequire SSLcheck box and click theApplyaction in theActionssection on the right-hand-side of the window, as shown in the following figure:

   

Configure WCF Service for HTTP Transport Security

1. Update theweb.configfile for theMedicalViewerService, update each endpoint declaration (except for theLeadtools.Medical.WebViewer.Wcf.AnnotationsService) with a new bindingConfiguration attribute, as follows:

   1. If the endpoint hasbindingConfiguration="HandleLargeData", change it tobindingConfiguration = " SSLHandleLargeData "

      name=“Leadtools.Medical.WebViewer.Wcf.PatientAccessRightsService"behaviorConfiguration="WebViewerServiceBehavior"><端点address=""binding="webHttpBinding"bindingConfiguration="SSLHandleLargeData"contract=“Leadtools.Medical.WebViewer.ServiceContracts.IPatientAccessRightsService"behaviorConfiguration="WebViewerServiceBehavior">

   2. If the endpoint hasbinding="webHttpBinding"and has nobindingConfigurationdefined, addbindingConfiguration="SSLBinding".

      name=“Leadtools.Medical.WebViewer.Wcf.ObjectQueryService"behaviorConfiguration="WebViewerServiceBehavior"><端点address=""binding="webHttpBinding"bindingConfiguration="SSLBinding"contract=“Leadtools.Medical.WebViewer.ServiceContracts.IPatientAccessRightsService"behaviorConfiguration="WebViewerServiceBehavior">

   3. Change all:

      <端点address="mex" binding="mexHttpBinding">

      to

      <端点address="mex" binding="mexHttpsBinding">

2. Update all of the.svcfiles in theMedicalViewerServiceto remove the highlightedFactoryattribute.

   Original:

   <% @ServiceHost Language=C# Debug="true"Factory="System.ServiceModel.Activation.WebServiceHostFactory"Service="Leadtools.Medical.WebViewer.Wcf.ArchiveQueryService" CodeBehind="ArchiveQueryService.cs"%>

   Updated:

   <% @ServiceHost Language=C# Debug="true" Service="Leadtools.Medical.WebViewer.Wcf.AnnotationsService" CodeBehind="AnnotationsService.cs"%>