I'm looking into a potential integration solution that would use BizTalk 2013 R2 to interact with a SharePoint Online using the Client Side Object Model. However, I want to keep security in mind and so I'm trying to verify that the WSS adapter supports HTTPS. I can't find anywhere in the documentation that states this explicitly, and it will take some effort before I'm capable of testing it out.
Is it sufficient to simply use an https URL with port 443 to configure the WSS adapter to use HTTPS?
What Is the Windows SharePoint Services Adapter?
Permissions to Windows SharePoint Services files, lists, and document libraries are restricted using Windows SharePoint Services security. The messages are sent from Windows SharePoint Services directly into BizTalk Server. The communication between the adapter runtime and the Web service is done over HTTP or HTTPS.
The adapter assumes that the BTSharePointAdapterWS Web service is using the same HTTP scheme (HTTP or HTTPS) as the Windows SharePoint Services site. This means that the adapter will use HTTPS to communicate with the BTSSharePointAdapterWS Web service when the Windows SharePoint Services Site is created on a secure IIS Web site, or it will use HTTP to communicate with the BTSharePointAdapterWS Web service when the Windows SharePoint Services site is created on an IIS Web site without a server certificate.
(Bolding added for emphasis).
Configure the SharePoint Site URL to have https:// and you should not have to specify the port.
Related
I have a ASP.NET core web application (Kestrel) which serves as an authentication service (.NETCoreApp 1.1). Therefore it talks to an OpenID connect provider. It works all fine when the host machine is directly connected to the internet. However if the machine is behind the corporate web proxy of my company it cannot connect to the OpenID connect provider (or any other address in the www).
How do I tell my ASP.NET core web application to use the corporate web proxy server?
Note: I already found some solutions which use web.config but that's no longer present in .NET core 1.1
Firstly, I'm relatively new to Web API / CORS and security implementation.
This question is specifically with regards to security. The Web API houses extremely sensitive data and provides clients with the ability to execute transactions online.
The context :
I have a Web API self hosted as a windows service with a fixed port.
The Web API is sitting behind a firewall / DMZ on an internal network.
The Web API (using CORS) only allows traffic from the external server.
The external server hosts our web site using IIS.
The Web API is making use of Token authentication (bound to client IP to avoid hi-jacking).
Both the external website and internal Web API force the use of SSL.
The problem :
The web page makes ajax calls via javascript to the Web API. However, the Web API is not directly exposed to the internet.
What would the security impact be on having the below setup?
What sort of vulnerabilities would I be exposing my network too by doing so.
Is there a better way of implementing such a setup!?
Eg
User enters https://test.mydomain.com into the browser and is served a page.
ajax call gets made to https://test.mydomain.com/api/test/action
external server routes https://test.mydomain.com/api messages to internal server https://myInternalWebAPI/api/test/action which is not exposed to the public.
So this requires a little bit of leg work, but it's implemented into a production environment so I thought I'd share the solution.
I created a WCF service and a WebAPI.
The primary WCF Service resides on the internal network and contains all the business logic, database connectivity.
The proxy WebAPI mimics the WCF service structure and is exposed to the public.
The proxy WebAPI is called from the client (javascript), the proxy WebAPI then calls the internal server hosting the WCF service and voila, victory.
Windows Server 2003, IIS 6
We have an ASP.Net application, which is accessed using HTTP by customers.
Now one customer wants to access this application, using HTTPS (company security rules).
Can I set up IIS 6, so that I can satisfy both requirements? So that regardless of typing
http://www.foo.com/bar or https://www.foo.com/bar, the users will get the same experience? And those using HTTPS will continue using HTTPS during their ASP.Net session?
I got a web DMZ server, that hosts an "Extranet" ASP.NET application. I want that users should authenticate to this application using the same user and password that they use on their Windows at work. (we are using Active Directory)
I want to know what the best way is -the most secure way - to connect from the DMZ web server to the Active Directory.
For now I saw two possibilities:
- RODC
- LDAP Over SSL (LDAPS)
Are there any other option you recommend? What other options should I consider? Any limitation, or potential problems with any of those solution?
It exist a Microsoft document talking about that :
Active Directory Domain Services in the Perimeter Network (Windows Server 2008)
You can also take inspiration from Microsoft consideration on installing an Exchange Front-end computer into a DMZ
Front-End and Back-End Server Topology Guide for Exchange Server 2003 and Exchange 2000 Server
In our office we have setup TFS for project development. The TFS Server is WIN 2003 server SP2 with VSTFS 2008 and is running fine. Now we need to setup a TFS Proxy server on client site for client to access. Before going for the client setup, I wanted to build and test proxy in our office on a dummy server (will call it Proxy server hereon) by keeping it on a different domain. OS configuration of the Proxy server is the same as TFS server. I have installed and configured TFS proxy on Proxy server to connect to TFS Server. Also we have built trust between the two different domains to enable communication. Now problem is that I am not able to at all connect to TFS server. I am trying to connect from Internet Explorer of proxy server using proxy service account. It gives me error: The page cannot be displayed. HTTP 500 - Internal server error. The page I was browsing was http://tfs:8080/VersionControl/v1.0/ProxyStatistics.asmx.
I think I have done all the required steps correctly to configure proxy as described in MSDN and also TFS installation guide. Here Proxy service account is a member of ‘Team Foundation Valid Users’ group. I am able to connect to TFS Server (specifying port) using Telnet from command prompt on proxy server as suggested by few sites. The TFS server web sites have been configured to use Integration Windows Authentication. Event Logs on both the servers are also not giving any error. Overall I’m not able to get it done.
Any ideas on what might be the problem???
I think the port number for accessing the proxy server is 8081.
I also do not know why you need to install the proxy server on the the client side. You only need the VS200x on the client side I assume but check on
http://msdn.microsoft.com/en-us/library/ms252490(VS.80).aspx?ppud=4