Configure SSL Security

View and verify the site bindings for AVEVA NET Workhub and Dashboard site for SSL security. All the underlying sites inherit the security properties from the parent website. You may use SSL and run AVEVA NET Gatekeeper and AVEVA Change Manager on HTTPS on defined individual ports. To verify whether an SSL certificate is configured for AVEVA NET Workhub and Dashboard, click View and check if the site bindings for the required port are configured. The default ports for HTTP and SSL are 80 and 443, respectively. However, you may configure a port that is available to you.

To configure:

1. Navigate to Internet Information Service (IIS) Manager.

2. Select Default Web Site from the website list in IIS under which the AVEVA NET Gatekeeper and AVEVA Change Manager sites are configured.

3. Click Bindings from the Actions panel list.

4. Click Add and provide the required values.

5. Click OK.

For more information, see the SSL security-related section of the AVEVA NET Workhub and Dashboard Installation Guide. The following is the default HTTPS configuration:

To configure SSL secure ports:

6. Open the Custom.xml file from the following default application paths for each of the application:

   C:\WDA.Applications\TechInfo Manager\5.0.11\Gatekeeper\Customer\WebSite\Dictionary\Custom\Custom.xml

   C:\WDA.Applications\TechInfo Manager\5.0.11\ChangeManager\Customer\WebSite\Dictionary\Custom\Custom.xml

   For example, if the application site runs on HTTP using port 80, then configure the settings as follows:

   <Item name="HttpRequest.Default">
   <Culture>
   <ports>
   <unsecure>80</unsecure>
   </ports>
   <files>
   <file name="*" secure="false" />
   </files>
   </Culture>
   </Item>

   Alternatively, if the application site runs on HTTPS using port 443, then configure the information in the Securing ASP .NET Session Cookies and HTTP to HTTPS Redirection sections as follows after you configure the settings:

   <Item name="HttpRequest.Default">
   <Culture>
   <ports>
   <secure>443</secure>
   </ports>
   <files>
   <file name="*" secure="true" />
   </files>
   </Culture>
   </Item>

7. Open the Web.config file of AVEVA Change Manager and update the <binding name="TIM.WebSite.AjaxServices.AutoCompleteAspNetAjaxBinding" .../> setting in the auto-complete service configuration section as follows:

   <binding name="TIM.WebSite.AjaxServices.AutoCompleteAspNetAjaxBinding" maxReceivedMessageSize="10485760" maxBufferPoolSize="10485760">
   <security mode="Transport" />
   </binding>

Securing ASP .NET Session Cookies

To restrict AVEVA NET Gatekeeper or AVEVA Change Manager from sending user-related information in text, secure the ASP .NET session cookie by adding <httpCookies requireSSL="true" /> into the <system.web …/> section in the web.config file. For example:

<system.web>

...

<httpCookies requireSSL="true" />

…

</system.web>

HTTP to HTTPS Redirection

To enforce the policy enabling AVEVA NET Gatekeeper or AVEVA Change Manager to serve secure traffic over HTTPS, HTTP to HTTPS redirection is recommended. To raise a security level, configure redirection as part of application configuration. This will make sure that all incoming requests get redirected from HTTP to HTTPS appropriately. Ensure that the IIS URL Rewrite extension is installed, and then, update the web.config file by specification of the following rule within the <system.webServer ../> section.

<system.webServer>
...
<rewrite>
<rules>
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{REQUEST_URI}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
...
</system.webServer>