This page explains how to use Microsoft IIS to run the platform services.

On this page:


Microsoft IIS

If IIS is already installed when you install our platform, you will not be able to install our embedded web server (TWebServices).

The platform software will run without the web server. Most engineering and runtime tools of the platform run without needing to install our TWebServer or doing any IIS configuration. TWebServices is necessary for remotely accessing project configurations and serving runtime web pages. 

If you want to enable remote engineering access and web clients using IIS, you need to install some of the platform's services in IIS. This page explains how to install these services in IIS.

The explanation is for IIS 7.x, but other versions should be similar.

IIS is also necessary when you want to run the Runtime as a Windows Service and still be able to provide web pages, iPad clients, and remote engineering.

You are going to install three services inside IIS:

  • TProjectServer, which allows you to remotely access your project configurations.
  • TWebClient/TSmartClient, which allows remote access to runtime displays. Use the instructions below to configure IIS.

Installation Procedure

This procedure was executed on Windows 7 x64, with IIS 7.5. With older operating systems and versions of IIS, this procedure may be slightly different, such as defining a Virtual Directory instead of Add Application.

  • Check if IIS is installed and running. For instance, by trying to open HTML.
  • Enable .NET and .Svc Handlers for the WCF Service.

For IIS 7.x:

If IIS was installed after installing .NET Framework, you must run and verify the procedure described on IIS Hosted Service Fails by Microsoft, which is used to run the following programs using the command prompt as Administrator:

aspnet regiis –i –enable (from the .NET Framework installation directory*)

A message in the command prompt will show that the installation succeed.

ServiceModelReg.exe -r (from the .NET Framework installation directory*)

You can check if the installation succeed by observing the message in the command prompt.

Usually, the .NET Framework installation directory is: 

C:\Windows\Microsoft.NET\Framework\v4.0.30319, or

C:\Windows\Microsoft.NET\Framework64\v4.0.30319 (for x64 Windows)

For IIS 8.0:

1. Go to Program and Features → Turn Windows features on or off.

Turn Windows features on or off option.

2. Enable the ASP.NET 4.5 option (Internet Information Services → World Wide Web Services → Application Development Features):


3. Enable the HTTP Activation option (.NET Framework 4.8 Advanced Services → WCF Activation)


For .NET Framework versions newer than 4.5, the ASP.NET will be different (the same as the Framework version), but the configuration remains the same.


4. Check if the extension .svc is mapped to aspnet isapi.dll (The msdn.microsoft website on the previous link explains how to do this for many IIS versions.)

You can check if the extension is mapped on Default Web Site


5. From within the FactoryStudio installation folder, run the utility:

InstallTWebServer.exe /uninstall

• This will remove the default TWebServer installation.

Use the command prompt to remove TWebServer installation

6. Before configuring any application for IIS, it is recommended to check if IIS is working. To do so, open Sites, right-click Default Web Site and select Edit Permission, and check if it is linked to the wwwroot folder.

wwwroot Properties

7. Go to Actions (under Browse Web Site), click the link associated with *:80(http)

The option can be found on the right of the Default Web Site Home page.


• A default IIS image should open on your browser.

IIS Welcome Page


8. After making sure the IIS is working, open Sites, right-click Default Web Site, select Add Application..., and configure the information for the services:

Right-click Default Web Site to find Add Application... option


TProjectServer:

  • Alias: TProjectServer
  • Physical Path: C:\Program Files\<Replace by the Installation folder>
  • Application Pool: Configure any pool based to .NET 0. Example: ASP.NET v4.0.

Add Application settings

You should set “Everyone” access to at least read.

You must allow the “<ComputerName> IIS IUSRS“ user to read and write on the directories of the projects.

Example: For C:\FrameworX\Solutions\<ComputerName>\IIS_IUSRS, the user must be included in the security permissions for reading and writing (full control) on the “C: FrameworX” directory, and you must ensure that all subdirectories (Solutions, Settings, etc.) inherit these permissions.


9. On IE, use the ”http://localhost/tprojectserver/service.svc” url to check if the service was correctly installed. This should show a page with information about the service.


TWebClient/TSmartClient:

  • Alias: fx10.
  • Physical Path: <installation folder>
  • Application Pool: Configure any pool based to .NET 0. Example: ASP.NET v4.0.

Edit Application options

You should set “Everyone” access to at least read.


10. On IE, test the “http://localhost/<ALIAS>/service.svc” url to check if the service was correctly installed. This should show a page with information about the service.

11. Go to MIME Types, and create the following MIME Type:

Edit MIME Type options

• Anonymous Authentication must be enabled for the services.

Enabling Anonymous Authentication option


12. Go to Compression module.

Compression option

• If it is not installed, you may see this yellow alert on the right side.

Alerts window

• If so, go to Server Manager → Roles → Web Server and check your installed Roles under Role Services. If Dynamic Compression is not installed, click Add Roles and install it.

Checking installed Roles

• You can go back to Compression module for your site and ensure Dynamic Compression is checked. At this point, Dynamic Compression should be set up, but you must be specific about what MimeTypes will be compressed.


13. Back to IIS Manager, go to the page for the SERVER — not the SITE. Click Configuration Editor.

14. From the drop-down list, select system.webServer/httpCompression.

Configuration Editor optionsConfiguration Editor button

15. Click Dynamic Types. In the list editor, add "application/json".

IIS must be restarted after configuring the services.


After you have completed all steps above, the IIS configuration for HTTP access is completed.

If you want to configure a HTTPS connection as well, follow the next steps.


How to Set Up SSL on IIS 

The steps for configuring Secure Sockets Layer (SSL) for a site are the same in IIS 7, IIS 6.0, and higher. These steps include:

  • Get an appropriate certificate.
  • Create an HTTPS binding on a site.
  • Test by making a request to the site.
  • Optionally configure SSL options by making SSL a requirement.

Obtain a Certificate

There are two options for the server certificate:

  • Acquiring a paid certificate that will ensure your web security.
  • Generating a self-signed certificate that will only be used for testing purposes.

We do not recommend using a self-signed certificate in final project deployment.

If you choose to use the self-signed certificate, follow the next steps.

1. Select the server node in the tree view and double-click Server Certificates.

Server Certificates button

2. Click Create Self-Signed Certificate... in the Actions pane.

Actions panel can be found on the right side.

3. Enter a friendly name for the new certificate and click OK.

Now, you have a self-signed certificate. The certificate is marked for Server Authentication use, which means it uses a server-side certificate for HTTP SSL encryption and for authenticating the server identity.

Create an SSL Binding

1. Select a site in the tree view and click Bindings... in the Actions panel.

• This brings up the Bindings Editor that allows you to create, edit, and delete bindings for your Web site.

2. Click Add... to add your new SSL binding to the site.

Site Binding options

• The default settings for a new binding are set to HTTP on Port 80.

3. Select https in the Type drop-down list and select the self-signed certificate you created in the previous section from the SSL Certificate drop-down list. Then, click OK.

Add Site Binding options

• Now, you have a new SSL binding on your site and all that remains is to check if it works.

Check if the options were included successfully

Check the SSL Binding

1. On the Actions pane, under Browse Web Site, click the link associated with the binding you just created.

Actions panel can be found on the right side

Internet Explorer 7 and above will display an error page because the self-signed certificate was issued by your computer, not by a trusted Certificate Authority (CA). Internet Explorer 7 and above will trust the certificate if you add it to the list of Trusted Root Certification Authorities in the certificates store on the local computer or in Group Policy for the domain.


2. Click on Continue to this website (not recommended).

Certificate error message


NOTE

The self-signed certificate should only be used for local development. Microsoft Internet Explorer does not trust self-signed certificates by default for security reasons.


However, for testing propose, you need to follow the steps below:

  1. Browse to your page (e.g. https://localhost:443) in Internet Explorer, which should use your self-signed SSL certificate. You should be greeted by an error message saying your certificate is not trustworthy.
  2. Click Continue to this website (not recommended).
  3. Click Certificate error in the address bar, and click View certificates.
  4. Click Install Certificate.
  5. Click Place all certificates in the following store, and click Browse. Do not rely on the preselected option to automatically select the certificate store as this will not work!
  6. Inside the dialog box, click Trusted Root Certification Authorities, and click OK.
  7. Finish the dialog.
  8. When you get a security warning, click Yes to trust the certificate.
  9. Reload your page, and the certificate should be working fine now. If the error persist, replace localhost in the url with the UserName the certificate was issued to. E.g.: https://WMSvc-ALEXISE3LH:443.

Inssued To field on Server Certificates

Configure SSL Settings

Configure SSL settings if you want your site to require SSL or to interact in a specific way with client certificates.

1. Click the site node in the tree view to go back to the site’s home page.

2. Double-click the SSL Settings feature in the middle panel.

SSL Settings


Enable Web Client to use SSL Settings

 SmartClients Only

  • Open the Web.config file in Windows. The files are located in:

    C:\ProgramFiles (x86)\Tatsoft\FactoryStudio
    C:\ProgramFiles (x86)\Tatsoft\FactoryStudio\fs-2014.1\

  • You will find some comments regarding what command lines are used for HTTP.  So, you will need to comment out the HTTP lines and uncomment the HTTPS ones.
Example
<!-- If using HTTP then Security Mode is None by default -->
<security mode="None" />
<!-- If using HTTP then Security Mode can use Windows Authentication -->
<!--
<security mode="Transport">
<transport clientCredentialType="Windows"/>
</security>
-->
<!-- If using HTTPS then Security Mode is Transport -->
<!--
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
-->

Replace with:

<!-- If using HTTP then Security Mode is None by default
<security mode="None" />
-->
<!-- If using HTTP then Security Mode can use Windows Authentication -->
<!--
<security mode="Transport">
<transport clientCredentialType="Windows"/>
</security>
-->
<!-- If using HTTPS then Security Mode is Transport -->

<security mode="Transport">
<transport clientCredentialType="None"/>
</security>


Repeat this procedure throughout the xml file. See "How to Set Up SSL on IIS 7" by Microsoft for more information.


WebClients (HTML5) Only

If using https to access a WebClient (HTML5), you must inform the application the correct port number for this connection.

To do so, create a shortcut of the TStartup.exe application, or launch the command prompt from the installation folder (fs-xx.x). Add the project and html5port parameters as indicated in the image.

TStartup.exe shortcut properties



Common Errors

Internet Explorer Security Settings

Error message


If you get an error message like the image above, it might be related to your Browser security settings. Microsoft's automatic updates of Internet Explorer may change some defaults on .NET support, which may cause your browser to have disabled XAML browser based applications.

To check this issue, go to Internet Options → Security → Custom level... in Internet Explorer and make sure the XAML browser applications in .NET Framework section is enabled.

Make sure that the XAML browser based applications is set to Enable on the .NET Framework section,

Internet Explorer options


Missing File

If the error message you get is something like the following image, the problem might be related to some files being missing from the installation folder. To check it, go to your products installation folder and search for that file.

If you do not find it, you should uninstall the product, and install it again.

Cannot Start Application error message

Binaries Modified

If the error message you get is something like the image below, the problem might be related to some files being missing from the installation folder. To check it, go to your products installation folder and search for that file.

If you do not find it, you should uninstall the product, and install it again.

Error message related to product binaries being modified

Firewall blocking

It is quite common for a firewall to prevent remote access to the application. So, before accessing remotely, try to open a local copy of the browser locally on the server.

Run the server and the client on the same computer before trying to remotely access the application.

http://localhost/fs-2014.2/TWebClient.Xbap or http://127.0.0.1/fs-2014.2/TWebClient.Xbap

Or, run the server and the client with another Port number. For example, 1234.

http://localhost/fs-2014.2:1234/TWebClient.Xbap or http://127.0.0.1:1234/fs-2014.2/TWebClient

Insufficient User Permissions

If you are unable to launch the client and the error message is different from the ones above, the user currently logged into the system might not have the necessary permissions to access the files through an HTTP or HTTPS connection.

To overcome this, launch the Command Prompt as an Administrator and execute the following commands:

For port used in HTTP (in this example 80)

netsh http add urlacl url=http://+:80/thtml5/+ sddl=D:(A;;GX;;;IU) For port used in HTTPS (in this example 4430)
netsh http add urlacl url=https://+:4430/thtml5/+ sddl=D:(A;;GX;;;IU)

In this section...

  • No labels