FactoryStudio and IIS

Overview

When installing Factory Studio, if IIS is located, you will not be able to install our embedded web server (TWeb- Server.exe).

The FactoryStudio software will run without the web server, except by remotely accessing project configurations and serving runtime web pages; all other FactoryStudio engineering and runtime tools run without needing to install our TWebServer or to do any IIS configuration.

If you want to enable remote engineering access and the web clients using IIS, you need to install some FactoryS- tudio services in IIS. This Technical Note is the explanation of how to install those services in IIS, currently we have the description for IIS 7.x., but other versions should be similar.

Another scenario where IIS is necessary is when you want to run the RUNTIME as a Windows Service, and still be able to provide web pages, iPad clients and remote engineering.

You are going to install three services inside IIS, one service is TProjectServer which allows you to remotely access your project configurations. Another service is TWebClient/TSmartClient which allows remote access to runtime displays. Use the following step-by-step instructions to configure IIS. Finally the iDataPanel is the service to provide data to iOS devices

Installation Procedure

This procedure was executed on Windows 7, x64, with IIS 7.5. With older versions of operating system and IIS, the procedure can be slightly different, like defining a “Virtual Directory” instead of “Add Application”.

• Verify if IIS is installed and running, for instance, trying to open HTML
• Enable Net and .Svc Handlers for the WCF Service.

For IIS 7.x:

If IIS was installed after the installation of the .NET Framework it is necessary to run and verify a procedure as described on http://msdn.microsoft.com/en-us/library/ms752252.aspx which is to run the following programs using the command prompt as Administrator:

”aspnet regiis –i –enable” (from the .NET Framework installation directory*)

”ServiceModelReg.exe” -r (from the .NET Framework installation directory*)

For IIS 8.0

Go to Program and Features, choose “Turn Windows features on or off“.

Enable the ASP.NET 4.5 option (Internet Information Services > World Wide Web Services > Application Devel- opment Features > ASP.NET 4.5:

Enable the HTTP Activation option (under .Net Framework 4.5 Advanced Services)

Verify if the extension ”.svc” is mapped to the folder is mapped to ”aspnet isapi.dll” (the msdn.microsoft site, on previous link, it is explained how to verify that for the many IIS versions)

From within the Factory Studio installation folder, run the utility:

InstallTWebServer.exe /uninstall

which will remove the default TWebServer installation.

Before configuring the applications for IIS, it is recommended a verification to validate if it is working. To do so, open ”Sites/Default Web Site/Edit Permission” and check if it is linked to wwwroot folder.

If so, then in the Actions pane, under Browse Web Site, click the link associated with *:80(http).

A default IIS image should open on your browser.

After making sure the IIS is working, open ”Sites/Default Web Site/Add Application” and configure the information for the services:

TProjectServer:

• Alias: TProjectServer.
• Physical Path: C: Program Files Tatsoft FactoryStudio // -> VERIFY and correct to the Factory Studio installation
• Application Pool: Configure any pool based to .NET 0. Example: ASP.NET v4.0.

On IE, use the url ”http://localhost/tprojectserver/service.svc” in order to verify if the service was correctly installed. That should show a page with information about the service.

TWebClient/TSmartClient:

• Alias: fs-2014.1.
• Physical Path: C: Program Files Tatsoft FactoryStudio-2014.1 // → FactoryStudio installation folder.
• Application Pool: Configure any pool based to .NET 0. Example: ASP.NET v4.0.

On IE, test the url “http://localhost/fs-2014.1/service.svc” in order to verify the service was correctly installed. It should show a page with information about the service.

Go to MIME Types and create the following MIME Type:

iDataPanel Service

• Alias: iDataPanel.
• Physical Path: C: Program Files Tatsoft FactoryStudio fs-2014.1 // -> FactoryStudio folder
• Application Pool: Configure any pool based to .NET 0. Example: ASP.NET v4.0.

iDataPanelImages (Virtual Directory)

• Alias: iDataPanelImages
• Physical Path: C:\FactoryStudio\Projects\iDataPanelImages

“Anonymous Authentication” must be enabled for the services.

Go to the Compression module.

There’s check boxes, but it’s not installed you may see this yellow alert on the right side.

If it’s not installed, go to the Server Manager, Roles, Web Server. Under Role Services, check your installed Roles. If Dynamic Compression isn’t installed, click Add Roles and install it.

You can go back to compression for your site and ensure Dynamic Compression is checked. At this point, Dynamic Compression should be setup, but you really need to be specific about what MimeTypes will be com- pressed.

Back in IIS Manager, go to the page for the SERVER, not the SITE. Click on Configuration Editor:

From the dropdown, select system.webServer/httpCompression:

Then click on Dynamic Types and now that you’re in the list editor. Add application/json as seen below.

At this moment the IIS configuration for HTTP access is completed.

If you want to configure a HTTPS connection as well, then follow the next steps.

How to Set Up SSL on IIS 

The steps for configuring Secure Sockets Layer (SSL) for a site are the same in IIS 7 and above and IIS 6.0, and include the following:

[a)]Get an appropriate certificate. Create an HTTPS binding on a site. Test by making a request to the site. Optionally configure SSL options, that is, by making SSL a requirement.

Obtain a Certificate

For the server certificate, you have two options.

[1)]The first is to acquire a paid certificate, that will ensure your web security. The second one is to generate a self-signed certificate, that will be used for testing purposes only. We do not recommend using a self-signed certificate in a final project deployment.

If you choose to use the self-signed one, then follow the next steps.

Select the server node in the treeview and double-click the Server Certificates feature in the listview:

Click Create Self-Signed Certificate... in the Actions pane.

Enter a friendly name for the new certificate and click OK.

Now you have a self-signed certificate. The certificate is marked for ”Server Authentication” use, that is, it uses as a server-side certificate for HTTP SSL encryption and for authenticating the identity of the server.

Create an SSL Binding

Select a site in the tree view and click Bindings... in the Actions pane. This brings up the bindings editor that lets you create, edit, and delete bindings for your Web site. Click Add... to add your new SSL binding to the site.

The default settings for a new binding are set to HTTP on port 80. Select https in the Type dropdown list. Select the self-signed certificate you created in the previous section from the SSL Certificate drop-down list and then click OK.

Now you have a new SSL binding on your site and all that remains is to verify that it works.

Verify the SSL Binding

In the Actions pane, under Browse Web Site, click the link associated with the binding you just created.

Click Continue to this website (not recommended).

*IMPORTANT: The self-signed certificate should be used only for local development. Microsoft Internet Explorer do not trust self-signed certificates by default for security reasons. However, for testing propose, you need to follow steps below:

1. Browse to your page (e.g. https://localhost:443) in Internet Explorer which should use your self- signed SSL certificate. You should be greeted by an error message saying your certificate is not trustworthy.
2. Click “Continue to this website”.
3. Click on “Certificate error” in the address bar, and then click “View certificates”.
4. Click “Install Certificate”.
5. Click “Place all certificates in the following store”, and then click “Browse”. Do not rely on the preselected option to automatically select the certificate store as this will not work!
6. Inside the dialog box, click “Trusted Root Certification Authorities”, and then click “OK”.
7. Finish the dialog.
8. When you get a security warning, click “Yes” to trust the certtificate.
9. Reload your The certificate should be working fine now. If the error persist, replace ”localhost” in the url with the UserName the certificate was Issued To. E.g.: https://WMSvc-ALEXISE3LH:443.

Configure SSL Settings

Configure SSL settings if you want your site to require SSL, or to interact in a specific way with client certificates. Click the site node in the tree view to go back to the site’s home page. Double-click the SSL Settings feature in the middle pane.

Enable Web Client to use SSL Settings

 SmartClients Only

• Open “Web.config” file in Windows The files are located in:
  

  C:\ProgramFiles (x86)\Tatsoft\FactoryStudio
  C:\ProgramFiles (x86)\Tatsoft\FactoryStudio\fs-2014.1\

• You will find some comments regarding what command lines are used for HTTP or So, you will need to comment out the HTTP lines, and uncomment the HTTPS ones.

<!-- If using HTTP then Security Mode is None by default -->
<security mode="None" />
<!-- If using HTTP then Security Mode can use Windows Authentication -->
<!--
<security mode="Transport">
<transport clientCredentialType="Windows"/>
</security>
-->
<!-- If using HTTPS then Security Mode is Transport -->
<!--
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
-->

Replace with:

<!-- If using HTTP then Security Mode is None by default
<security mode="None" />
-->
<!-- If using HTTP then Security Mode can use Windows Authentication -->
<!--
<security mode="Transport">
<transport clientCredentialType="Windows"/>
</security>
-->
<!-- If using HTTPS then Security Mode is Transport -->

<security mode="Transport">
<transport clientCredentialType="None"/>
</security>

Repeat this procedure throughout the xml file.

WebClients (HTML5) Only

If using https to access a WebClient (HTML5), you must inform the application the correct port number to be used in this connection.

To do so, create a shortcut of the TStartup.exe application, or launch the command prompt from the installation folder (fs-xx.x). Add the project and html5port parameters as indicated in the image.

Common Errors

 Internet Explorer Security Settings

If you get an error message as the image above, it might be related to your Browser security settings. Microsoft automatic updates of Internet Explorer may change some defaults on .NET support. That may cause you browser to have disabled XAML browser based applications.

In order to verify that open the ”Internet Options” of Internet Explorer, and navigate as described at the image below.

Make sure that on .NET Framework section, the XAML browser based applications is set to Enable.

Missing File

If you the error message you get is something like the following:

Then, the problem might be related to some files being missing from the installation folder. To check that, go to your products Installation folder and search for that file.

If you don’t find it, you should uninstall the product, and install it again.

Binaries Modified

If you the error message you get is something like the following:

Then, the problem might be related to some files from the product’s installation folder are differing from the default ones. So, you have two options going forward:

• Find out what files were modified, and restore them to their original configurations.
• Uninstall the product, and install it again.

Firewall blocking

It is quite common to have firewall preventing the remote access of the application. So, before accessing remotely, try to open a local copy of the browser locally at the server.

That means run the server and the client at the same computer, before trying the remote access.

http://localhost/fs-2014.2/TWebClient.Xbap or http://127.0.0.1/fs-2014.2/TWebClient.Xbap

or with another Port number, example, for instance 1234

http://localhost/fs-2014.2:1234/TWebClient.Xbap or http://127.0.0.1:1234/fs-2014.2/TWebClient

Insufficient User Permissions

If you are unable to launch the client and the error message is different from the ones above, the current user logged in the system might not have the necessary permissions to access the files through an HTTP or HTTPS connection.

To overcome that, launch the Command Prompt as an Administrator and execute the following commands:

For port used in HTTP (in this example 80)

netsh http add urlacl url=http://+:80/thtml5/+ sddl=D:(A;;GX;;;IU) For port used in HTTPS (in this example 4430)
netsh http add urlacl url=https://+:4430/thtml5/+ sddl=D:(A;;GX;;;IU)