Webserver Configuration¶
You can configure the web server in the Internet Information Services (IIS) Manager. You can find the IIS-Manager by the following steps:
Windows Server 2016: Open the Server Manager, then navigate to .
Windows 10: Press and search for inetmgr.
Configure the Application Identity¶
The IIS application pool identity is the user account under which a web application pool’s work process is executed. By default, a special virtual account called ApplicationPoolIdentity is used for this purpose, which provides a secure and isolated environment with restricted permissions for each application pool. However, in an Active Directory environment, this default account may not have all the necessary group permissions to authenticate users when they log in to SpaceObServer Web Access. If an error message with PrincipalOperationException appears in the event log when an AD user logs in, the identity of the application pool can be configured to use a service account with the necessary permissions:
tokenGroups
sAMAccountName
userPrincipalName
objectSid
displayName
distinguishedName
memberOf
member (on groups)
Open the Advanced Settings of the IIS Application Pool (spaceobserver_apppool) to configure the correct user account under Identity.
Add an URL to access SpaceObServer Web Access¶
Here you can find the steps how to add an custom URL or IP-address to access SpaceObServer Web Access in your browser.
Start the IIS-Manager.
In the left pane of the IIS-Manager, navigate to the site SpaceObServer Web Access and open the context menu via right-click.
In the context menu, select Edit Bindings…. The Site Bindings window appears.
The web page is accessible via all the addresses listed in the Site Bindings window. Press the Add button to add a new URL or IP-address.
Close the IIS-Manager.
Now SpaceObServer Web Access is accessible via your new added address.
Connect the web server with the installation folder of SpaceObServer Web Access¶
Start the IIS-Manager.
In the left pane of the IIS-Manager, navigate to the site SpaceObServer Web Access and open the context menu via right-click.
In the context menu, select . The Advanced Settings window appears.
In the Advanced Settings window, change the Physical Path to the installation path of SpaceObServer Web Access. The default path is
INSTALLATIONPATH.Close the window via the OK button.
In the right pane, in the section Manage Website, select Restart to restart the web site.
Now the site SpaceObServer Web Access is bound to the installed data.
HTTPS-Configuration (recommended)¶
Important
You should activate SSL encryption for SpaceObServer Web Access in the IIS Manager to ensure encrypted data exchange. For production use, configure a domain certificate. For testing, you can use a self-signed certificate.
Option 1: Domain-Certificate¶
1.2 Import Certificate to Windows Certificate Store¶
Open Microsoft Management Console (mmc.exe)
Add Certificates snap-in for Local Computer
Navigate to
Right-click and select
Import the certificate file (
.pfxor.crtwith private key)
Option 2: Self-Signed Certificate¶
2.1 Create Self-Signed Certificate¶
Open IIS Manager
Select server name in left panel
Double-click Server Certificates
Click Create Self-Signed Certificate in Actions panel
Enter friendly name (e.g., SpaceObServer Web Access)
Select Web Hosting certificate store
Click OK
Configure HTTPS Binding¶
Right-click on the Web Access site
Select Edit Bindings
Click Add button
Configure binding:
Type:
httpsIP Address: All Unassigned (or specific IP)
Port:
443Host name: Your server’s FQDN (e.g.,
webaccess.company.com)SSL Certificate: Select your certificate in dropdown menu
Configure SSL Settings¶
Select your Web Access site in IIS Manager
Double-click SSL Settings
Check Require SSL
Select client certificate requirements:
Ignore: No client certificates required
Accept: Optional client certificates
Require: Mandatory client certificates
Click Apply