By default, AuthAnvil Password Server has an internal pointer to its service that is only allowed over HTTP. Due to message-level encryption and using our own certificate, this is the default way it is configured. However, if there is a need for HTTPS only, the steps below will configure the AAPS.svc service for HTTPS connections.
If you are trying to connect to the service using a sync agent,
NOTE: DO NOT COPY/PASTE CODE FROM THIS ARTICLE!
Most of the configuration in this document is example code similar to a web.config file, but it may have sections left out of represented by "..." so they will fail when used in production.
WARNING: Back up the AAPS web.config file before proceeding, as there are multiple changes that can cause the server to stop functioning if misconfigured
Make the following changes to C:\Program Files\Scorpion Software\AuthAnvil Password Server\AAPS\web.config
1. (Near line 99) Change <endpoint address="http://.../AAPS.svc"> to HTTPS url (e.g. https://test.scorpionsoft.com/AAPS/AAPS.svc)
2. (Near line 99) Change from original to new code:
ORIGINAL: <endpoint address=".../AAPS.svc" ... bindingConfiguration="BASICHttpBinding_IAAPSService">
NEW: <endpoint address=".../AAPS.svc" ... bindingConfiguration="HTTPSBinding_IAAPSService">
This enables an HTTPS binding for this endpoint connection.
3. (Near line 102) Add the following line after <identity> and before <certificate encodedValue="..." />
where login.scorpionsoft.com is the DNS name for their AuthAnvil web server (for wildcard certificates use their configured DNS name, not *.company.com). It looks up the certificate by DNS value instead of an encoded value.
4. (Near line 103) Comment out the line <certificate encodedValue="..." /> to remove the reference to the MessageLevel certificate identity.
<!-- COMMENT <certificate encodedValue="..." /> END COMMENT -->
5. (Near line 127) Comment out the endpoint binding for BASICHttpBinding_IAAPSService:
<!-- COMMENT <endpoint binding="basicHttpBinding" bindingConfiguration="BASICHttpBinding_IAAPSService" ... /> END COMMENT -->
6. (Near line 140) Find the <serviceMetadata httpGetEnabled="true" /> tag and modify it to reflect the following changes:
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
This enables https metaData and disables the http connection (when you navigate to /AAPS.svc in a browser the metaData is displayed)
Save the web.config file, recycle the AAPS application pool (or run an IISreset) and log in to AAPS to test the connection.
This will all change in v2.1/2.2