Skip to main content

OWIN Web API server

OwinWebApiServerModule

This module is used to configure the HTTP/HTTPS endpoint that is opened by Inventory Server. The following table details some notable properties.

propertyName

Description

UseStrictTransportSecurityHeader

Enter as a response header when SSL is enabled. By default this value is true.

StrictSecurityTransportHeaderMaxAge

When UseStrictTransportSecurityHeader is enabled, this is the maximum time, in seconds, that a connection will be maintained via HTTPS. By default, this value is 100.

StrictSecurityTransportHeaderPreload

If true, HTTP links are turned into HTTPS links before a data connection is established. By default this value is true.

StrictSecurityTransportHeaderIncludeSubDomains

If true, subdomains will be included. By default this value is false.

UseErroneousServerBehavior

For internal use only. Do not change this value.

UseContentSecurityPolicyHeader

It protects the server against cross-site scripting attacks. By default, this setting is enabled.

Note

HTTP Strict Transport Security is an opt-in security enhancement through use of a special response header. The specification for this enhancement is released and published by Internet Engineering Task Force. The entire specification is found here: datatracker.ietf.org/doc/rfc6797/?include_text=1.

Example 32.
<ModuleConfiguration>
    <Module typeName="OwinWebApiServerModule">
      <Setter propertyName="BaseAddress">"https://*:8443"</Setter>
      <Setter propertyName="ApiEndpoint">"https://api.aleb-lab.local:8444"</Setter>
      <Setter propertyName="AltBaseAddresses">["http://*:8080"]</Setter>
      <Setter propertyName="RequireClientCertificate">false</Setter>
      <Setter propertyName="IsVerbose">false</Setter>
      <Setter propertyName="LogScopeName">"master"</Setter>
      <Setter propertyName="SiteNameAuthenticationList">null</Setter>
      <Setter propertyName="ClientCertificateThumbprints">null</Setter>
      <Setter propertyName="UseErroneousServerBehavior">false</Setter>
      <Setter propertyName="UseContentSecurityPolicyHeader">true</Setter>
      <Setter propertyName="ServiceUnavailableProbability">1.0</Setter>
      <Setter propertyName="InternalServerErrorProbability">1.0</Setter>
      <Setter propertyName="MaxRequestMessageSize">67108864</Setter>
      <Setter propertyName="MaxConcurrentRequestCount">null</Setter>
      <Setter propertyName="UseStrictTransportSecurityHeader">true</Setter>
      <Setter propertyName="StrictSecurityTransportHeaderMaxAge">100</Setter>
      <Setter propertyName="StrictSecurityTransportHeaderPreload">true</Setter>
      <Setter propertyName="StrictSecurityTransportHeaderIncludeSubDomains">false</Setter>
    </Module>
</ModuleConfiguration>