OWIN Web API server
OwinWebApiServerModule
This module is used to configure the HTTP/HTTPS endpoint that is opened by Inventory Server. The following table details some notable properties.
propertyName | Description |
|---|---|
UseStrictTransportSecurityHeader | Enter as a response header when SSL is enabled. By default this value is true. |
StrictSecurityTransportHeaderMaxAge | When UseStrictTransportSecurityHeader is enabled, this is the maximum time, in seconds, that a connection will be maintained via HTTPS. By default, this value is 100. |
StrictSecurityTransportHeaderPreload | If true, HTTP links are turned into HTTPS links before a data connection is established. By default this value is true. |
StrictSecurityTransportHeaderIncludeSubDomains | If true, subdomains will be included. By default this value is false. |
UseErroneousServerBehavior | For internal use only. Do not change this value. |
UseContentSecurityPolicyHeader | It protects the server against cross-site scripting attacks. By default, this setting is enabled. |
Note
HTTP Strict Transport Security is an opt-in security enhancement through use of a special response header. The specification for this enhancement is released and published by Internet Engineering Task Force. The entire specification is found here: datatracker.ietf.org/doc/rfc6797/?include_text=1.
<ModuleConfiguration>
<Module typeName="OwinWebApiServerModule">
<Setter propertyName="BaseAddress">"https://*:8443"</Setter>
<Setter propertyName="ApiEndpoint">"https://api.aleb-lab.local:8444"</Setter>
<Setter propertyName="AltBaseAddresses">["http://*:8080"]</Setter>
<Setter propertyName="RequireClientCertificate">false</Setter>
<Setter propertyName="IsVerbose">false</Setter>
<Setter propertyName="LogScopeName">"master"</Setter>
<Setter propertyName="SiteNameAuthenticationList">null</Setter>
<Setter propertyName="ClientCertificateThumbprints">null</Setter>
<Setter propertyName="UseErroneousServerBehavior">false</Setter>
<Setter propertyName="UseContentSecurityPolicyHeader">true</Setter>
<Setter propertyName="ServiceUnavailableProbability">1.0</Setter>
<Setter propertyName="InternalServerErrorProbability">1.0</Setter>
<Setter propertyName="MaxRequestMessageSize">67108864</Setter>
<Setter propertyName="MaxConcurrentRequestCount">null</Setter>
<Setter propertyName="UseStrictTransportSecurityHeader">true</Setter>
<Setter propertyName="StrictSecurityTransportHeaderMaxAge">100</Setter>
<Setter propertyName="StrictSecurityTransportHeaderPreload">true</Setter>
<Setter propertyName="StrictSecurityTransportHeaderIncludeSubDomains">false</Setter>
</Module>
</ModuleConfiguration>