Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Introduction

Basic

The PadConnectorManager (manager) is a service that helps solving a problem that occurs in multi user systems. In desktop machines there is only 1 active user possible, this means we only need in PadConnector instance. This instance is on a default port and is connect with one signature pad. By default the Pad Connector is running as a service, which means even a user switch is possible.

In a Multi User Environment, there are multiple Users, websessions and signature Pads which is raising the questions “How to connect the correct pad to the websession?”.

The answer is that each user account has it´s own PadConnector Instance which is running on a different port and this is connected with the specific signature pad from the user. Additional we need a manager (PadConnectorManager) which mediated between the different PadConnector Instances and the web sessions.

The PadConnectorManager is a small IIS application which needs to be running on the same system.

Authentication

The PadConnectorManager runs in IIS with Anonymous and Windows authentication enabled. With the windows authentication, it is possible to know the Windows user (WinUser) of a website visitor.

Visiting /winUser?token=rieToken with the webbrowser

tells the manager the WinUser. Note the token parameter.

The authentication step gives the tuple

  • token,

  • WinUser

to the manager.

Registration

On a Windows Server, the PadConnector is automatically installed to work with the PadConnectorManager. Each PadConnector is run as startup entry when its corresponding Windows user logs on.
Since the PadConnector runs in the user's context, it knows the WinUser. It asks the manager for a port range and tries to bind to a port in that range.


In case of success it gives the tuple 

  • WinUser,

  • port

to the manger.

Connection

When webSignatureOffice connects to the default port of the PadConnector, it gets the feedback that the PadConnectorManager is begin used and has to request the specific user port.

Installation

Download

Download the PadConnectorManager https://www.stepoverinfo.net/download.php?file=PadConnectorManager-1.0.0.zip and extract it on the server ( for example inside the inetpub folder).

Requirements

The PadConnectorManager is an ASP.NET Core application that has to be hosted by IIS. To install it in IIS, some Windows features and modules may be required.

The PadConnector also requires the Windows Authentication roll of the IIS. You can install this feature with the Server Manager. It listed in the Server Roles list under “Web Server (IIS) / Security / Windows Authentication”, make sure this option is enabled, otherwise the IIS doesn´t return the user account name and a linking to the user specific port is not possible.

You also need to install the SignSocket.StepOver.com certificate for the HTTPS communication. You can download it under https://www.stepoverinfo.net/signsocket.stepover.com.pfx . After the download double-click on the signsocket.stepover.com.pfx and select as storage location the “local maschine”. Confirm the Import in the next step and use the password “signsocket57357”. Select the “Web Hosting” as store location for the certificate.

Confirm the location and the overview and the certificate import should be finished.

Installation of PadConnectorManager inside IIS

To add the PadConnectorManager as an IIS site click "Add website..."

Set the Name to PadConnectorManager , select the location where you extracted the PadConnectorManager Zip file. Select as binding typ HTTP and the port 57358

Next step is to add another binding for HTTPS with the Port 57357. This is the default port of the PadConnector, therefor WebSignatureOffice will access this port and will be informed that the PadConnectorManager is installed and it will use the 57358 to get the User Port.

If you don´t have the signsocket.stepover.com as SSL Option, please install the certificate and restart IIS.

Next step is to enable the Anonymous and Windows authentication.

In certain IIS versions such as 8.5 it is necessary to remove the WebDAV module from the site, because it may interfere in the registration step.

Now you can start the PadConnectorManager Site.

You also need to disable the Idle-Time-out for the Padconnector-Manager, because otherwise the IIS will stop the Manager process after 20min of idling and with that the existing User/Port Mapping list. Go to the Application Pool, select the PadConnectorManager and then “Advanced Settings..”. Under Process Model, you will find the Idle-Time-out option, which has a default value of 20. You need to set it to 0 and confirm with OK.

Configuration

web.config

To allow the interaction between the PadConnectorManager site and the external signing location (like webSignatureOffice.com), the web.config needs to configured. The default address http://websignatureoffice.com is added to the PadConnectorManager web.config file, if you using a different site, like our Test Environment or your own page, you need to modify the web.config to allow the cross connection between the different sites.

Here is a sample with additional added https://websignatureoffice.stepover.de:8446 as origin. You can also add wildcards like http://* or https://*.mydomain.com.

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <location path="." inheritInChildApplications="false">
    <system.webServer>
      <handlers>
        <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
      </handlers>
      <aspNetCore processPath=".\PadConnectorManager.exe" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" hostingModel="inprocess" />
	  <cors enabled="true" failUnlistedOrigins="true">
			<add origin="https://websignatureoffice.com"
                 allowCredentials="true"
                 maxAge="120"> 
                <allowHeaders allowAllRequestedHeaders="true"/>
                <allowMethods>
                     <add method="GET" />
                </allowMethods>
            </add>
            <add origin="https://dev.webso.stepover.de"
                 allowCredentials="true"
                 maxAge="120"> 
                <allowHeaders allowAllRequestedHeaders="true"/>
                <allowMethods>
                     <add method="GET" />
                </allowMethods>
            </add>
        </cors>
    </system.webServer>
  </location>
</configuration>
<!--ProjectGuid: A1685A1F-7177-4E9A-8AC3-9B8F4D35F131-->

More information about Core Module Configuration can be found here.

The Port range

The port range can be configured in the appsettings.json file is is located inside the PadConnectorManager folder.

With the endpoint /range you can check the current port range. Please be sure that the amount of possible ports is higher than active user account on the same server, because otherwise the Manager can´t provide for every PadConnector instance a unique port.

Testing

After you started the PadConnectorManager site, you can test it. For that start on the same system your browser and open https://signsocket.stepover.com:57357. You should get the message that this is the PadConnector Manager.

If you want to check for active users you can use the /dump Endpoint

Additional Information for Integrator


Because the Port 57357 is also the default port of the PadConenctor, you can use /which endpoint, to check if the response comes from a PadConnector Manager

or from a PadConnector.

If the PadConnector response, you can assume a single user system and you don´t need to figure out the PadConnector port. In case you communicate with a Manager, you need to perform the authentication to collect the user specific port.

Endpoints

The PadConnector manager comes with a "/swagger/index.html" documentation site.

The WinPort endpoint is for the PadConnector.

The WinUser and port endpoints are for the external signing site.

One way to perform the authentication step is

var url = "http://localhost:57358/winUser?token=someUserToken";
var w = window.open(url)
w.close();

Then, GET http://localhost:57358/port?token=someUserToken to get the port.

The dump endpoint is for testing and debugging and lists in three columns

  • WinUser,

  • port and

  • token.

  • No labels