PadConnectorManager Installation
Introduction
Basic
The PadConnectorManager (manager) is a service that helps solving a problem that occurs in multi user systems. In desktop machines there is only 1 active user possible, this means we only need in PadConnector instance. This instance is on a default port and is connect with one signature pad. By default the Pad Connector is running as a service, which means even a user switch is possible.
In a Multi User Environment, there are multiple Users, websessions and signature Pads which is raising the questions “How to connect the correct pad to the websession?”.
The answer is that each user account has it´s own PadConnector Instance which is running on a different port and this is connected with the specific signature pad from the user. Additional we need a manager (PadConnectorManager) which mediated between the different PadConnector Instances and the web sessions.
The PadConnectorManager is a small IIS application which needs to be running on the same system.
Authentication
The PadConnectorManager runs in IIS with Anonymous and Windows authentication enabled. With the windows authentication, it is possible to know the Windows user (WinUser) of a website visitor.
Visiting /winUser?token=rieToken with the webbrowser
tells the manager the WinUser. Note the token parameter.
The authentication step gives the tuple
token,
WinUser
to the manager.
Registration
On a Windows Server, the PadConnector is automatically installed to work with the PadConnectorManager. Each PadConnector is run as startup entry when its corresponding Windows user logs on.
Since the PadConnector runs in the user's context, it knows the WinUser. It asks the manager for a port range and tries to bind to a port in that range.
In case of success it gives the tuple
WinUser,
port
to the manger.
Connection
When webSignatureOffice connects to the default port of the PadConnector, it gets the feedback that the PadConnectorManager is begin used and has to request the specific user port.
Installation
Download
Download the PadConnectorManager https://www.stepoverinfo.net/download.php?file=PadConnector_3.0.5-and-Manager-1.4.zip and extract it on the server. You can optional copy the PadConnectorManager1.x folder into the inetpub folder of your IIS.
Requirements
The PadConnectorManager is an ASP.NET Core application that has to be hosted by IIS. To install it in IIS, some Windows features and modules may be required.
IIS CORS Module which you can get from here: https://www.iis.net/downloads/microsoft/iis-cors-module
ASP.NET Core 6.0 Runtime (v6.0.31) - Windows Hosting Bundle which you can download from here: https://dotnet.microsoft.com/en-us/download/dotnet/6.0
The PadConnector also requires the Windows Authentication roll of the IIS. You can install this feature with the Server Manager. It listed in the Server Roles list under “Web Server (IIS) / Security / Windows Authentication”, make sure this option is enabled, otherwise the IIS doesn´t return the user account name and a linking to the user specific port is not possible.
Installation of the required certificates
You also need to install the SignSocket.StepOver.com certificate for the HTTPS communication of the IIS and the StepOver Software Root CA 4096 for the browser. You can both certificates inside the download package with a batch for the installation. This importCertificates.bat needs to started as Administrator for the Installation, otherwise it will fail.
If you want to install the certificates manually you can do this with the certificate manager (MMC). The signsocket_keystore.pfx needs to be imported under Web Hosting, the password for the import is “signsocket57357”. The SWRootCertificateStepOverEuropa4096.der needs to be installed as Trusted Root and also under Web Hosting.
Installation of PadConnectorManager inside IIS
To add the PadConnectorManager as an IIS site click "Add website..."
Set the Name to PadConnectorManager , select the location where you extracted the PadConnectorManager Zip file. Select as binding typ HTTP and the port 57358
Next step is to add another binding for HTTPS with the Port 57357. This is the default port of the PadConnector, therefor WebSignatureOffice will access this port and will be informed that the PadConnectorManager is installed and it will use the 57358 to get the User Port.
If you don´t have the signsocket.stepover.com as SSL Option, please install the certificate and restart IIS.
Next step is to enable the Anonymous and Windows authentication.
In certain IIS versions such as 8.5 it is necessary to remove the WebDAV module from the site, because it may interfere in the registration step.
Now you can start the PadConnectorManager Site.
You also need to disable the Idle-Time-out for the Padconnector-Manager, because otherwise the IIS will stop the Manager process after 20min of idling and with that the existing User/Port Mapping list. Go to the Application Pool, select the PadConnectorManager and then “Advanced Settings..”. Under Process Model, you will find the Idle-Time-out option, which has a default value of 20. You need to set it to 0 and confirm with OK.
Configuration
web.config
To allow the interaction between the PadConnectorManager site and the external signing location (like webSignatureOffice.com), the web.config needs to configured. The default address http://websignatureoffice.com is added to the PadConnectorManager web.config file, if you using a different site, like our Test Environment or your own page, you need to modify the web.config to allow the cross connection between the different sites.
Here is a sample with additional added https://websignatureoffice.stepover.de:8446 as origin. You can also add wildcards like http://* or https://*.mydomain.com.
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<location path="." inheritInChildApplications="false">
<system.webServer>
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath=".\PadConnectorManager.exe" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" hostingModel="inprocess" />
<cors enabled="true" failUnlistedOrigins="true">
<add origin="https://websignatureoffice.com"
allowCredentials="true"
maxAge="120">
<allowHeaders allowAllRequestedHeaders="true"/>
<allowMethods>
<add method="GET" />
</allowMethods>
</add>
<add origin="https://www.websignatureoffice.com"
allowCredentials="true"
maxAge="120">
<allowHeaders allowAllRequestedHeaders="true"/>
<allowMethods>
<add method="GET" />
</allowMethods>
</add>
<add origin="https://dev.webso.stepover.de"
allowCredentials="true"
maxAge="120">
<allowHeaders allowAllRequestedHeaders="true"/>
<allowMethods>
<add method="GET" />
</allowMethods>
</add>
</cors>
</system.webServer>
</location>
</configuration>
<!--ProjectGuid: A1685A1F-7177-4E9A-8AC3-9B8F4D35F131-->
More information about Core Module Configuration can be found here.
The Port range
The port range can be configured in the appsettings.json file is is located inside the PadConnectorManager folder.
With the endpoint /range you can check the current port range. Please be sure that the amount of possible ports is higher than active user account on the same server, because otherwise the Manager can´t provide for every PadConnector instance a unique port.
Testing
After you started the PadConnectorManager site, you can test it. For that start on the same system your browser and open https://signsocket.stepover.com:57357. You should get the message that this is the PadConnector Manager.
If you want to check for active users you can use the /dump Endpoint
Start up from PadConnector
When using the PadConnector Setup, a Service for the Startup of the PadConnector will be installed. But in a multi-user environment we have to start it inside the user-session, because only there is the device available. For that the PadConnector\run\PadConnectorConsole.exe can be used. With the exec from the same folder you can start it without the visible console.
"c:\…\PadConnector\run\exec.exe" "c:\…\PadConnector\run\PadConnectorConsole.exe"
Add this to your login script for all users which should use the padconnector.
Additional Information for Integrator
Because the Port 57357 is also the default port of the PadConenctor, you can use /which endpoint, to check if the response comes from a PadConnector Manager
or from a PadConnector.
If the PadConnector response, you can assume a single user system and you don´t need to figure out the PadConnector port. In case you communicate with a Manager, you need to perform the authentication to collect the user specific port.
Endpoints
The PadConnector manager comes with a "/swagger/index.html" documentation site.
The WinPort endpoint is for the PadConnector.
The WinUser and port endpoints are for the external signing site.
One way to perform the authentication step is
var url = "http://localhost:57358/winUser?token=someUserToken";
var w = window.open(url)
w.close(); |
Then, GET http://localhost:57358/port?token=someUserToken to get the port.
The dump endpoint is for testing and debugging and lists in three columns
WinUser,
port and
token.