Securing Access to Responder Web

This optional configuration allows you to host the entire Responder Web application using HTTPS.

Setting up HTTPS

  1. Browse to the web.config file at this location: C:\Inetpub\wwwroot\Responder.
  2. Open Web.config. You can edit the file by opening it in an XML application (such as XML Spy) or by opening it in a simple text editing program (such as Notepad).
  3. Insert the following two options in the appSettings section, if not already added, to disable URL path inspection:
    <add key="secureByUrls" value="false"/>
    <add key="undoUrlSecuring" value="false"/>
  4. Save and close Web.config.
  5. Set up IIS to require HTTPS for communication to the entire application:

Configure Switch Order Request Support for HTTPS

The following configuration allows support of Switch Order requests with HTTPS. This configuration needs to be applied if you want to support Switch Order requests with HTTPS, and the configurations are done to inetpub\wwwroot\responder\web.config.
  1. Locate the <system.serviceModel> section. In that section there are three endpoints. Each endpoint needs bindingConfiguration="secureHttpBinding" added as follows:
    <endpoint address="" binding="basicHttpBinding" bindingConfiguration="secureHttpBinding" contract.... />
  2. In the same section of the same file, after <services> section, add the following:
                <binding name="secureHttpBinding">
                  <!-- set mode="None" for http -->
                  <!-- set mode="Transport" for https -->
                  <security mode="None">
                    <!-- set clientCredentialType="None" for the Forms authentication -->
                    <!-- set clientCredentialType="Windows" for the Windows authentication -->
                    <transport clientCredentialType="None"/>
  3. The following changes can be made to the code according to your organization’s needs:
    • If you are using Windows Authentication, the transport clientCredentialType needs to be changed to Windows.

    • If you are using HTTPS, the security mode needs to be changed to Transport.

QR code for this page

Was this helpful?