Securing Access to Responder Web
This optional configuration allows you to host the entire Responder Web application using HTTPS.
Setting up HTTPS
- Browse to the web.config file at this location: C:\Inetpub\wwwroot\Responder.
- Open Web.config. You can edit the file by opening it in an XML application (such as XML Spy) or by opening it in a simple text editing program (such as Notepad).
- Insert the following two options in the appSettings section,
if not already added, to disable URL path inspection:
<add key="secureByUrls" value="false"/> <add key="undoUrlSecuring" value="false"/>
- Save and close Web.config.
- Set up IIS to require HTTPS for communication to the entire application:
Configure Switch Order Request Support for HTTPS
- Locate the <system.serviceModel> section. In that section
there are three endpoints. Each endpoint needs bindingConfiguration="secureHttpBinding"
added as follows:
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="secureHttpBinding" contract.... />
- In the same section of the same file, after <services>
section, add the following:
<bindings> <basicHttpBinding> <binding name="secureHttpBinding"> <!-- set mode="None" for http --> <!-- set mode="Transport" for https --> <security mode="None"> <!-- set clientCredentialType="None" for the Forms authentication --> <!-- set clientCredentialType="Windows" for the Windows authentication --> <transport clientCredentialType="None"/> </security> </binding> </basicHttpBinding> </bindings>
- The following changes can be made to the code according
to your organization’s needs:
If you are using Windows Authentication, the transport clientCredentialType needs to be changed to Windows.
If you are using HTTPS, the security mode needs to be changed to Transport.
Open and follow the steps in the "How to Set Up SSL on IIS 7" article from Learn.IIS.net.
Windows 2008 R2 and Windows 2012
Open and follow the steps in the "How to Install Your SSL Certificate to Your Windows 2008 Server" article or the "How to Install and Configure Your SSL Certificate on Windows Server 2012" article from DigiCert.com.