Versions Compared

Old Version 6

changes.mady.by.user admin

Saved on

compared with

New Version Current

changes.mady.by.user admin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The behavior of Aptify Unified SOA has various settings that can be configured in the IIS web.config file. Changing any Aptify specific attribute in web.config for SOA requires SOA to be restarted for the changes.

Authentication Settings

The following settings customize the token validation handler that is responsible for validation the Aptify token sent on service requests.

  • Aptify.Services.Authentication.BypassAuthRegex – a regular expression for URL paths that should not require authentication. At the very least this property should be set to the authentication endpoint so tokens can be generated. 
  • Aptify.Services.Authentication.AllowTokenInURL – A legacy option for clients that cannot send the Aptify token in the Authorization header. This specifies the token will be in the URL as a query string parameter instead. This is less secure than sending the token in the header, as URLs are typically copied and shared with other users which would expose the access token and provide those users access to the service application. 
  • Aptify.Services.Authentication.DefaultScheme – A legacy option that sets the default scheme when TokenInScheme is being used. The scheme portion of the Authorization header normally describes what authentication provider will be used to validate the token. When the token is being sent in the scheme for legacy applications, the system needs to know what authentication provider to use. This value should be set to the lookup name of the default authentication provider. 
  • Aptify.Services.Authentication.EnableToken – set to false to turn off the token requirement on service calls. This will leave the service end points completely open and allow anyone to make service calls without first performing authentication. This should only be used if HTTP access to the application is secured by another means. 
  • Aptify.Services.Authentication.HeaderName – The header name where the Aptify token should be set. If AllowTokenInURL is being used, this is the name of the query parameter that will have the token value. 
  • Aptify.Services.Authentication.TokenDisabledTimeout – The amount of time, in minutes, that Aptify will cache authentication information in memory. It is possible that a token will have expired based on Token Provider settings but still be available in the cache due to this setting. 
  • Aptify.Services.Authentication.TokenExtensionDelay – The amount of time, in seconds, that Aptify should wait before renewing a token that has been used. For performance reasons we do not do this on every use of the token. Aptify will enforce a default value of 5 minutes if no value is given.
  • Aptify.Services.Authentication.TokenInScheme – a legacy option for clients that are sending the Aptify token in the Authorization header scheme instead of the Authorization header parameter. Set to true to enable this legacy behavior. If this is enabled the DefaultScheme option must also bet set. Using this option also means that only one authentication provider can be used for this service application.

  • Aptify.Services.Authentication.UseSession – set to true to store authenticated information on the user in the container session object. This is useful when service URLs will be used in a scenario where the token cannot be set in the header, such as in-lining URLs to an image service for HTML <img> tags. Default value is false.

    Note

    This setting has a significant performance cost that results in disparate service requests for the same user blocking each other. The result is that when this setting is set to true, an application will feel slower.

     

     

     

  • Aptify.Services.CredentialContainer.UseAptifyCookie -  set to true to store authenticated information on the user in the container session object. This is useful when service URLs will be used in a scenario where the token cannot be set in the header, such as in-lining URLs to an image service for HTML <img> tags. Default value is true.

    Note

    This setting serves the same functional purpose as Aptify.Services.Authentication.UseSession (with regard to the token not being set in the header), but it does not impact application performance. 

...