Configuration of Portal-Service communication and selection of NetTCP protocol

Applies to version: 2021 R5 and 2022 R3 and above; author: Dominika Skórko

Introduction

WEBCON BPS 2021 R5 and 2022 R3 versions allow users to configure Portal–Service connection. Until now, such communication took place only via the SSPI-protected HTTP protocol. Now users can change the type of communication to NetTCP protocol secured by automatically generated certificates. 

Configuration

The default communication method set during WEBCON BPS installation is HTTP protocol and, at this point, it is not possible to configure it. Nevertheless, you can change the communication method when the installation is completed.

To proceed to configuration, click the “Tools for application management” option in the installation window.

Click the “Portal–Service connection configuration” option from the tool list on the right. In the tool window select the “TCP communication – automatically generated certificates” option. To generate certificates securing the connection via NetTCP protocol, click the “Generate certificates” button on the right. A set of certificates is created (for each service separately and one common one for all Portal frontends).

The service configuration is reloaded and the caches are refreshed after hitting the “Save” button, so you do not have to restart the service manually, nor reset the application pool in the Portal. You only need to wait for the conclusion of those operations – this can take a few minutes. 

The certificates remain valid for 20 years since their generation – it is necessary to generate them after that time. The “Common Name” field of each service certificate is filled out with the WCF service host address (without the port number). The same field in the Portal certificate is populated with the “PortalCertificate” value. All certificates are stored in a configurable database – the service certificates in the binary form in the “Services” table respective column, while the Portal certificate converted to the base64 format in the global parameters.  

Note the host addresses, including ports, used for communication. It is not possible to configure them during installation and, for the HTTP communication, the default value for both the WCF service and the license service is the service name and the 8002 number (referring to the number of the port used) separated by the colon. Such address is registered for a configured service account.

Changing the port number from 8002 to a different one in the “Licence service address” in the TCP communication requires its manual registration with the following command entered in the command-line interface: “netsh http add urlacl url=<address> user=<NetBios user name>”, e.g. “netsh http add urlacl url=http://+:8002/WorkFlow/WCFService/ user=webconsvc.bps”. (The above-mentioned registration is required when changing either of the two addresses in the HTTP communication). Following the selection of the TCP communication, the port number in the WCF host address is changed to “58002” by default. The reason for it is that the license service and the WCF service must use different ports. For this type of communication, it is not necessary to register address for the WCF service. After selecting the HTTP option the value changes to 8002 again, so it is not required to register the address again.

The selected communication type is logged at the service start into the EventLog.

The connection configuration can be also checked in the WEBCON BPS Designer Studio. To do that, press the “System settings” button in the right, lower corner and select “Services configuration“ in the selection tree. The newly opened window shows three service parameters.

Summary

Alternative communication via NetTCP allows users to establish secure Portal–Service connections when there are problems with the SSPI interface securing the HTTP protocol. Applying automatically generated certificates makes it possible to work on several stations in domainless environments and prevents wrong configurations of the said environments and the authentication system.