Configuring WebLink in a DMZ Environment

There are two ways to configure WebLink in a DMZ environment: 

• Configure WebLink using Web Client Settings (Recommended)
• Configure WebLink without a Web Client Dependency

Configure WebLink using Web Client Settings

The simplest way to correctly configure WebLink for use in the DMZ is to copy the settings from the web client in the DMZ. To do this, follow the steps below: 

1. Install and set up Web Client in the DMZ successfully. To learn more about configuring Web Client, see the Configuration Page.
2. Using the WebLink Designer user interface, set up WebLink using the same DMZ STS and internal repository that you used for Web Client.
3. Navigate to C:\Program Files\Laserfiche\Web Access\Web Files\Web.config and copy the <system.serviceModel> element.
4. Now, navigate to C:\Program Files\Laserfiche\WebLink\WebLink\Web Files\web.config and paste the <system.serviceModel> above the <appSettings> element. Keep the WebLink web.config file open.
5. In the WebLink web.config file, add <add key="UseAlternativeLicenseManagerService" value="true" /> in the <appSettings> element.
6. Navigate to C:\Program Files\Laserfiche\Web Access\Web Files. Copy behaviors.config, bindings.config, and client.config and paste it into C:\Program Files\Laserfiche\WebLink\WebLink\Web Files.
7. Navigate to C:\Program Files\Laserfiche\WebLink\WebLink\Web Files\client.config and remove the <endpoint name="Laserfiche.WebAccess.App_Services.FolderNotification" binding="basicHttpBinding" contract="Laserfiche.WebAccess.Common.IFolderChangeService" /> element.
8. Save all changes to WebLink's configuration files.
9. Restart Internet Information Services (IIS).

Configure WebLink without a Web Client Dependency

1. Using the WebLink Designer user interface, set up WebLink using your DMZ Security Token Service instance.
2. Copy the <system.serviceModel> element into C:\Program Files\Laserfiche\WebLink\WebLink\Web Files\web.config before the <appSettings> element:

   <system.serviceModel>
      <client configSource="client.config" />
      <bindings configSource="bindings.config" />
      <behaviors configSource="behaviors.config" />
   </system.serviceModel>
   

3. In WebLink's web.config, add <add key="UseAlternativeLicenseManagerService" value="true" /> in the <appSettings> element.
4. Create the following files behaviors.config, bindings.config, and client.config in C:\Program Files\Laserfiche\WebLink\WebLink\Web Files as shown below.

   Note: The altServiceCertificateThumbprint element in behaviors.config file should be replaced with the actual thumbprint of your alternate service certificate. Also, in the client.config file, the lfdsAddress element should be replaced with your Directory Server machine's Fully Qualified Domain Name (FQDN).

   • Create behaviors.config file:

     <behaviors>
     	<endpointBehaviors>
     		<behavior name="AltServiceBehavior">
     			<clientCredentials>
     				<clientCertificate storeLocation="LocalMachine" x509FindType="FindByThumbprint" findValue="altServiceCertificateThumbprint" />
     			</clientCredentials>
     		</behavior>
     	</endpointBehaviors>
     </behaviors>

   • Create bindings.config file:

     <bindings>
     	<ws2007HttpBinding>
     		<binding name="WS2007HttpBinding_ILicenseManager" maxReceivedMessageSize="2147483647">
     			<readerQuotas maxStringContentLength="2147483647" maxArrayLength="2147483647" />
     			<security mode="Message">
     				<message clientCredentialType="Certificate" />
     			</security>
     		</binding>
     		<binding name="WS2007HttpBinding_ILFSecurityTokenService" maxReceivedMessageSize="2147483647">
     			<readerQuotas maxStringContentLength="2147483647" maxArrayLength="2147483647" />
     			<security mode="Message">
     				<message clientCredentialType="Certificate" />
     			</security>
     		</binding>
     	</ws2007HttpBinding>
     </bindings>

   • Create client.config file:

     <client>
     	<endpoint address="http://lfdsAddress:5048/LicenseManager/service2" binding="ws2007HttpBinding" bindingConfiguration="WS2007HttpBinding_ILicenseManager" contract="LicenseManagerService.ILicenseManager" name="AltLicenseManagerService" behaviorConfiguration="AltServiceBehavior">
     		<identity>
     		</identity>
     	</endpoint>
     	<endpoint address="http://lfdsAddress:5048/LicenseManager/service2" binding="ws2007HttpBinding" bindingConfiguration="WS2007HttpBinding_ILicenseManager" contract="LicenseManagerService.ILicenseManager2" name="AltLicenseManagerService2" behaviorConfiguration="AltServiceBehavior">
     		<identity>
     		</identity>
     	</endpoint>
     	<endpoint address="http://lfdsAddress:5048/LicenseManager/sts2" binding="ws2007HttpBinding" bindingConfiguration="WS2007HttpBinding_ILFSecurityTokenService" contract="LicenseManagerSTS.ILFSecurityTokenService" name="AltLicenseManagerSTS" behaviorConfiguration="AltServiceBehavior">
     		<identity>
     		</identity>
     	</endpoint>
     </client>

5. Save all new and modified .config files.
6. Recycle WebLink's app pool in IIS: WebLinkAppPool.