Web Component User Manual
V.9.1.1.4683
Expand

Abstract

This document provides guidance and instructions on the installation, configuration and management of the DesignBais Web Component (WEBCOMP).

Definitions

WEBCOMP DesignBais Web Component
DATACOMP DesignBais Data Component
DBNET A web site or a virtual folder built using DesignBais

Quick Start

This short procedure is for a Windows 2012 server.

It is assumed that the DesignBais Data Component (DATACOMP) has already been installed on the same server or on a different machine.

  • Download and install .Net Framework 4.6.1
  • Check that IIS and ASP.NET 4 have been enabled (see section IIS Web Server for details)
  • Create a Windows user on both the web server and on the database server with the name: dbnetuser and password: dbnetuser

    Server Manager > Dashboard > Tools > Computer Management > Local Users & Groups > User > Action: New User

  • On the database server, the user dbnetuser must be a member of Administrators group.
  • Download the DesignBais web component (dbnet.zip) from www.designbais.com and unzip it on your web server as c:\inetpub\wwwroot\dbnet
  • Follow the instructions given in Section "IIS Configuration" of this manual closely to create the required IIS application for your DBNET. In summary:
    • Create a new application pool (named e.g. DBNetPool) in IIS (Enable 32-Bit Applications and set "Identity" as "LocalSystem")
    • Convert DBNET to an application
    • Enable basic authentication on your DBNET
  • Edit DBNET/admin/db.config file (e.g. located at c:\inetpub\wwwroot\dbnet\admin\db.config) file in Notepad and set the required parameters:
    <dbconfig>
    <entryPoint qcode="">
    <loginHost>database server ip address</loginHost>
    <loginHostType>database type (UNIVERSE, UNIDATA, D3, ONWARE, ONSYS, JBASE or QM)</loginHostType>
    <loginAccount>DBINET.DEMO</loginAccount>
    <loginUser>dbnetuser</loginUser>
    <loginPassword>dbnetuser</loginPassword>
    <loginPublicUser>dbnetuser</loginPublicUser>
    </entryPoint>
    </dbconfig>
  • Open a browser and navigate to http://localhost/dbnet

This is your DesignBais development environment in a browser. You can now refer to your DesignBais Developers Manual which provides guidance and details on how DesignBais is used to develop web based applications.

System Requirements

Operating System

DesignBais web component (WEBCOMP) runs on Windows Vista, Windows 7, Windows 2008, Windows 2012 and later Windows operating systems

Microsoft .NET Framework

DesignBais requires .NET Framework Version 4.6.1 or later.

You need to install .Net framework 4.6.1 on Windows operating systems earlier than Windows 2016 Server and Windows 10 [v1607].

IIS Web Server

Install IIS if not already installed

Windows OS Version IIS Version IIS Installation Instructions
Vista IIS 7 IIS Installation
Windows 7 IIS 7.5 IIS Installation
Windows 8 IIS 8 IIS Installation
Windows 8.1 IIS 8.5 IIS Installation
Windows 10 IIS 10 IIS Installation
Windows Server 2008 IIS 7 IIS Installation
Windows Server 2008 R2 IIS 7.5 IIS Installation
Windows Server 2012 IIS 8 IIS Installation
Windows Server 2012 R2 IIS 8.5 IIS Installation
Windows Server 2016 IIS 10 IIS Installation

Windows Role Services and Features

Security

  • Basic Authentication
  • Windows Authentication

Web Server (IIS) > Application Development ASP.NET 4.5

.NET Framework 3.5 Features

On Windows 10

DesignBais Data Component

Install the DesignBais Data Component (DATACOMP) either on the same server (i.e. the web server) or on a different server. The DesignBais Web Component (WEBCOMP) communicates with the DATACOMP via the TCP/IP port of your database's connection mechanism. These are the default ports:

Database Default TCP/IP connection port
Universe 31438
Unidata 31438
D3 9000
ONSYS 3471
ONWARE 8888
jBASE 8236
QM 4242

Note that in most deployments you won't need to change these ports but if needed, db.config file can be used to specify a different TCP/IP port by adding a new node named "connectionSpecs" under the root node dbconfig.

<connectionSpecs>
<connectionSpec type="UNIVERSE" port="31438" host="192.168.199.2"/>
<connectionSpec type="UNIDATA" port="31438" host="192.168.199.3"/>
<connectionSpec type="D3" port="9000" host="192.168.199.4"/>
<connectionSpec type="ONSYS" port="3471" host="192.168.199.5"/>
<connectionSpec type="ONWARE" port="8888" host="192.168.199.6"/>
<connectionSpec type="JBASE" port="8236" host="192.168.199.7"/>
<connectionSpec type="QM" port="4242" host="192.168.199.8"/>
<connectionSpec type="UNIVERSE" port="31438" host="192.168.199.9" pooling="native" defaultloginUser="dbnetuser" defaultloginPassword="dbnetuser"/>
</connectionSpecs>

Browser Support

All modern browsers are supported as of 2019 March. DesignBais does not support IE7 and earlier versions (less than 1% market share in recent statistics)

Installation and Uninstallation

dbnet.zip (DBNET template)

Download the DesignBais web component (dbnet.zip) from www.designbais.com and unzip it to folder c:\inetpub\wwwroot. This will be the physical directory of your DBNET.

Your DBNET's full physical path becomes: c:\inetpub\wwwroot\dbnet

You can rename the folder "dbnet" as needed.

PDF Document Generation

DesignBais versions after 7.2.2.2694 use HIQPDF for PDF document generation by default.

For PDF report generation, DesignBais uses a third party component, HIQPDF. This component is licensed for distribution with DesignBais.

HIQPDF is an integral part of DesignBais and it does NOT require installation.

Advanced Usage (pdfConsole)

If your application generates a lot of PDF documents and some of these documents are large (e.g. more than about ten pages) then you should consider shifting some of the load to the DesignBais pdfConsole running on an external dedicated server. This will reduce the stress on your web server and improve the reliability of your application.

Setting up DesignBais pdfConsole on an external PDF server

You can set up a Windows server (Win 2008 or later) as a dedicated PDF server. Multiple (e.g. eight) CPUs are recommended. The speed of PDF document generation depends on the number of CPUs and the available RAM.

  • Copy your DBNET/pdfConsole folder to the new pdf server (e.g c:\pdfConsole)
  • In your DBNET/admin/db.config file;
    • enter <HIQImageCompressionLevel>85</HIQImageCompressionLevel> in <setup> node. This way, images in PDF files will be compressed by 85%. A 0 compression (default value) produces the best quality images which leads to larger PDF documents while a 100 compression produces smaller PDF documents with low quality images.
  • Configure c:\pdfConsole\dbpdf.config
  • Start by running pdfConsole.exe
<dbpdf>
<setup>
<adminEmail>admin@somedomain.com</adminEmail>
<smtpHost>mail.somedomain.com</smtpHost>
<smtpPort/>
<smtpEnableSsl/>
<smtpHTMLFormat/>
<smtpLogin/>
<smtpPassword/>
</setup>
<dbnet>
<pickMask>0-31</pickMask>
<baseUrl>http://somedomain.com/dbnet</baseUrl>
<basePath>C:\DBNET</basePath>
<login>dbnetuser</login>
<pass>dbnetuser</pass>
</dbnet>
<dbnet>OTHER DBNET</dbnet>
<dbnet>OTHER DBNET</dbnet>
</dbpdf>
Parameter Allowed Values Description
adminEmail Email address System generated notifications are sent to this address
smtpHost IP address System generated notifications are sent via this email server
smtpPort a TCP/IP port number TCP/IP port of the email server. Leave blank initially (defaults to 25)
smtpLogin A user login name User login name in connecting to the mail server (if needed by your mail server). Leave blank initially.
smtpPassword A password password for smtpLogin (if needed by your mail server).  Leave blank initially.
smtpEnableSsl true or false specifies whether SSL is used to access the specified SMTP mail server. Default is false.
pickMask 0-31 Each input HTML file name is mapped to a number between 0 and 31. This instance of pdfConsole will process only those files that fall in its pickMask range. e.g. if set to "0-15" then this instance of the pdfConsole will process approximately half of the total load. This attribute should be set to 0-31 if there is only one pdf server (i.e. one pdfConsole) in the system. The load between multiple pdf servers can be adjusted using this value. No two pdf consoles on a system can be configured with the same pickMask.
e.g. Two pdfConsoles can be configured such that pdfConsole-A can have 0-15 and pdfConsole-B can have 16-31 as their pickMask values.
baseUrl http://somedomain.com/dbnet This is the base url of a DBNET
basePath c:\dbnet This is physical folder for the baseUrl
login dbnetuser A Windows login user name that has access to the baseUrl above if Basic authentication is being used. This parameter is not necessary for sites that allow anonymous access
pass dbnetuser Password for the login if Basic authentication is being used. This parameter is not necessary for sites that allow anonymous access

Note that pdfConsole automatically encrypts your password entered in pdfConsole's dbpdf.config. The encryption is applied within few minutes after entering or changing a password

The node HIQImageCompressionLevel is created automatically and their values are set to those specified in admin/db.config of the corresponding DBNET.

It will be a good idea to install the PDF Console on a separate server with good RAM and multiple CPUs.

HIQImageCompressionLevel can be set in DBNET's admin/db.config. The PDF Console will pick this value and use it in compressing images during an HTML to PDF Conversion. This results in lower quality images but smaller PDF file sizes suitable as attachments in emails. HIQImageCompressionLevel set to 85 provides significant reduction in file sizes still maintaining a decent image quality.

pdfConsole generates logs in its \logs directory. Check this folder for troubleshooting PDF generation errors. Also including this folder in purge routines might be a good idea.

ABCPDF (Optional)

ABCPDF can still be used with DesignBais versions after 7.2.2.2694. If you prefer that, you need install this component and select ABCPDF in DesignBais > Global Parameters > General Parameters. To install ABCPDF,

  • Make sure that .NET Framework 3.5 (includes .NET 2.0 and 3.0) has been installed (yes, this is in addition to .NET 4.6.1 that has already been installed).
  • Run c:\inetpub\wwwroot\dbnet\admin\abcpdf\installer.msi. This msi file (installer.msi) must be run "as administrator". To do that, open a CMD shell as administrator, change directory to the path of the installer (e.g. >cd c:\inetpub\wwwroot\dbnet\admin\abcpdf ) type "installer.msi" and press ENTER.

Installation on Previous Versions

You don't need to uninstall previous versions (Version 6 and earlier) of the DesignBais Web Component (WEBCOMP) but, we recommend disabling the DesignBais Service in Windows Services.

Uninstallation

The DesignBais Web Component (WEBCOMP) does not require a special uninstallation program. All you need to do is to disable access to the DBNET virtual folder in IIS.

If installed, the ABCPDF component can be unistalled using the Windows Control Panel, Add/Remove Programs

You can also delete the DBNET folder but you should do that after uninstalling the ABCPDF component.

Configuration

In this section, configuration instructions are provided for Windows 2012 servers. Configuration on other operating systems is similar.

Special User Accounts

DesignBais Connection User: Create a Windows user both on the web server and on the database server as the "DesignBais Connection User". On both servers, the login name and the password should be the same. This user does not need to be added to the database as a DesignBais user.

DesignBais Public User: Create a DesignBais user (e.g. "dbpublic") on the database server. Note that this does not need to be a Windows user.

IIS Configuration

IIS Application Pool

In IIS, create a new application pool (e.g. DBNetPool):

Note that the dialog may display .NET Framework 4.0 despite that .NET Framework 4.6.1 has been installed.

Accept defaults in the "Advanced Settings" for the created application pool, except:

  • Set "Enable 32-Bit Applications" to true
  • Set "Identity" as "LocalSystem"
  • Set "Load User Profile" to true

Security Tip:Following your initial tests (including a PDF report test if you use PDF reports), set the application pool identity to "ApplicationPoolIdentity" and give the ApplicationPoolIdentity "full control" access on the following folders:

  • DBNET\admin
  • DBNET\debug
  • DBNET\emailLog
  • DBNET\keyStore
  • DBNET\uploads

32-Bit applications are enabled due to some third party components used in DesignBais.

Virtual Folder (DBNET)

In IIS, convert your DBNET to an application. To do that, right click your DBNET's name in IIS (e.g. dbnet) and select "Convert to Application". Select DBNetPool as your application.

Authentication

Enable the required authentication method in IIS.

If your DBNET requires anonymous access then enable both "Anonymous Acess" and one of the other authentication modes that requires login (e.g. 'Basic Authentication', 'Windows Authentication' etc.). This is needed to secure sensitive folders and functions such as the source code editor.

web.config

Overview

Some additional IIS parameters are configured in web.config of your DBNET. Using web.config, DBNET folders are secured against unauthorised access. This is also where read/write access to folders is configured.

web.config file is located in the DBNET root directory.

IMPORTANT: For better security, replace the default login names (e.g. dbnetuser, designbais, dbpublic etc.) in your admin/db.config and web.config with other names.

In most deployments you'll need to change only the user login names provided in the default web.config file.

Code Editor Security

The Code Editor must not allow unauthorised access. In this example, only two users are given access. Add other Windows user login names as needed.

<location path="codeeditor" allowOverride="false">
<system.web>
<authorization>
<allow users=".\designbais"/>
<allow users=".\administrator"/>
<deny users="*"/>
</authorization>
</system.web>
</location>

A Code Editor session does not time out

Admin Security

The admin folder must not allow unauthorised access. In this example, only two users are given access. Add other Windows user login names as needed. The Admin folder contains various test functions.

<location path="admin" allowOverride="false">
<system.web>
<authorization>
<allow users=".\designbais"/>
<allow users=".\administrator"/>
<deny users="*"/>
</authorization>
</system.web>
</location>

Debug Folder Security

The debug folder must not allow any access.

<location path="debug" allowOverride="false">
<system.webServer>
<handlers accessPolicy="None"/>
</system.webServer>
</location>

Documents Folder Security

This folder is configured to allow read access only. Your application may not need this folder.

<location path="documents" allowOverride="false">
<system.webServer>
<handlers accessPolicy="Read"/>
</system.webServer>
</location>

EmailLog Folder Security

This folder must not allow any access. The EmailLog folder keeps logs of emails sent out by the system.

<location path="emaillog" allowOverride="false">
<system.webServer>
<handlers accessPolicy="None"/>
</system.webServer>
</location>

Keystore Folder Security

This folder must not allow any access. The Keystore folder keeps small files used only by the system.

<location path="keystore" allowOverride="false">
<system.webServer>
<handlers accessPolicy="None"/>
</system.webServer>
</location>

Uploads Folder Security

This folder is configured to allow read access only. Your application may use this folder to store uploaded files.

<location path="uploads" allowOverride="false">
<system.webServer>
<handlers accessPolicy="Read"/>
</system.webServer>
</location>

Uniobjects Configuration

You don't need to install the UniObjects since it is already provided as part of the DesignBais web component.

Include these sections in your web.config file if you're using Universe or Unidata in connection pooling mode. Refer to your UO.NET manual for details on these parameters.

<configSections>
<sectionGroup name="UO.NET">
<section name="General" type="System.Configuration.DictionarySectionHandler"/>
<section name="ConnectionPooling" type="System.Configuration.DictionarySectionHandler"/>
</sectionGroup>
</configSections>

<UO.NET>
<General>
<add key="SocketTimeOut" value="300000"/>
</General>
<ConnectionPooling>
<-- add key="ConnectionPoolingOn" value="0"/ -->
<add key="MinimumPoolSize" value="2"/>
<add key="MaximumPoolSize" value="2"/>
<add key="IdleRemoveThreshold" value="30000"/>
<add key="IdleRemoveExecInterval" value="6000"/>
<add key="OpenSessionTimeout" value="10000"/>
</ConnectionPooling>
</UO.NET>

Note that ConnectionPoolingOn parameter is not needed in web.config. Uniobjects connection pooling is enabled by setting pooling="native" in db.config.

MinimumPoolSize and MaximumPoolSize parameters of web.config are used as defaults only if the db.config entryPoint parameters U2MinimumPoolSize and U2MaximumPoolSize are missing.

Setting up Pooled Connections (Universe and Unidata)

  • Install Universe (or Unidata) pooled connection licences (from Rocket) on your database server.
  • Add the two config segments provided above in section "Uniobjects Configuration" to your web.config if not already there.
  • Add the parameters pooling, defaultloginUser and defaultloginPassword to the connectionSpec node where pooling is required in your db.config.
  • Add the parameters U2MinimumPoolSize and U2MaximumPoolSize to the entryPoint node where pooling is required in your db.config

Behaviour of Uniobjects Connection Pooling when qcode entry is used (url?ac=qcode)

  • DesignBais finds the entryPoint for the given qcode.
  • DesignBais gets the parameters loginHost, loginHostType, loginAccount, loginUser, loginPassword, U2MinimumPoolSize and U2MaximumPoolSize from the entryPoint found
  • Using those parameters DesignBais either opens a new native connection pool or uses a connection from an existing pool that has already been opened using the same parameters.
  • If U2MinimumPoolSize or U2MaximumPoolSize has not been specified in that entryPoint then the parameters MinimumPoolSize and MaximumPoolSize specified in web.config are used. All other parameters are required.

Behaviour of Uniobjects Connection Pooling when the user changes account

  • DesignBais looks for an entryPoint in db.config that matches the given loginHost, loginHostType and loginAccount parameters
  • If an entryPoint is not found, DesignBais uses the defaultloginUser and defaultloginPassword obtained from the associated connectionSpec
  • The proccess continues similar to a qcode entry (please see the previous section)

Each database account is configured with a separate connection pool. All requests go through this pool. Excess demand is queued and the allocated maximum number of connections for that account is never exceeded.

This way, the available pooled connection licences (Rocket) can be distributed between several accounts as needed

Note that a connection pool must have at least two connections (U2MinimumPoolSize) .

Setting up Pooled Connections (QM)

In db.config, set db="dbaisXXXX" (max 15 chars) where XXXX can be any string. Then in QM, the database should be configured with (POOL= dbaisXXXX,limit,timeout) as per QM documentation.

Windows Folder Permissions

In most deployments you won't need to make any adjustments to folder permissions.

db.config

Overview

File db.config is used to configure the DesignBais Web Component (WEBCOMP). It contains parameters such as the database host IP address, database type, email server address and various others. The db.config file is located in your DBNET\admin folder.

This file can be edited using Notepad or an xml editor.

Changes to db.config take effect immediately without requiring an IIS restart.

<dbconfig>
<setup>
<adminEmail>admin@mydomain.com</adminEmail>
<smtpHost>192.168.199.1</smtpHost>
<smtpPort>25</smtpPort>
<smtpEnableSsl>false</smtpEnableSsl>
<smtpHTMLFormat>true</smtpHTMLFormat>
<smtpLogin>some_user</smtpLogin>
<smtpPassword>some_pass</smtpPassword>
<notificationHoldMinutes>60</notificationHoldMinutes>
<supportEmail>support@mydomain.com</supportEmail>
<supportWeb>http://www.mydomain.com</supportWeb>
<logoImageName>logo.jpg</logoImageName>
<enableDetailedErrorMessages>true</enableDetailedErrorMessages>
</setup>
<entryPoint>
<loginHost>192.168.199.2</loginHost>
<loginHostType>UNIVERSE</loginHostType>
<loginAccount>DB.NET</loginAccount>
<loginUser>uvuser</loginUser>
<loginPassword>password</loginPassword>
<loginPublicUser>dbuvpublic</loginPublicUser>
<requestTimeoutSeconds>60</requestTimeoutSeconds>
<debugUser>auser</debugUser>
<enableXSSshield>true</enableXSSshield>
<allowDomainNamesInLoginNames>false</allowDomainNamesInLoginNames>
<convertLoginNamesToLowercase>true</convertLoginNamesToLowercase>
<enableDetailedErrorMessages>true</enableDetailedErrorMessages>
</entryPoint>
<entryPoint qcode="hr">
<loginHost>192.168.199.5</loginHost>
<loginHostType>UNIVERSE</loginHostType>
<loginAccount>DB.HR</loginAccount>
<loginUser>uvuser</loginUser>
<loginPassword>password</loginPassword>
<loginPublicUser>dbuvpublic</loginPublicUser>
<requestTimeoutSeconds>60</requestTimeoutSeconds>
<debugUser>auser</debugUser>
<enableXSSshield>true</enableXSSshield>
<allowDomainNamesInLoginNames>false</allowDomainNamesInLoginNames>
<convertLoginNamesToLowercase>true</convertLoginNamesToLowercase>
<enableDetailedErrorMessages>true</enableDetailedErrorMessages>
</entryPoint>
<entryPoint qcode="sales">
<loginHost>192.168.199.3</loginHost>
<loginHostType>UNIDATA</loginHostType>
<loginAccount>DB.SALEST</loginAccount>
<loginUser>uduser</loginUser>
<loginPassword>password</loginPassword>
<loginPublicUser>dbudpublic</loginPublicUser>
<requestTimeoutSeconds>60</requestTimeoutSeconds>
<debugUser>auser</debugUser>
<enableXSSshield>true</enableXSSshield>
<allowDomainNamesInLoginNames>false</allowDomainNamesInLoginNames>
<convertLoginNamesToLowercase>true</convertLoginNamesToLowercase>
<enableDetailedErrorMessages>true</enableDetailedErrorMessages>
</entryPoint>
<entryPoint qcode="weather">
<loginHost>192.168.199.4</loginHost>
<loginHostType>D3</loginHostType>
<loginAccount>DB.WEATHER</loginAccount>
<loginUser>d3user</loginUser>
<loginPassword>password</loginPassword>
<loginPublicUser>dbd3public</loginPublicUser>
<requestTimeoutSeconds>60</requestTimeoutSeconds>
<debugUser>auser</debugUser>
<enableXSSshield>true</enableXSSshield>
<allowDomainNamesInLoginNames>false</allowDomainNamesInLoginNames>
<convertLoginNamesToLowercase>true</convertLoginNamesToLowercase>
<enableDetailedErrorMessages>true</enableDetailedErrorMessages>
</entryPoint>
<entryPoint qcode="finance">
<loginHost>192.168.199.5</loginHost>
<loginHostType>UNIVERSE</loginHostType>
<loginAccount>DB.FINANCE</loginAccount>
<loginUser>user</loginUser>
<loginPassword>password</loginPassword>
<loginPublicUser>publicuser</loginPublicUser>
<requestTimeoutSeconds>60</requestTimeoutSeconds>
<debugUser>publicuser</debugUser>
<enableXSSshield>true</enableXSSshield>
<allowDomainNamesInLoginNames>false</allowDomainNamesInLoginNames>
<convertLoginNamesToLowercase>true</convertLoginNamesToLowercase>
<enableDetailedErrorMessages>true</enableDetailedErrorMessages>
<U2MinimumPoolSize>2</U2MinimumPoolSize>
<U2MaximumPoolSize>6</U2MaximumPoolSize>
</entryPoint>
<connectionSpecs>
<connectionSpec type="UNIVERSE" host="192.168.199.2" pooling="none"/>
<connectionSpec type="UNIVERSE" host="192.168.199.5" pooling="db" max="6"/>
<connectionSpec type="UNIDATA" host="192.168.199.3" pooling="native"/>
<connectionSpec type="D3" host="192.168.199.4" pooling="db" max="3"/>
<connectionSpec type="UNIVERSE" port="31438" host="192.168.199.5" pooling="native" defaultloginUser="dbnetuser" defaultloginPassword="dbnetuser"/>
</connectionSpecs>
</dbconfig>

As seen in this example, db.config file can have

  • one setup node (optional)
  • several entryPoint nodes (at least one required)
  • one connectionSpecs node (optional)

setup node

Parameter Allowed Values Description
adminEmail Email address System generated notifications are sent to this address
smtpHost IP address System generated notifications are sent via this email server
smtpPort 25 TCP/IP port of the email server (this is normally set to 25)
smtpHTMLFormat
  • true
  • false
true = emails are sent in html format
false = emails are sent in text format
smtpLogin A user login name User login name in connecting to the mail server (if needed by your mail server)
smtpPassword A password password for smtpLogin (if needed by your mail server)
notificationHoldMinutes A whole value between 1 and 1000 Minimum duration (in minutes) between two system generated notification emails. Recommended value is 5 which means you won't get notifications from the system (e.g. error messages) for at least five minutes. Note that associated incidents will still be logged.
supportEmail Email address The email address displayed to the user on error pages. This is usually a support address like support@mydomain.com
supportWeb Web site address The web site address displayed to the user on error pages. This is usually the url of your web site; e.g. http://www.mydomain.com
logoImageName File name of your company logo or any other image The image displayed to the user on error pages. This is usually your company logo; logo.jpg. Note that the image path must not be entered and the image must exist under your DBNET's images folder
enableDetailedErrorMessages
  • true
  • false
Setting this to true will ensure that any error details will be displayed to the user. For security reasons, this should be set to false in production environments. Note that any error is logged in full detail regardless of this setting.

entryPoint nodes

The entryPoint node defines the parameters that the WEBCOMP uses to connect to the database. There can be several entryPoint nodes in db.config.

A url like http://localhost/dbnet?ac=myaccount1 is directed to the entryPoint having "myaccount1" in its qcode attribute.

Set qcode="" for the default entryPoint. A url like http://localhost/dbnet without the ?ac=xxxx parameter selects the default entryPoint.

Parameter Allowed Values Description
qcode Attribute DesignBais sends the request to the entry point having a qcode that matches the 'ac' parameter of the query string.
loginHost IP address This is the IP address of the machine that hosts the database.
loginHostType
  • UNIVERSE
  • UNIDATA
  • D3
  • ONSYS
  • ONWARE
  • JBASE
  • QM
Type of the database
loginAccount A database account name The name of the database account
loginUser A Windows user login name The login name used to establish communication with the DATACOMP regardless of the actual user login. Note that this user must also be created with the same password on the database server.
loginPassword A password (must be longer than 3 characters) Password for the loginUser
loginPublicUser A user login name When a DBNET is configured for anonymous access, loginPublicUser is passed to the DATACOMP as the logged on user. Note that this does not need to be a Windows user account but must be a DesignBais user and must have a default DesignBais form specified.
requestTimeoutSeconds A whole value between 1 and 300 Time out value (in seconds) for any request made from the WEBCOMP to the DATACOMP. Some database processes may take a long time to complete so, a large value (e.g. 300) for this parameter may be necessary. However, setting a long time out value may impact the reliability and availability of the service. Running lengthy operations in phantom processes and providing periodic feedback to the user using a timer is recommended.
debugUser A user login name. This is a DesignBais user and it does not have to be a Windows account. WEBCOMP debug logs are generated for this user only. Note that all errors are logged regardless of user login.
enableXSSshield
  • true
  • false
Set to true to enable input filtering against XSS attacks.
allowDomainNamesInLoginNames
  • true
  • false
Set to false to strip off the domain name from the login names that are originally in the form of domain\user when captured by the IIS. This may apply if you use IIS authentication methods other than "Anonymous".
convertLoginNamesToLowercase
  • true
  • false
Set to true to convert the login name entered by the user to lowercase before passing it to the DATACOMP.
enableDetailedErrorMessages
  • true
  • false
Setting this to true will ensure that any error details will be displayed to the user. For security reasons, this should be set to false in production environments. Note that any error is logged in full detail regardless of this setting. Also note that this overrides the parameter enableDetailedErrorMessages of the setup node. If not specified, the value in setup node is used.
U2MinimumPoolSize A whole number greater than 1 Uniobjects minimum pool size for this entryPoint [host, hostType, account]. Applicable to Universe and Unidata only. If missing, the MinimumPoolSize as specified if web.config is used.
U2MaximumPoolSize A whole number greater than or equal to U2MinimumPoolSize Uniobjects maximum pool size for this entryPoint [host, hostType, account]. Applicable to Universe and Unidata only. If missing, the MaximumPoolSize as specified if web.config is used.

connectionSpecs Node; Connection Methods & Pooling

DesignBais provides three methods for connections between the web server and the database server

No pooling:Connections are opened and closed with every request. This type of connection is reliable and resilient against application crashes. This method provides high system throughput with minimum resources but the individual user may experience some delay in cases where a quick response is expected (e.g. a server hit on mouse-over).

Native pooling:Connection pooling is provided by your database. This type of connection is also reliable and resilient against application crashes. It provides high system throughput and a responsive experience for the user. This is the recommended connection method.

DesignBais pooling:Connection pooling is managed by DesignBais. It provides high system throughput and a responsive experience for the user. A cheaper alternative to native poolers. In this configuration, connections are fast but not used very efficiently as a connection is not shared between DBNETs.

Connection methods can be specified in the connectionSpecs section of your db.config as shown in the following example. Note that connectionSpecs section is optional in db.config and if missing, pooling="none" method is used.

<connectionSpecs>
<connectionSpec type="UNIVERSE" host="192.168.199.2" pooling="none"/>
<connectionSpec type="UNIVERSE" host="192.168.199.4" pooling="db" max="3"/>
<connectionSpec type="UNIVERSE" host="192.168.199.25" pooling="native" defaultloginUser="dbnetuser" defaultloginPassword="dbnetuser"/>
</connectionSpecs>

Attributes of connectionSpec nodes:

Parameter Allowed Values Description
pooling none, native or db none: no connection pooling
native: database's native connection pooling
db: DesignBais connection pooling
max A whole number Maximum number of connections that DesignBais is allowed to use. Valid for DesignBais connection pooling only (i.e. pooling="db")
defaultloginUser String When a user changes account, if the target account has not been specified as an entryPoint in db.config, then this value is used in opening a native connection pool.
defaultloginPassword String When a user changes account, if the target account has not been specified as an entryPoint in db.config, then this value is used in opening a native connection pool.

The "max" attribute is required only for the "db" pooling modes. Otherwise it can be omitted.

The pooling method defaults to "none" if the pooling attribute is omitted.

Customisation

Logo

Replace the existing images/logo.jpg file with your company logo. This image is displayed on error pages (i.e. dbnet/errors.aspx).

Setup Node

The setup node in file admin/db.config is used to customise a dbnet according to your deployment. You can edit that file (e.g. in Notepad) and configure the setup node as explained in this manual.

Images

New Applications

Create a new folder under DBNET/images and store all your application images in that folder (e.g. /dbnet/images/myappImages ).

Existing Applications

If you're rebuilding an existing DesignBais DBWEB then copy your image files and folders from your existing DBWEB/images to your new DBNET/images.

Favicon

You can save your favicon.ico and other favicon files in DBNET/favicon folder overwiting the existing image files.

Favicon is explained here:

https://en.wikipedia.org/wiki/Favicon

A favicon can be generated online:

http://www.favicon-generator.org/

You may want to add html meta tags to your DBNET to make sure that favicon works properly on all platforms. You can add HTML meta tags to your DBNET as explained in section "HTML Meta Tags" of this document.

HTML Meta Tags

You can edit file admin/htmlMetaTags.txt to specify any meta tags as needed.

Search Engines (robots.txt)

The file DBNET/robots.txt is used to instruct search engines to index a web site or not. It is configured to stop indexing by default but you can change it as needed.

Custom Javascript

You can use the file DBNET/custom.js file to insert javascript code into the page. Note that JQUERY is available if you prefer to use it.

Two functions are provided:

beforeHitCustom(dbEventSource, dbEventType, dbClass, dbFormName)

beforeHitCustom is executed right before a server hit. You can use the input parameters passed by DesignBais:

Parameter Description
dbEventSource ID of the element raising the event
dbEventType Event type
dbClass CSS class name of the element
dbFormName Name of the DesignBais form

Returning "false" from this function will cancel the server hit.

afterHitCustom(dbEventSource, dbEventType, dbClass, dbFormName)

afterHitCustom is executed right after a server hit. You can use the input parameters passed by DesignBais:

Parameter Description
dbEventSource ID of the element raising the event
dbEventType Event type
dbClass CSS class name of the element
dbFormName Name of the DesignBais form

Make sure that this function always returns "true"

Security

XSS Prevention

DesignBais provides an input filter against XSS (Cross Site Scripting) attacks. The XSS filter can be turned on by setting the enableXSSshield to "true" for each entryPoint selectively.

Once turned on, the filter checks all inputs to that DBNET and blocks suspicious entry. Note that the XSS filter may be too strict for some web sites and it can be disabled by setting the enableXSSshield to "false".

DesignBais also provides a mechanism to facilitate output encoding. Please refer to your DesignBais Data Component (DATACOMP) user manual for details on how output encoding works.

IIS Security Checklist

The following Microsoft article provides guidance on how IIS should be secured:

https://technet.microsoft.com/en-us/library/jj635855.aspx

DDOS and Brute Force Attacks

IIS Dynamic IP Restrictions Extention can be installed on IIS to provide protection against DDOS and brute force attacks.

Unwanted HTTP Headers

Unwanted HTTP Headers can be removed by installing the StripHeaders Module.

Secure Uploads Folder

When IIS is set to Anonymous or Anonymous+Basic Access, authentication can be provided via the DesignBais login form, or a custom login form provided by the application. Note that DesignBais default authentication mode is Anonymous+Basic.

In these situations, unauthenticated user access to a static file in the Uploads Folder can be prevented. To enable this feature, change Uploads Folder settings in web.config as follows:

<location path="uploads" allowOverride="false">
<system.webServer>
<handlers accessPolicy="Read,Execute">
<remove name="myHandler"/>
<add name="myHandler" verb="*" path="*" type="DesignBaisNET.checkAuth"/>
</handlers>
</system.webServer>
</location>

and set "Secure Uploads Folder" flag to yes in System Parameters.

Note: This feature should not be enabled when Basic or Windows authentication is the only mode set for the DBNET in IIS. It can be enabled if "Anonymous" or "Anonymous+Basic" authentication is being used.

<location path="uploads" allowOverride="false">
<system.webServer>
<handlers accessPolicy="Read"/>
</system.webServer>
</location>

Web Site Launch Checklist

Before launching your web site:

  • Make sure that the login names provided as examples in various DesignBais manuals and papers OR come as WEBCOMP defaults (e.g. "designbais", "dbnetuser", "dbnetuser", "dbpublic" ,"administrator" etc.) are NOT used in your db.config or web.config files. Note that these names must not be used in IIS configuration either.
  • Replace the logo.jpg file with your company logo using the same file name (i.e. logo.jpg)
  • Review your db.config to make sure that DesignBais installation defaults have been changed appropriately to suit your deployment

web.config "customErrors" node should be configured as follows (DesignBais default):

<customErrors redirectMode="ResponseRewrite" defaultRedirect="httperror.aspx?e=1" mode="On"/>

web.config "httpErrors" node should be configured as follows (DesignBais default):

<httpErrors errorMode="DetailedLocalOnly"/>

web.config "trace" node should be configured as follows (DesignBais default):

<trace localOnly="true" enabled="false" pageOutput="false" requestLimit="40"/>

web.config "compilation" node should be configured as follows (DesignBais default):

<compilation debug="false" strict="true" explicit="true" targetFramework="4.5"/>

Admin Tools

The Site Monitor, DBSiteMonitor.exe

Overview

A proper Web Application Firewall (WAF) protects your web sites against cyber attacks. But, if you don't already have a WAF, the DBSiteMonitor can protect your DesignBais web sites against some common types of attacks.

DBSiteMonitor runs on your web server and monitors your DesignBais web sites. When an attack is detected, it blocks the IP address of the attacker.

DBSiteMonitor also monitors the IIS application pools and restarts an application pool if it has stopped (e.g. due to a url scanning attack).

Most common url scanning attacks result in a series of http 404 (not found) errors in quick succession and sometimes these attacks may cause a shut down of your web sites. DBSiteMonitor detects such attack patterns and queries a remote web service to see if the IP address of the attacker is already blacklisted. DBSiteMonitor blocks the IP address on IIS if the blacklist check turns out positive.

DBSiteMonitor.exe is located in your /admin/DBSiteMonitor folder as follows:

An example a Site Monitor configuration file:

<config>
<adminEmail/>
<smtpHost/>
<HIT_PERIOD_SECONDS>120</HIT_PERIOD_SECONDS>
<site>
<url>http://localhost/dbnet/?dbheartbeat=yes</url>
<appPool>dbnetpool</appPool>
<login>mylogin</login>
<pass>mypass</pass>
</site>
<site>
<url>http://localhost/db/remotetest.asp</url>
<appPool>dbwebpool</appPool>
<login>mylogin</login>
<pass>mypass</pass>
</site>
</config>

Site Monitor configuration parameters:

Parameter Allowed Values Description
adminEmail Email address System generated notifications are sent to this address
smtpHost IP address System generated notifications are sent via this email server
HIT_PERIOD_SECONDS Duration in seconds Duration between two health checks (poll period). 120 seconds recommended.
url The url of the site to be checked For v7+ sites, the url must be in this format: http://localhost/DBNET_NAME/?dbheartbeat=yes
where; /DBNET_NAME is the name of the virtual folder and it's the only variable in the url.

Some possible v7+ health check url examples:
http://localhost/dbnet1/?dbheartbeat=yes
http://localhost/dbnet2/?dbheartbeat=yes
http://localhost/?dbheartbeat=yes



For v6 sites, the url must be in this format: http://localhost/DBWEB_NAME/remotetest.asp
where; /DBWEB_NAME is the name of the virtual folder and it's the only variable in the url.

Some possible v6 health check url examples:
http://localhost/dbweb1/remotetest.asp
http://localhost/dbweb2/remotetest.asp
http://localhost/remotetest.asp


IMPORTANT: Do not use domain names in the "url" parameter; e.g. http://www.maydomain.com/dbnet/?dbheartbeat=yes is NOT valid. This parameter must always start with http://localhost.

appPool a string The name of the IIS Application Pool that the web site operates on.
login a string A Windows login user name that has access to the baseUrl above if Basic authentication is being used. This parameter is not necessary for sites that allow anonymous access
pass a string Password for the login if Basic authentication is being used. This parameter is not necessary for sites that allow anonymous access

Set up Procedure

  • In your web.config, replace

    <httpErrors errorMode="DetailedLocalOnly"/>

    with

    <httpErrors errorMode="Custom">
    <remove statusCode="404" subStatusCode="-1"/>
    <error statusCode="404" path="/DBNET_NAME/httperror.aspx" responseMode="ExecuteURL"/>
    </httpErrors>

Starting

You can put DBsiteMonitor.exe in Windows Task Scheduler to make sure that it starts when the web server is restarted.

Logs

Log files are generated in the folder where DBSiteMonitor runs. All activity is logged in file dbIPFilterlogs.txt (i.e. blocked ip addresses and IIS Application Pool restart events).

iplist.txt file provides a list of blocked ip addresses and the date and time of the block. This file is used internally and it must not be deleted or edited.

Notes on Operation

Most logged events are also emailed to the system administrator

If more than 100 IP addresses have been blocked then those addresses older than 15 days are unblocked.

If more than 200 IP addresses have been blocked then no more IP addresses are blocked

The Purger, DBNetPurge.exe

You may want to delete old and temporary files from your DBNET. Any purge utility can be used for this purpose. DesignBais provides its own purger to help you with that: admin/DBNETPurge/DBNetPurge.exe

Folders to be purged are specified in config file admin/DBNETPurge/purgeconfig.xml

An example purge configuration file:

<purgeconfig>
<folder hours="48">C:\inetpub\wwwroot\dbnet\keystore</folder>
<folder hours="240">C:\inetpub\wwwroot\dbnet\debug</folder>
<folder hours="2400">C:\inetpub\wwwroot\dbnet\uploads</folder>
</purgeconfig>

In this example, files older than 48 hours are deleted from the keystore folder.

Purging the keystore folder with a 48 hour cut-off and the debug folder with a 240 hour cut-off is recommended.

The uploads folder and any other folder you might add to your DBNET can also be purged by adding to the configuration file as shown above.

You can set up DBNetPurge.exe as a scheduled task in Windows and configure the task to run every night.

Purging of files does not affect the operation of the web site.

Purge logs can be found in file admin/DBNETPurge/purgeLog.txt

CAUTION: Do not configure purgeconfig.xml with folders that must not be purged.

web.config files are not deleted by the purge program.

Testing Emails

DesignBais email functionality can be tested using the test page admin/emailTest.aspx.

The test program uses the email server parameters as specified in admin/db.config. These parameters are:

  • smtpHost
  • smtpPort
  • smtpEnableSsl
  • smtpHTMLFormat
  • smtpLogin
  • smtpPassword

Testing File Upload

DesignBais file upload functionality can be tested using the test page admin/uploadTest.aspx.

Encrypting db.config

Some organisations prefer their config files encrypted. To encrypt your db.config file:

  • Make a copy of your db.config file and store it in a safe location (e.g. another machine)
  • Navigate to dbnet/admin/enc.aspx page. This page will encrypt db.config and save it as dbEnc.config. It will also make a back up copy of your original file which you need to move to a secure location.
  • An encrypted file can be also be decrypted by navigating to the same page (dbnet/admin/enc.aspx).

RTF Editor

DesignBais provides an optional module to enable editing in RTF. Please contact us if your platform requires an RTF Editor.

Note that the RTFServer can be installed only on Windows 8, Windows Server 2012 and later operating systems

 

DBMail

DesignBais provides DBMail as an optional module. DBMail can be used to send emails with attachments (e.g. pdf, xls etc.).  Running outside IIS, DBMail helps reduce the load on the web server and make your applications more responsive.  Please refer to the user manual for details.

 

Troubleshooting

Test Pages

Assuming that your DBNET is located at http://localhost/dbnet

  • Navigate to http://localhost/dbnet/test.html to make sure that the web server is running. This page displays a single line.
  • Navigate to http://localhost/dbnet/test.aspx to make sure that the ASP engine is running. This page displays the current server time. If this fails then please go back to the "Quick Start" section of this manual and double check to make sure that you haven't skipped a step.

Connection Tests

Connection test programs are provided in folder /admin/TestHarness for all supported platforms. Run these programs to see if the web server can communicate with the DesignBais data component.

A successful Universe test would look like this:

System Logs

System logs are found in DBNET/debug folder.

debug.txt File

debug.txt file logs data sent and received between the web server and the database server for debugUser as specified in db.config. The log stops around 750KB. debug.txt file can be deleted anytime. If deleted, it's recreated by the system and starts logging again.

Debug file uses the normalised computer name as a prefix: e.g. COMPUTERNAME_debug.txt

The first line of each data packet sent to the database contains the following parameters:

logon:... IP:.... url:... browser:.... session:.... window:.... hit:... time:.....

You may be interested in the logon and IP parameters showing the login name and the IP address of the user respectively. Other parameters may be used by DesignBais for low level diagnostics. This line is followed by an XML string between the tags; <TO>...</TO>
Messages received from the database are logged similarly except the data packets are contained within <FROM>...<FROM> tags.

Error Log Files

DBNET/debug folder also stores error logs in individual files. An error file name can be in one these two forms:

  • COMPUTERNAME_LoginName_NormalisedAccountName_ErrorReportCode_RandomString.txt
  • ErrorReportCode_RandomString.txt

A few things to note on error file names:

The second form is used if the login name or the account name cannot be determined
ErrorReportCode is a six character string that is displayed to the user when an error occurs. Users are expected to report these codes if they encounter any errors when using the application
NormalisedAccountName is the database account name after all non-alphanumeric characters removed. (e.g. c:\xyz\abc becomes cxyzabc)

Reporting a Problem to DesignBais

In some cases you'll be able to fix problems by using the details provided in system logs. Sometimes you may need to send them to us (DesignBais) for analysis.

In reporting a problem provide debug.txt and error log files captured at time of the incident.

Notes

A spell checker is no longer provided as part of DesignBais as all modern browsers already provide spell checking.

FAQ

Can I save my DBNET folder anywhere on the server?

Yes, you can. Your DBNET does not have to be under c:\inetpub\wwwroot. When you create a DBNET virtual folder in IIS, you can set its physical folder as you need (e.g. d:\web\dbnet). After that you can convert that virtual folder to an IIS application.

Can I leave my DBNET folder as a virtual folder in IIS (not convert it to an IIS application)?

No. Each DBNET must be converted to an application in IIS.

www.designbais.com support@designbais.com Licence Agreement
DesignBais Pty Ltd
ACN 056 589 087
Level 1, 25 Ryde Road
Pymble 2073 NSW AUSTRALIA
T: 61 2 9934 1800
F: 61 2 9934 1801


DesignBais @2021