Exposing Tax Balance
Inbound Requests
The Tax Balance Server hosts an HTTP API and the Tax Balance Web Application which you can configure to use standard TCP ports (80/443) or non-standard ports.
Configure bindings
Open the
appsettings.json
file located at the Tax Balance installation directory.Change the value of the key Urls. Separate multiple binding URLs with a colon (
;
)
Top-level wildcard bindings (http://*:80/
and http://+:80
) should not be used. Top-level wildcard bindings create app security vulnerabilities. This applies to both strong and weak wildcards. Use explicit host names or IP addresses rather than wildcards.
Preregister URL prefixes
The built-in tool for configuring HTTP.sys is netsh.exe
. Use this tool to reserve URL prefixes and assign X.509 certificates. The tool requires administrator privileges.
Use netsh.exe
tool to register URLs for Tax Balance:
netsh http add urlacl url=<tax-balance-url-prefix> user=<tax-balance-user>
Replacing
<tax-balance-url-prefix>
with the URL prefix fromappsettings.json
Replacing
<tax-balance-user>
with the account that will use the URL prefix
It is possible to use windows groups for the user parameter, e.g., Everyone, Users. Be aware to use German terminology on systems that are set in the German language, e.g., Jeder, Benutzer
When a URL is registered, the tool responds with URL reservation successfully added.
To delete a registered URL, use the delete urlacl
command:
netsh http delete urlacl url=<url-prefix-to-delete>
Register X.509 certificate
Use the netsh.exe
tool to register a certificate for Tax Balance Server.
netsh http add sslcert
ipport=<tax-balance-url-prefix>
certhash=<tax-balance-certificate-thumbprint>
appid="{23842322-71a0-4aed-9852-eb1e5cea2c17}"
Replacing
<tax-balance-url-prefix>
with the URL prefix fromappsettings.json
Replacing
<tax-balance-certificate-thumbprint>
with the X.509 certificate thumbprint from a certificate stored in the Windows certificate for the local machine.
Use ipport
parameter when binding X.509 to IP adress and port combination, e.g, 0.0.0.0:443. Use hostnameport
when binding X.509 certificate to host name and port combination, e.g., localhost:443.