Exposing Tax Transfer DE
Inbound Requests
Tax Transfer DE hosts an HTTP API which you can configure to use standard TCP ports (80/443) or non-standard ports.
Configure bindings
Open the
appsettings.json
file located at the Tax Transfder DE installation directory.Change the value of the key Urls. Separate multiple binding URLs with a colon (
;
)
Top-level wildcard bindings (http://*:80/
and http://+:80
) should not be used. Top-level wildcard bindings create app security vulnerabilities. This applies to both strong and weak wildcards. Use explicit host names or IP addresses rather than wildcards.
Preregister URL prefixes
The built-in tool for configuring HTTP.sys is netsh.exe
. Use this tool to reserve URL prefixes and assign X.509 certificates. The tool requires administrator privileges.
Use netsh.exe
tool to register URLs for Tax Transfer DE:
netsh http add urlacl url=<tax-transfer-de-url-prefix> user=<tax-transfer-de-user>
Replacing
<tax-transfer-de-url-prefix>
with the URL prefix fromappsettings.json
Replacing
<tax-transfer-de-user>
with the account that will use the URL prefix
It is possible to use windows groups for the user parameter, e.g., Everyone, Users. Be aware to use German terminology on systems that are set in the German language, e.g., Jeder, Benutzer
When a URL is registered, the tool responds with URL reservation successfully added.
To delete a registered URL, use the delete urlacl
command:
netsh http delete urlacl url=<url-prefix-to-delete>
Register X.509 certificate
Use the netsh.exe
tool to register a certificate Tax Transfer DE.
netsh http add sslcert
ipport=<tax-transfer-de-url-prefix>
certhash=<tax-transfer-de-certificate-thumbprint>
appid="{b985d85c-9533-452c-a0e3-0d8231cf5e240}"
Replacing
<tax-transfer-de-url-prefix>
with the URL prefix fromappsettings.json
Replacing
<tax-transfer-de-certificate-thumbprint>
with the X.509 certificate thumbprint from a certificate stored in the Windows certificate for the local machine.
Use ipport
parameter when binding X.509 to IP adress and port combination, e.g, 0.0.0.0:443. Use hostnameport
when binding X.509 certificate to host name and port combination, e.g., localhost:443.
Â