Manually configuring IIS Settings

Some settings for the Web Portal can also be manually updated directly via IIS. This may be required when relocating your HelpMaster database, performing maintenance, or for testing etc.

Updating the database connection string

The HelpMaster database connection string is located in the “appsettings.json” file that is located in the root folder. Open this file with Notepad (or similar) and adjust the settings.

“Data Source” is the SQL Server instance name e.g. SQLServer\Express or (local).
“Initial Catalog” is the name of the HelpMaster database e.g. HelpMaster Sample.

{
  "ConnectionStrings": {
    "DefaultConnection": "Data Source=(local);Initial Catalog=HelpMaster Sample;Integrated Security=SSPI;Application Name=HelpMaster Web Portal;"
  },
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft": "Warning",
      "Microsoft.Hosting.Lifetime": "Information"
    }
  },
  "AllowedHosts": "*"
}

Manually updating the IIS Application Pool account

Set IIS application pool identity

Ensure that this account is part of the IIS_IUSRS group on that machine. This permission is required so that the service account can create and write Windows event logs for IIS.

The HelpMaster Service Account group membership

The HelpMaster service account that is used for the IIS Application pool must be part of the local IIS_IUSRS group on the same machine as IIS. This is required so that the account can create and write IIS event logs.

HelpMaster service account IIS_IUSRS

IIS HSTS

HSTS (HTTP Strict Transport Security) is a security feature in IIS that forces browsers to communicate only over HTTPS, preventing protocol downgrade attacks and cookie hijacking. Configuring HSTS involves enabling it in the IIS HTTP Response Headers settings, optionally setting parameters like the max-age directive and including subdomains.

IIS configuration best practice advice is to always use HSTS for web and webapi sites.

The HelpMaster web portal is designed to implement HSTS by default, which will ensure that all communication is performed via SSL, however, it is also possible to override these settings by either using the features in IIS, or updating the settings in the appsettings.json file that is in the root-folder of the web portal application.

Note, if multiple HSTS headers are causing issues, turn off the IIS HSTS option and let HelpMaster implement it via the settings in appsettings.json

  "HstsOptions": {
    "MaxAgeDays": 365,
    "IncludeSubDomains": true,
    "Preload": false
  },

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.