Version: 2024.1.1

inPoint.Core

inPoint.Core is (amongst other things) hosting the official public REST service.

For a detailed descriptions of all it's glorious features please see the inPoint.Core/REST section.

Configuration

All settings are defined in only one single file, the appsettings.json file (default location: C:\Program Files (x86)\HS Europe\inPoint.Enterprise\inPoint.Core\appsettings.json).

Full Sample:

{
  "urls": "https://inPoint.demo.local:8081",
  "Kestrel": {
    "Certificates": {
      "Default": {
        "Path": "",
        "Password": "",
        "Subject": "*.demo.local",
        "Store": "My",
        "Location": "LocalMachine"
      }
    }
  },

  "General": {
    "configFile": ""C:\\Program Files (x86)\\HS Europe\\inPoint.Enterprise\\inPoint.WebDav\\web\web.config""
  },

  "Authentication": {
    "apiKeys": [
      {
        "enabled": true,
        "apiKey": "lns",
        "userName": "leon.segal@hs-soft.com",
        "IPAddresses": ["172.25.100.35", "127.0.0.1"],
        "allowImpersonation": true
      }
    ],
    "basic": [
      {
        "enabled": true,
        "userName": "leon.segal@hs-soft.com",
        "password": "anyPasswordWillDo",
        "IPAddresses": ["172.25.100.144", "127.0.0.1"],
        "allowImpersonation": false
      }
    ]
  },

  "Firewall": {
    "useProxy": false,
    "rules": [
      {
        "allowLocalhost": true,
        "AllowIPRanges": ["0.0.0.0/0"]
      }
    ]
  },

  "Serilog": {
    // https://github.com/serilog/serilog/wiki/Configuration-Basics
    "MinimumLevel": {
      "Default": "Verbose",
      "Override": {
        "Microsoft": "Warning",
        "System": "Warning"
      }
    },
    "WriteTo": [
      {
        // https://github.com/serilog/serilog-sinks-rollingfile
        "Name": "RollingFile",
        "Args": {
          "pathFormat": "c:\\temp\\logs\\inPoint.Core-{Date}.log",
          "fileSizeLimitBytes": 1000000000,
          "retainedFileCountLimit": null,
          "buffered": true,
          "outputTemplate": "[{Timestamp:HH:mm:ss} {Level:u3}] {Message}{NewLine}{Exception}"
        }
      }
    ]
  },

  "Plugins": {
    "enabled": true,
    "disabledPlugins": [
      "clr-namespace:inPoint.Core.TestPlugins.SamplePlugins.DisabledPlugin2;assembly=inPoint.Core.TestPlugins"
    ]
  }
}

Root

At the root on the config (no section) only one value is available:

urls

Default: http://localhost:5000;https://localhost:5001

CSV list of host urls (see documentation)\

Kestrel

The Kestrel section is used to configure Kestrel which is the actual web server used by inPoint.Core. See the official Microsoft documentation for more details. Per default there is nothing configured in this section except for the certificates.

Certificates

This section configures the SSL certificate for the connection. See the SSL documentation for more details. During installation these values will be fetched from the user.

General

The General section currently includes following settings:

baseName

Per default inPoint.Core attaches to the root of the URL (e.g. https://localhost:8081/), here you can define a sub-url to use instead. Useful when combining multiple services on the same URL.

configFile

Default: none Full path to web.config file used by inPoint.Core (only for pamSettings)
If not set the value is taken from the installation folder (on default installation it evaluates to: C:\Program Files (x86)\HS Europe\inPoint.Enterprise\inPoint.WebDav\web\web.config)

staticRoutes

Default: none
Configures custom mapping of any folder (outside wwwroot) to a custom url path\

Sample:

"General": {
    "staticRoutes": [
        {
            "requestPath": "/customer",
            "localPath": "D:\\DATA\\CUSTOMER",
            "enableDirectoryBrowsing": true
        }
    ]
},

You should then be able to access https://localhost:8081/customer

A static route has the following properties:

requestPath

the virtual path (e.g. /customer)

localPath

the physical path where the files are located (either relative e.g. customfiles/ or a fullpath)

enableDirectoryBrowsing

Default: false
Whether to allow browsing the folder contents (when not specifying an exact file).

Authentication

The Authentication section defines the different Authentication configurations.

apiKeys

Array of all pre-configured api keys.

Sample:

"apiKeys": [
    {
        "enabled": true,
        "apiKey": "lns",
        "userName": "leon.segal@hs-soft.com",
        "IPAddresses": ["172.25.100.35", "127.0.0.1"],
        "allowImpersonation": true
    }
]

Calling an API method with http://localhost:8080/api/docs/xxx?key=lns would only be allowed to those 2 IP addresses and automatically mapped to 'leon.segal@hs-soft.com'.

enabled

Default: false

apiKey*

string key identifier

userName*

inPoint user to map to (must be pre-existing).

IPAddresses*

List of IP addresses allowed to use this apiKey - anyone else will be denied.

allowImpersonation

Default: false
whether this key is allowed to impersonate a different user

basic authentication

Sample:

"basic": [
    {
        "enabled": true,
        "userName": "leon.segal@hs-soft.com",
        "password": "anyPasswordWillDo",
        "IPAddresses": [ "172.25.100.144", "127.0.0.1" ],
        "allowImpersonation": false
    }
]

enabled

Default: false

userName*

inPoint user name to map to (also used as the Basic.username)

password*

Custom Basic.password (nothing to do with the inPoint User NTLM Password!)

Important
For full compatibility with all sorts of clients use only lower ASCII characters! The server uses UTF-8 for decoding but some clients will use ISO-8859-1 or even plain ASCII for sending the user and password.

IPAddresses*

List of IP addresses allowed to use this basic authentication user - anyone else will be denied.

allowImpersonation

Default: false

whether this key is allowed to impersonate a different user

Logging

inPoint.Core uses a comprehensive structured logging system which will also include the "legacy logs" from log4net (see log4net_inPoint.Core.config).

NOTE: inPoint.Core uses serilog and log4net, be sure to configure both config files.

  • appsettings.json
  • log4net_inPoint.Core.config

More details about logging see the logging chapter.

You can change some settings directly in the appsettings.json file:

Example

    "Serilog": {
        // https://github.com/serilog/serilog/wiki/Configuration-Basics
        "MinimumLevel": {
            "Default": "Warning",
            "Override": {
                "Microsoft": "Warning",
                "System": "Warning"
            }
        },

        "WriteTo": [{
            // https://github.com/serilog/serilog-sinks-rollingfile
            "Name": "RollingFile",
            "Args": {
                "pathFormat": "c:\\temp\\logs\\inPoint.Core-{Date}.log",
                "fileSizeLimitBytes": 1000000000,
                "retainedFileCountLimit": null,
                "buffered": true
            }
        }]
    }

Firewall

inPoint.Core includes a very simple software firewall to limit access further based on IP addresses (or ranges).

You can either limit access to the whole REST service or even just to specific urls (e.g. you could limit access to a specific /custom/plugin).

NOTE: Per default only localhost is allowed access.

In order to correctly map IP addresses when using a reverse-proxy the correct Proxy settings need to be adjusted (otherwise inPoint.Core will only ever receive the internal IP address of your Proxy server).

Sample:

"Firewall": {
    "useProxy": true,
    "proxyIPs": [ "172.25.139.21" ],
    "rules": [
      {
        "allowLocalhost": true,
        "allowIPRanges": [ "0.0.0.0/0" ]
      }
    ]
  },

useProxy

Default: false
Whether inPoint.Core is running behind a Reverse-Proxy. This setting is required otherwise inPoint.Core will only ever receive the internal IP address of your Proxy server.

proxyIPs

If useProxy is set, this defines the known Proxy server IP addresses in order to correctly map the external IP addresses (without this anyone could "fake" a Proxy request and claim to be whichever IP address it wants).

proxyIPRanges

If useProxy is set, this defines the known Proxy server IP addresses ranges in order to correctly map the external IP addresses (without this anyone could "fake" a Proxy request and claim to be whichever IP address it wants).
Note: uses standard CIDR notation.

rules

Those are the actual Firewall rules defining who can access what.

allowLocalhost

Default: false
Whether to allow localhost.

AllowIPs

Which specific IPs are allowed in this Rule.

AllowIPRanges

Which IP ranges are allowed in this Rule.
Note: uses standard CIDR notation.

Paths

Use globbing patterns to define which paths to protect. Sample:

    "paths": [ "/custom/**" ]

Plugins

inPoint.Core allows Plugin to extend the /custom endpoint. See inPoint.Core Plugins for the Developers guide.

Sample:

"Plugins": {
    "enabled": true,
    "disabledPlugins": [
      "clr-namespace:inPoint.Core.TestPlugins.SamplePlugins.DisabledPlugin2;assembly=inPoint.Core.TestPlugins"
    ]
  }

enabled

Default: true
Whether to enable and serve custom plugins.

disabledPlugins

Allows you to specify namespaces (assembly ids) of plugins to exclude (not serve).