Class

WebAppSecurityOptions

Description

Used by the Security property of the WebApplication class to specify security requirements.

Enumerations

WebAppSecurityOptions.ConnectionTypes

ConnectionTypes

Determines the level of Secure Socket Layer (SSL) or Transport Layer Security (TLS) required. By default, the ConnectionType uses TLSv12.

A TLS/SSL connection established with this enum may understand the SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols. If extensions are required (for example server name) a client will send out TLSv1 client hello messages including extensions and will indicate that it also understands TLSv1.1, TLSv1.2 and permits a fallback to SSLv3. A server will support SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols. This is the best choice when compatibility is a concern.

Name	Description
SSLv2	SSL version 2
SSLv23	SSL version 2.3
SSLv3	SSL version 3
TLSv1	TLS version 1
TLSv11	version 1.1
TLSv12	version 1.2

WebAppSecurityOptions.FrameOptions

FrameOptions

Determines whether or not you will allow the web app to be embedded in another web page via an <iframe> tag. The default is SameOrigin.

Name	Description
Deny = 0	Does not allow a web application to appear in an <iframe> in another html page, regardless of the domains involved.
SameOrigin = 1	Allows a web application to appear in an <iframe> of another html page, regardless of its domain.
Allow = 2	(Default) Allows the web application to appear in an <iframe> of another html page, as long as the domains exactly match.

Sample Code

This example, in the App.Opening event, allows a web app to appear in an <iframe> on any web page from any server:

Self.Security.FrameEmbedding = WebAppSecurityOptions.FrameOptions.Allow

This example, in the App.Opening event, uses an older connection type (not recommended):

Self.Security.ConnectionType = WebAppSecurityOptions.ConnectionTypes.TLSv1

Compatibility

Web projects types on all supported operating systems.