Class

WebAppSecurityOptions


Description

Used by the Security property of the WebApplication class to specify security requirements.

Properties

Name

Type

Read-Only

Shared

ConnectionType

ConnectionTypes

FrameOption

FrameOptions

Enumerations

WebAppSecurityOptions.ConnectionTypes

ConnectionTypes

Determines the level of Secure Socket Layer (SSL) or Transport Layer Security (TLS) required.

Name

Description

SSLv2

SSL version 2

SSLv23

SSL version 2.3

SSLv3

SSL version 3

TLSv1

TLS version 1

TLSv11

version 1.1

TLSv12

version 1.2

WebAppSecurityOptions.FrameOptions

FrameOptions

Determines whether or not you will allow the web app to be embedded in another web page via an <iframe> tag. The default is SameOrigin.

Name

Description

Deny = 0

Does not allow a web application to appear in an <iframe> in another html page, regardless of the domains involved.

SameOrigin = 1

Allows a web application to appear in an <iframe> of another html page, regardless of its domain.

Allow = 2

(Default) Allows the web application to appear in an <iframe> of another html page, as long as the domains exactly match.

Property descriptions


WebSecurityOptions.ConnectionType

ConnectionType As ConnectionTypes

Determines the level of Secure Socket Layer (SSL) or Transport Layer Security (TLS) required. By default, the ConnectionType uses TLSv12.

A TLS/SSL connection established with this enum may understand the SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols. If extensions are required (for example server name) a client will send out TLSv1 client hello messages including extensions and will indicate that it also understands TLSv1.1, TLSv1.2 and permits a fallback to SSLv3. A server will support SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols. This is the best choice when compatibility is a concern.


WebSecurityOptions.FrameOption

FrameOption As FrameOptions

Determines whether or not you will allow the web app to be embedded in another web page via an <iframe> tag. The default is SameOrigin.

Sample Code

This example, in the App.Opening event, allows a web app to appear in an <iframe> on any web page from any server:

Self.Security.FrameEmbedding = WebAppSecurityOptions.FrameOptions.Allow

This example, in the App.Opening event, uses an older connection type (not recommended):

Self.Security.ConnectionType = WebAppSecurityOptions.ConnectionTypes.TLSv1

Compatibility

Web projects types on all supported operating systems.

See also

Object parent class; WebApplication.Security property