Class
WebAppSecurityOptions
Description
Used by the Security property of the WebApplication class to specify security requirements.
Properties
Name |
Type |
Read-Only |
Shared |
---|---|---|---|
Enumerations
WebAppSecurityOptions.ConnectionTypes
ConnectionTypes
Determines the level of Secure Socket Layer (SSL) or Transport Layer Security (TLS) required.
Name |
Description |
---|---|
SSLv2 |
SSL version 2 |
SSLv23 |
SSL version 2.3 |
SSLv3 |
SSL version 3 |
TLSv1 |
TLS version 1 |
TLSv11 |
version 1.1 |
TLSv12 |
version 1.2 |
WebAppSecurityOptions.FrameOptions
FrameOptions
Determines whether or not you will allow the web app to be embedded in another web page via an <iframe> tag. The default is SameOrigin.
Name |
Description |
---|---|
Deny = 0 |
Does not allow a web application to appear in an <iframe> in another html page, regardless of the domains involved. |
SameOrigin = 1 |
Allows a web application to appear in an <iframe> of another html page, regardless of its domain. |
Allow = 2 |
(Default) Allows the web application to appear in an <iframe> of another html page, as long as the domains exactly match. |
Property descriptions
WebSecurityOptions.ConnectionType
ConnectionType As ConnectionTypes
Determines the level of Secure Socket Layer (SSL) or Transport Layer Security (TLS) required. By default, the ConnectionType uses TLSv12.
A TLS/SSL connection established with this enum may understand the SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols. If extensions are required (for example server name) a client will send out TLSv1 client hello messages including extensions and will indicate that it also understands TLSv1.1, TLSv1.2 and permits a fallback to SSLv3. A server will support SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols. This is the best choice when compatibility is a concern.
WebSecurityOptions.FrameOption
FrameOption As FrameOptions
Determines whether or not you will allow the web app to be embedded in another web page via an <iframe> tag. The default is SameOrigin.
Sample Code
This example, in the App.Opening event, allows a web app to appear in an <iframe> on any web page from any server:
Self.Security.FrameEmbedding = WebAppSecurityOptions.FrameOptions.Allow
This example, in the App.Opening event, uses an older connection type (not recommended):
Self.Security.ConnectionType = WebAppSecurityOptions.ConnectionTypes.TLSv1
Compatibility
Web projects types on all supported operating systems.
See also
Object parent class; WebApplication.Security property