Web.config File Options

The web.config file contains several global application options used throughout both the ASP.NET and classic ASP code of SOLO Server. When you install SOLO Server in a new website root or virtual directory (as recommended), many of the settings are already configured to allow the application to run. You can later come back to adjust the global settings as needed.

Changing Values in web.config

Important

If any changes are made to the web.config file, be sure to save global.asa, so that IIS sees a new timestamp on this file. When it does, it will re-load configuration parameters from web.config for the classic ASP code to see. Alternatively, you may reset IIS or recycle the application pool to force the new parameters to be read.

<system.web> section

This section contains standard ASP.NET settings. You must set up identity impersonation in this section to allow the site to run as the user mapped to the SOLOServer user on the database. This is taken care of automatically by the installer on fresh installs. To change or edit the user, modify the following entry in the file, filling in the username/password of the SOLO Server user.

<identity impersonate="true" userName="[WebUserName]" password="[WebUserPassword]"/>

<system.webServer> section

This section contains several sections to configure SOLO with IIS:

modules - The entries here wire in HttpModules with IIS:
- HttpErrorHandlerModule - Global error/exception handler for .NET portions of SOLO Server.
- HttpRequestValidatorModule - Enables ASP.NET request validation for non-.NET based web pages within SOLO Server.
- HttpIPAddressMasker - This module is commented out by default. When uncommented, injects a MASKED_IP header into the request with the content being the client IP address with the final octet masked. When used in conjunction with IIS Advanced Logging (IIS 7-8.5) or IIS Custom Logging (IIS 10), this can be used to only log a masked version of the IP Address to the IIS logs, which can reduce exposure under the EU GDPR.
- AuthorFileManagerValidator - Handles session authentication for the FileUltimate module used for file management on the server.
handlers - The entries here wire in HttpHandlers with IIS for handling extensionless URLs on specific paths within SOLO Server which require this functionality.
staticContent - The entries here define MIME mappings for the .woff and .woff2 file extension, which are not defined by default in IIS.

<location> sections

By default, the web.config will be configured with three location sections. The first location section configures the IIS request filtering feature to allow the PUT and DELETE verbs for the API used for certain pages in the administrative interface. This will be commented out by default, and must be uncommented if using request filtering. The second location section configures custom error handling for custom uncompiled classic ASP scripts:

The section targets the custom products/custom directory off of the SOLO root directory.
Within this section, a system.WebServer/httpErrors node is configured to route all 500.100 errors to the customerrorhandler.asp script in the root of the custom directory.

The third location element configures file upload size limitations for ESD and storefront files uploaded through SOLO. The section contains two subsections which configure IIS to allow uploads of up to 300 MB.

system.web - contains an httpRuntime entry telling IIS to allow up to a 300 MB maximum request length (value is in KB).
system.webServer - contains a security/requestFiltering entry telling the request filtering feature of IIS to allow a maximum content length of 300MB (value is in bytes). By default, this section is commented out, as request filtering is not a default feature of IIS. If using request filtering, uncomment this section.

<runtime> section

This section defines assembly bindings for several dependencies.

<connectionStrings> section

This section contains the database connection string for SOLO features leveraging the Entity Framework.

<appSettings> section

Several SOLO Server specific settings are defined in this section as follows:

ASP.NET Settings

ValidationSettings:UnobtrusiveValidationMode: Controls how classic ASP.NET web forms validation functions. Should always be set to None.

External Configuration Settings

SOLOConfigPath: File system path and filename to the common SOLO.config file shared between the ASP and ASP.NET portions of SOLO Server. This is generally installed in the web root directory, but this is not required.
HttpRequestValidatorConfigurationPath: File system path and filename to the configuration file for the HttpRequestValidator component. This should typically match the path specified in SOLOConfigPath. Custom implementations can use a separate configuration file if necessary.
HttpErrorHandlerConfigurationPath: File system path and filename to the configuration file for the HttpErrorHandler component. This should typically match the path specified in SOLOConfigPath. Custom implementations can use a separate configuration file if necessary.

Web Service Settings

InternalWebServiceUsername: The username used to secure and authenticate communications to the internal web services.
InternalWebSevicePassword: The password used to secure and authenticate communications to the internal web services.

Database Settings

ConnectionString:: The connection string to the SOLO Server database.
DatabaseApplicationName: Optional name to pass as the Application Name in the connection string.
ConnectionProvider: Data provider for ADO in the COM based portions of SOLO Server. By default, SOLO Server will use SQL Server Native Client 11 (SQLNCLI11), falling back to the older OLE DB provider (SQLOLEDB.1) if the native client is not installed. This can be used to override the default and use a specific provider.
LongRunningQueryTimeout:: The timeout value (in seconds) to allow long running queries to execute on .NET web pages. If set to 0 or omitted, the default value of 30 seconds is used. Currently this will affect the timeout for searching on customer details and for any .NET based reports. This should be left at 0 unless you are experiencing database timeouts searching for customers or running .NET based reports. Also note that if you increase this near or above 90 seconds, you should also set the executionTimeout property of the httpRuntime element in the web.config value to a value slightly greater than this value to prevent ASP.NET timeouts from occurring.
CorruptedConnectionDetectionEnabled: Advanced option. Whether to attempt to detect and log corrupted connection state in the classic ASP connection pool. These states can occur when the database server goes offline, but ASP does not detect connections that have been severed. Requires granting the application user permission to write to the application event log.

Web Site Options

SOLODirRoot: Folder that contains SOLO Server root directory. If during installation you chose to install SOLO Server at the web site root directory, this parameter should be "". Otherwise, if SOLO Server was installed in a subdirectory below the web root, this parameter should be the path to that directory from the root - i.e. "/solo". Note: Internally this value is used within SOLO Server when setting the path property on several http cookies. Since web browsers treat cookie paths as case-sensitive, this value is also case-sensitive. For this reason, we recommend always using lower case for this value and treating all paths within SOLO Server as lower case.
EnableAffiliateSignup: True/False as to whether the affiliate signup page should be enabled.
AffiliateMasterAgreementName: This should be set to the name of the agreement that the master identity hosting the server uses for Affiliates to review before signing up. Example "Concept Software Network Agreement".
AffiliateMasterAgreementURL: The document containing the master affiliate network agreement. This will be displayed on all authors' affiliate sign-up pages.
SOLOAffiliateSecure: Set to True to require affiliate pages to require a secure login through https.

Email Settings

EmailDeliveryMethod

The email delivery method. Can be one of the following:

Network - Email sent using network mail delivery through the specified SMTPRemoteHost/SMTPRemotePort.
PickupDirectoryFromIis - Emails are written to the default local IIS pickup directory.
SpecifiedPickupDirectory - Emails are written to the specified file system directory.

SMTPRemoteHost

The SMTP server for Network mail delivery.

SMTPRemotePort

The remote port to use for Network mail delivery.

SMTPUseSsl

Whether to use an SSL connection for Network mail delivery (true or false).

SMTPUser

The SMTP user name, if necessary.

SMTPPassword

The SMTP user password, in necessary.

EmailAlwaysLogToQueue

When using Network as the EmailDeliveryMethod, set this to True to always log emails to the EmailPickupDirectory in addition to sending the email.

EmailPickupDirectory

The pickup directory for the SpecifiedPickupDirectory delivery method. When using Network delivery, this is also the location of the queue folder where the files will be written should the network server become unavailable.

EMailAdminName

From name used in administrative email messages to authors.

EMailAdminAddr

From email address used in administrative email messages to authors.

EMailOrderError

Email address to display to customer to contact when their account can't be found in the Customer License Portal lost password script or during other error conditions that typically never happen. In the case of the lost password script, the user can be directed to a support URL by specifying a value for the configuration parameter ErrorSupportURL.

EMailOrderSubject

Subject for default new order confirmation email.

EMailErrorLogPath

File system path to the log file where email errors are logged. Generally this is in the SOLO Server temp directory, but this is not required. Note that the user the website is running under should have permission to write to the directory.

File System Settings

SOLOCustomRootDir: File system root directory where customizable HTML, XSL, XML, and WebComponentPages templates/resource file root folders are located. This is set by the installer to point to the /SOLO/DLLS subdirectory off of the install root directory. In a default configuration, SOLO Server will assume each of the template directories to be the CustomHTML, CustomXSL, CustomMSL, and WebComponentPages subdirectories of this directory when loading template files from the file system.
SOLOCustomHTMLDir: Optional file system root directory for Custom HTML files to override the default directory of SOLOCustomRootDir\CustomHTML. The directory must allow the web site user read access.
SOLOCustomXSLDir: Optional file system root directory for Custom XSL files to override the default directory of SOLOCustomRootDir\CustomXSL. The directory must allow the web site user read access.
SOLOCustomXMLDir: Optional file system root directory for Custom XML files to override the default directory of SOLOCustomRootDir\CustomXML. The directory must allow the web site user read access.
TempDir: File system root directory to store temporary files. This directory must exist and the web site user must have read/write access. Note that a trailing backslash should NOT be specified.
FileStorageRoot: File system root directory for ESD files. This directory must exist and the web site user must have read/write access to it. This folder is typically not accessible via HTTP through any web site.
FileUltimate:DisableVideoThumbnails: Whether to disable the video thumbnails feature of the FileUltimate control used for managing storefront and ESD files. This feature is known to result in crashes of the IIS worker process in certain scenarios. Setting this to 1 will disable this feature and eliminate the crash issue.

Amazon Web Services Settings

UseAWSForESD: True/False as to whether to use Amazon Simple Storage Service (S3) for electronic software delivery.
AWSBucket: The AWS bucket name.
AWSAccessKey: Access Key for the AWS bucket.
AWSSecretKey: Secret Key for the AWS bucket.

Web Component Pages Settings

WebComponentPagesRoot: Optional file system root directory for Custom XSL files to override the default directory of SOLOCustomRootDir\WebComponentPages. The directory must allow the web site user read access.
WebComponentPagesDatabaseIdentifier: Application specific database identifier for database objects used by the WebComponentPages objects. This should always be "SOLO".

Cookie Settings

CookieEncryptionKey: Encryption key used when encrypting cookie values. A random string should be used here. If omitted, the default key will be used.

Fraud Control Settings

FraudIPAutoInsert: Set to True to enable automatic insertion of the IP address into the FraudIP table when HOLD is returned by bank.
FraudIPDaysToBlock: Number of days to block an IP address after insertion into the FraudIP table.

WorldPay Payment Gateway Options

WorldPayTest

Test value to pass when in test mode for the WorldPay payment gateway. Use the following values:

101 - Test mode returning a decline
100 - Test mode returning an approval
0 - Live mode

PayPal Payments Standard Options

PayPalLog: Set to "Yes" to enable PayPal logging.
PayPalBNCode: For use with the PayPal Partner program. The PayPal Partner BN Code. When specified, this value will be included as the bn form input on the .NET cart PayPalRedirect.aspx page.

PayPal Payments Pro Settings

PayFlowServer: The live PayPal Payments Pro processor host - currently payflowpro.paypal.com. Note that https:// should NOT be specified.
PayFlowTestServer: The test PayPal Payments Pro processor host - currently pilot-payflowpro.paypal.com. Note that https:// should NOT be specified.
PayFlowPort: The port to use when communicating with the PayPal server, typically 443 (for https).
PayFlowTimeout: The time in seconds to allow before timing out a connection to the PayPal server.
PayFlowProxyServer: The proxy server to use when connecting with the PayPal server (if applicable).
PayFlowProxyPort: The port on the proxy server to use when connecting with the PayPal server (if applicable).
PayFlowProxyUsername: The proxy username to use when connecting with the PayPal server (if applicable).
PayFlowProxyPassword: The proxy password to use when connecting with the PayPal server (if applicable).
PayFlowBNCode: For use with the PayPal Partner program. The PayPal PayFlow Partner BN Code. When specified, this value will be included in payment request to the PayFlow gateway.
Standard PayFlow API entries: The remaining entries here are the standard PayPal Payments Pro API configuration settings for tracing/logging and are not specific to SOLO Server. See the PayPal Payments Pro API documentation for more details.

Authorize.NET Settings

AuthorizeNETServer: The URL to the live Authorize.NET processor - currently https://secure2.authorize.net/gateway/transact.dll
AuthorizeNETTestServer: The URL to the test Authorize.NET processor - currently https://test.authorize.net/gateway/transact.dll

Payment Server Web Service Settings

PaymentGatewayLogPath: The file system path to store payment gateway log files on the server. If left blank, no logging will be performed. The user account the web site is running under should have permissions to create and write files in the specified directory.
PaymentGatewayTimeout: The timeout (in seconds) for credit processing to wait for a response from the PaymentServer web service. Omit or set to 0 to use the default value of 3 minutes. Only set this value if you are having timeout issues due to slow responses from the payment gateway.

Avalara AvaTax Settings

AvalaraLogPath: The file system path to store Avalara AvaTax log files on the server. If left blank, no logging will be performed. The user account the web site is running under should have permissions to create and write files in the specified directory.
AvalaraLoggingLevel: Avalara AvaTax logging level. Two types of logging are supported. To use the logging built in to AvaTax, use "Avalara", which will create a single AvaTaxAPI.log file logging each request and response to/from Avalara. To use SOLO Server logging, use "SOLO", which will log the response JSON of each request to a separate file, formatted with indenting and newlines for easier readability. To use both logging methods, use "Avalara|SOLO".

Plugin Settings

PluginAssemblyPath:: The file system path to the location of the plugin assembly files on the server.

QuickBooks / accounting options

The following are advanced options. For more information, contact us.

QBBankName: The default bank name used by tptqbbatchexport.asp and rptqbcheckexport.asp

Custom HTML Options

ProductCustomHTMLSearchType

Determines the method SOLO Server uses to find the custom HTML headers and footers in the ASP cart ordering process. Can take any of the following values:

DatabaseFirst - The database is checked first, followed by the file system. This is the default setting.
FileSystemFirst - The file system is checked first. Offers improved performance but reduced flexibility.
FileSystemOnly - Only the file system is checked.

Reporting options

RptRecentOrdersDays: The number of days of orders to display in Recent Orders report. Set to 0 to only display the current day's orders.
SOLOUnshippedGlobal: Set to True to show all Unshipped Orders from all Authors for global users.
SOLORptRefresh: The number of seconds between automatic client refresh on reports that support automatic refresh. Set to "" to disable automatic refresh.
MaximumReportingDays: Set to the maximum number of days to allow reports to be run for.
MonthlyFeesMode: The mode for calculating monthly fees. Used by SoftwareKey internally for SOLO Server Shared or Dedicated URL billing.

Customer License Portal Settings

CustomerServiceNetRedirect: Set to True to automatically redirect to the .NET Customer License Portal when accessing an older customer service center page.
CustomerServiceNetAlwaysGlobal: If true, data shown in the .NET Customer License Portal includes data for all authors regardless of whether it is running in author mode.
CustomerServiceListingRecordCount: The number of records to display on any listing pages in the Customer License Portal which support pagination (currently the license, payment, and installation history pages). If omitted or set to 0, the default value of 15 will be used.

Miscellaneous Settings

MagicChargeNumber

This is the magic credit card number which will always be approved. It must be a valid credit card account number. The default is 4442780423232.

ScriptTimeout

Maximum Script timeout value (in seconds) for pages that send files.

DefaultMerchantAcctID

Default Merchant Account ID.

DefaultTestMerchantAcctID

Default Merchant Account ID associated with new author online signups.

SOLOListAuthorName

Set to True to display the Author name on appropriate pages such as the What to do Next area of the order confirmation. Set to False to remove the Author name from these places and make the site more generic. Set this option to False to make the ordering pages more anonymous.

OfferProductChkBox

Custom text for the label of the product updates checkbox on register page during checkout.

OfferPartnerChkBox

Custom text for the label of the new product and special offers checkbox on register page during checkout.

PriorityCodeMode

Set to True to display Priority Code Option on payment page.

CartCookiePermanent

Setting this to 1 causes the cookie used for maintaining state during cart orders to become permanent, allowing the user to return and be able to see their existing cart. This is set to 0 by default so only a temporary cookie is used.

AllowStoreCreditRefund

Setting this to 1 allows authors the option of issuing store credits for refunds instead of simply crediting the customer's card. See Store Credits.

LogPaymentGatewayTraffic

Set this to True to log traffic between the payment gateway and SOLO Server.

DefaultImageUnavailable

Name of the image located in the images/solo subdirectory of SOLO Server do display when there is an error displaying an uploaded image. Defaults to "blank_image.gif". To customize, place the custom file in the SOLO Server image directory and update the filename here.

MaximumImageUploadBytes

Maximum size in bytes of image uploads for products/options as well as the storefront logo image. If set to 0, the default of 2MB (2097152 bytes) is used.

ServerIdentifier

When running in a load balanced environment, this can be used to add an identifier to the page title in the authors directory. The identifier will appear before the remainder of the title, and will also be included in any error email or declined order email notifications. Use the reserved value of MACHINE_NAME to automatically use the web server computer name.

LoginRedirect

If present, when logging in to the authors interface, users will be redirected to the specified URL with UserID and UserPW querystring parameters. Meant for use when migrating to a new SOLO Server URL.

InactiveMessage

A message to be displayed below the header in the authors interface for authors who have not completed signup.

UnrestrictedUploadsAllowed

True/false as to whether Master Users should be allowed to upload unrestricted content to the custom web directory.

ErrorSupportURL

The URL users should be directed to for general support when a problem occurs, such as when their email address can't be found in the customer database. If not defined, the user is referred to the email address defined in the variable EMailOrderError.

InternalWebServiceUseSSL

Whether internal web service calls should use an SSL connection.

EncryptedWebMethodSystemClockThreshold

The number of minutes difference in system time between the client and the server allowed by encrypted web methods (set to 0 to disable system time check).

OmitEncryptionKeyIDValidation

Whether the web methods on the XmlActivationService, XmlLicenseFileService, and XmlNetworkFloatingService web services omit the verification of the EncryptionKeyID against the AuthorID. When omitted, this is assumed to be false.

SendSpamErrorNotifications

true/false as to whether to send an error notification email when the hidden captcha on the author, affiliate, or trial signup pages is triggered.

EnableCartErrorNotifications

true/false as to whether to enable detailed email error notifications for exceptions handled by the cart.

AllowCrossAuthorPromotions

true/false as to whether bundles and upsells can be configured across authors, as well as whether items from multiple authors are allowed on the shopping cart. When set to true, the product and option drop downs on the bundled product and upsell configuration pages will display products/options from all authors rather than filtering on the current author, and the shopping cart will allow adding an item from an author other than the cart author.

SOLOInstanceType & ManagedAddAuthors

Applicable only for SOLO Server Shared and Dedicated URL instances. Controls several features specific to these instances.

EnableLicenseAudits

true/false as to whether auditing is enabled on the Licenses table. See Audit Features for more information.

CustomSSLHeader

Used when running SOLO Server behind an SSL offloading appliance. When running in this configuration, the appliance should be configured to inject a custom header into the request before forwarding it to SOLO Server, and this entry should be updated with the name of the header. SOLO Server will then consider traffic containing this header as secure.

CustomSSLPortEquivalent

Used when running SOLO Server behind an SSL offloading appliance. When running in this configuration, the appliance should be configured to forward SSL traffic to SOLO Server on a unqiue port, and this entry should be updated with that port number. SOLO Server will then consider traffic on this port as secure.

SwitchAuthorMode

Used to override the default behavior of the author switching functionality in the administrative interface. Can be set to the following values:

None - All author switching functionality is hidden. Set to this value for instances where only one author account is present.
AutoSearch - Upon opening the switch author dialog, the list will be automatically populated with open author accounts. Set this value when only a handful of author accounts are present.

IPLookupURL

The URL to use for IP address lookups within the administrative interface. Leave blank to use the default lookup at whois.arin.net. Use [varIPAddress] as a placeholder for the IP address.

ParentCatalogAuthorID

AuthorID of the parent author when running in Multi-Tenant Catalog Mode.

EnableAuthenticatedWebServiceLogging

Whether to enable usage logging for web service endpoints requiring authentication.

New Feature Settings

The following are advanced options used to control new features as they are incrementally introduced into production use. These settings should be left alone unless instructed otherwise by SoftwareKey support.

EnableExtendedFraudScreeningGlobal: True/False as to whether to enable extended fraud screening during order processing on a global basis.
NETOrderProcessorEnableGlobal: True/False as to whether to enable the new .NET based order processor on a global basis.
NETOrderProcessorStep: The processing step to transfer processing from the older ASP processor to the new .NET based order processor when processing online orders.
NETOrderProcessorStepOverride: The processing step to override the NETOrderProcessor step setting. Used for testing on an instance level when using a shared configuration file among multiple SOLO instances.
NETPayPalOrderProcessorStep: The processing step to transfer processing from the older ASP processor to the new .NET based order processor when processing PayPal orders.
NETPayPalOrderProcessorStepOverride: The processing step to override the NETPayPalOrderProcessor step setting. Used for testing on an instance level when using a shared configuration file among multiple SOLO instances.
NETOrderProcessorBCCList: Meant for QA testing purposes. A comma separated list of email addresses to BCC on all email notifications sent by the .NET order processor.
NETOrderProcessorPluginTestMode: Meant for QA testing purposes. The result to be returned by when testing plugin processing in the .NET order processor (Success, Error, or Exception).
EnableNETLicenseDetailsPage: Whether to enable the new .NET based license details page in the administrative interface. Not yet supported.
EnableNETCustomerPasswordReset: Whether to enable new functionality in the customer license portal to allow customers to generate a password reset request rather than recovering their existing password.
DisableNewAuthorHomePage: Whether to disable the new author home page and revert to the older version.
EnableServiceUsageBilling: Applicable only for SOLO Server Shared and Dedicated URL instances. Controls whether overage billing for service usage transactions is enabled.
DisableNETPricingEngine: Whether to revert to the older COM based pricing engine in the order processor.