DPE WebServices & WebApplications
Breaking changes in DPE 2.5.199.0 - READ CAREFULLY!
Overview
Secure DPE tokens
- DPE 2.5 is using secure authentication tokens
- DPE Service clients cannot construct secure DPE tokens on their own but have to request them from an API endpoint /api/token (see API description).
- Tokens forwarded from DPE web app to other applications (or received from other apps) should be secure tokens.
- Secure DPE tokens cannot be deconstructed into user and password
DPE Service Access More Restrictive
- More service calls are only allowed with valid authentication
web.config
Forms authentication has to be removed from web.config. The DPE Setup does this automatically for newly installed web.config.
If your are copying a previous web.config to your new installation you have to do it manually, so comment out or remove the authentication section:
<!--
<authentication mode="Forms">
<forms name="MyFormsAuthCookie" timeout="1440" slidingExpiration="true" loginUrl="Logon.aspx" ticketCompatibilityMode="Framework40" />
</authentication>
--> Content Manager Details Templates
If you are using download links in your ContentManager details template you have to replace them in the following way:
Old
DownloadMedium.ashx?{{model.FullEntryId}}New
DownloadMedium.ashx?{{model.FullEntryIdAuth}}Workflow System
Workflows
AccessToken
- The workflow argument AccessToken has to be used (= forwarded) in all DPE activities offering an AccessToken property.
- We have adapted all standard workflows, make sure you use the newest version.
Calling DPE Services Directly
- If your workflow calls DPE Services directly via .Net proxy classes you have to instantiate the ProxyContainer differently:
Old
New ProxyContainer(User, Password, Environment.MachineName, TimeSpan.FromSeconds(120))New
MixedAuthHeader auth = If (AccessToken Is Nothing, new MixedAuthHeader(User, Password, Environment.MachineName), MixedAuthHeader.FromAnyToken(AccessToken))
New ProxyContainer(auth, TimeSpan.FromSeconds(120))Workflow Compatibility
Please ensure to use only Workflow Templates released within with Release.
Please request project specific Workflow Template updates from DAVID Support Team, before updating your system.
Product compatibility list for DPE 2.5.199.0 and later
Minimum required versions of other DAVID products compatible with Secure DPE tokens:
| Application | Version | Comment |
|---|---|---|
| DBM | 5.8.8220.0 | Older versions work as long as DpeTokenAcceptMode is not set to "Secure" |
| MTE | 7.10.1783.0 | |
| CAE | 0.7.12 | |
| WDA | - | Not implemented/supported yet in WDA. WDA will not understand secure token in URL, so forwarding logon will not work. Nevertheless you can logon in WDA as long as DpeTokenAcceptMode is not set to "Secure" |
| ROAD Backend | 1.3.567.1 | Older versions work as long as DpeTokenAcceptMode is not set to "Secure" |
| ROAD InstaRecorder | 1.1.73 | |
| ROAD Admin | ?? | |
| ROAD Scheduling | ?? |
DPE Server Config Options
web.config | Description |
|---|---|
| DpeTokenCreateMode | Specifies which kind of token is returned from /api/token REST endpoint
It also allowed to set a comma-separated list for various clients, e.g.
Clients have to use the query parameter "client" when requesting the token to support this. |
| DpeTokenAcceptMode | Specifies the behavior when DPE tokens are validated
Currently the default is to still accept unsecure tokens. This will change in the future. |
| ParameterServiceSecurity |
|
Proposed Migration Order
Step | Component | Comments |
|---|---|---|
| 1 | Update to DPE Server 2.5 | In web.config
|
| 2 | Update DPE Processors | But NOT WorkflowServer |
| 3 | Backup all installed workflows | By checking them in Workflow Templates page and exporting them |
| 4 | Stop WorkflowServer | Ensure that Workflow queue is empty before doing this |
| 5 | Update all workflows | To newest version, also see workflow version list above |
| 6 | Start WorkflowServer | |
| 7 | DPE web.config | Remove ParameterServiceSecurity = Low from web.config |
DPE WebServices & WebApplications
Please check breaking changes outlined above
Components | Version |
DPE | 2.5.199.0. Bugfix branch 2.4.301.5 |
Dependencies
- Required for BrowserBridge version 2.5.15.0
- Required for Workflow Server version 2.5.36.0
- Required for Utility Processor version 2.5.15.0
- Required for Audio Processor version 2.5.19.0
- Required for Loudness Processor version 2.5.14.0
- Required for Video Processor version 2.5.14.0
- Required for Active Directory Sync version 2.5.12.0
- Requires a DpeCoreDb version 1.12 or 1.13 or 1.14 (DpeCoreDb Wizard supports upgrading an older version) running on (Details see Supported Databases)
- Requires Microsoft Windows Server 2012 R2, 2016 or 2019 operating system
- Requires Microsoft .Net 4.8
- Using on-the-fly conversion requires Workflow Templates AudioLoResOnTheFly.wft in version 2.0.0.0 and AudioWaveformOnTheFly.wft in version 2.0.0.0 (details see below) and a AudioConverter license for AudioProcessor.
- For accessing all web applications the client must have a standard compliant web browser. Supported are latest versions of Firefox, latest version of Chrome and Edge latest
Setup
New Features
- None
Fixed Issues
- OIA-1219 - Text color in all setups is gray instead of black after Advanced Installer Update
WebServices
Vulnerabilities
- All service calls must be authorized
- Support secure DPE Token - see Breaking changes above
- Content Service
- OIA-638 - Auth caching has a security bug
- Workflow Service
- Password is exposed in WorkflowService API
New Features
- Enhanced Security
- Access-Control-Allow-Origin headers added to almost any HTTP response of DPE
- Brute force protection for token validation system
- Content Service
- UploadMedium.ashx: should return 403 (Forbidden) instead of 500 when auth is not sufficient
- Extending XmlFilter-functionality
- CCD-42914 - Option to create missing master data when creating an entry
- Workflow Service
- workflowStates and jobStates resource
- REST Status Calls for Workflow, Jobs
- CCD-41241 - Extend JobService by "offset" parameter as base for paging
- Logging Service
- logLevels resource
- REST Status Calls for Logs
Fixed Issues
- Content Service
- OIA-513 - CM staying open over night "breaks" facet search
- OIA-957 - Label not created without NAMERELATIONTABLE
- OIA-1391 - Waveform.ashx is called and fails from EAO player for virtual entry without any media
- OIA-1497 - Custom field with minus sign in name does not work in XmlFilter
- OIA-1518 - REST PUT /api/media/id fails
- Workflow Service
- OIA-1527 - Monitoring Workflow progress leads to many deadlocks under heavy load
General UI
New Features
- "Clear all" button inside all facetted search
- Support for changing Labels in GenericDateTimeFacet
- Show RIGHTS.PAR problem in logon screen (instead of DpeDiagnostics)
Fixed Issues
- OIA-968 - Drop down out of window if option longer than screen width
Video Player
This component is used within Content Manager and RoughCut Edit for viewing LoRes videos.
Dependencies
- This component is integral part of the DPE solution and fits therefore to the same Content Manager and RoughCut Edit versions
- VideoPlayer requires a dedicated MPD (MPeg Dash) Lo-Res file beside each video entry in the DigaSystem database. These LoRes files can be generated via a project specific Video Conversion Workflow.
- VideoPlayer requires latest Firefox, latest Chrome latest or latest Edge (Chromium based) as client.
New Features
None
Content Manager
see Content Manager
Subclip Editor
see Subclip Editor
RoughCut Edit
see Roughcut Edit
Management Services
Admin
New features
- None
Workflow Admin
see Workflow System
SAF Monitor
see Workflow System
Licenses
New features
- None
Logs
New Features
- None
System Monitor
New Features
- None
Further Workflow Templates
Following standard Workflow Templates are part of the DPE base package.
DigErase
Workflow Template | Version | Changes |
DigEraseSoftDelete.wft | 2.0.9.0 | Vulnerabilities
|
DigEraseHardDelete.wft | 2.0.9.0 | Vulnerabilities
|
AudioTranscoding
Workflow Template | Version | Changes |
AudioRenderingJobFolderToFolder.wft | 2.0.3.0 | Initial Release |
AudioTranscodingFolderToFolder.wft | 2.0.2.0 | Initial Release |
Dependencies
- Requires an Audio Processor, with license for AudioProjectRenderer / AudioFileConverter (see Workflow Framework)
Loudness Analysis Package
Workflow Template | Version | Changes |
LoudnessAnalyzeEntry.wft | 2.0.0.0 | No changes, identical to Release 2019.2.0
|
LoudnessAnalyzeNextBlock.wft | 2.0.0.0 | No changes, identical to Release 2019.2.0 |
Dependencies
- Requires a Loudness Processor, with license for LoudnessAnalyzer (see Workflow Framework)
Loudness Gain Adjust
Workflow Template | Version | Changes |
LoudnessGainAdjust.wft | 2.0.2.0 | No changes, identical to Release 2020.1.0 |
Dependencies
- Requires a Loudness Processor, with license for LoudnessAnalyzer and LoudnessNormalizer (see Workflow Framework)