Articles in this section

Installing the QuikData API Service

Avatar
Support
  • Updated
Follow

Overview

This guide walks through installing the QuikData WebAPI service on a Windows Server running IIS. The API is built on .NET Framework 4.8 using OWIN middleware, and requires SQL Server connectivity, WebSocket support for real-time features, and a dedicated Active Directory service account.

Prerequisites

Before beginning, ensure the following are available:

  • Windows Server 2016 or later
  • .NET Framework 4.8 Runtime — download from Microsoft if not already installed
  • SQL Server — the API connects to two databases (control and workflow). Obtain the server name, database names, and confirm the service account has access.
  • A dedicated Active Directory service account for the application pool identity
  • The published WebAPI build output (Release build, containing the bin folder, Web.config, Global.asax, etc.)

Step 1: Install Required IIS Features

Open Server Manager > Add Roles and Features and ensure the following are enabled:

Web Server (IIS) > Web Server:

  • Common HTTP Features: Default Document, Static Content
  • Security: Request Filtering, Windows Authentication (if needed)
  • Application Development: ASP.NET 4.8, .NET Extensibility 4.8, ISAPI Extensions, ISAPI Filters, WebSocket Protocol
  • Health and Diagnostics: HTTP Logging, Request Monitor

Web Server (IIS) > Management Tools:

  • IIS Management Console

Important: The WebSocket Protocol feature is required. The API uses SignalR for real-time communication, which relies on WebSockets. If this feature is missing, SignalR will fall back to less efficient transports.

You can also install these features via PowerShell:

Install-WindowsFeature Web-Server, Web-WebSockets, Web-Asp-Net45, Web-Net-Ext45, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Mgmt-Console, Web-Request-Monitor, Web-Http-Logging

Step 2: Create the Physical Directory

  1. Create a folder for the API under the IIS root, e.g.:

    C:\inetpub\QuikDataWebApi
  2. Copy the published build output into this folder. The folder should contain at minimum:
    • bin\ folder (with all DLLs)
    • Web.config
    • Global.asax
  3. Grant the AD service account Read & Execute permissions on the folder. If the API writes files (uploads, temp files, logs), also grant Modify permission on the relevant subdirectories.

Step 3: Create the Application Pool

  1. Open IIS Manager
  2. Right-click Application Pools > Add Application Pool
  3. Configure as follows:
SettingValue
NameQuikDataWebApi (or your naming convention)
.NET CLR Versionv4.0
Managed Pipeline ModeIntegrated
  1. After creation, right-click the pool > Advanced Settings and configure:
SettingValueReason
IdentityThe dedicated AD service accountSQL and file access
Start ModeAlwaysRunningPrevents cold-start delays on first request
Idle Time-out (minutes)0Prevents the API from shutting down during inactivity
Regular Time Interval (minutes)0 (or a scheduled time)Use Specific Times instead, e.g., 02:00 during a maintenance window
Enable 32-Bit ApplicationsFalse
Rapid-Fail ProtectionReview defaultsConsider adjusting if the service should auto-recover

Note: Setting the Start Mode to AlwaysRunning also requires setting the site's Preload Enabled property to True (configured in Step 4).

Step 4: Create the IIS Site or Application

Option A — As a standalone site:

  1. Right-click Sites > Add Website
  2. Set the physical path to C:\inetpub\QuikDataWebApi
  3. Select the QuikDataWebApi application pool
  4. Configure the binding (hostname, port, HTTPS)

Option B — As an application under an existing site:

  1. Right-click the parent site > Add Application
  2. Set the alias (e.g., QuikDataWebApi)
  3. Set the physical path to C:\inetpub\QuikDataWebApi
  4. Select the QuikDataWebApi application pool

After creation, right-click the site/application > Manage Website > Advanced Settings and set Preload Enabled to True.

Step 5: Configure Connection Strings

The Web.config file contains two encrypted connection strings:

  • DRControlConnection — the main control database
  • DRWorkflowConnection — the workflow database

If connection strings are encrypted with DPAPI (machine-level):
The encrypted values are tied to the machine where they were generated. You will need to re-encrypt the connection strings on the target server. Contact the development team for the encryption utility or procedure.

If using a shared encryption key:
Ensure the correct machine key or key file is deployed alongside the Web.config.

The plaintext connection string format is a standard SQL Server connection string, e.g.:
Server=SQLSERVER;Database=QuikData_Control;Integrated Security=True;

Step 6: SQL Server Permissions

The AD service account running the application pool needs database access. On the SQL Server:

  1. Create a Login for the AD service account (if using Windows Authentication / Integrated Security)
  2. For each of the two databases, create a User mapped to that login
  3. Assign the appropriate database roles. At minimum:
    • db_datareader
    • db_datawriter
    • db_executor (if this role exists) or EXECUTE permission on stored procedures

Coordinate with your DBA for the exact permission requirements for your environment.

Step 7: Configure HTTPS (Recommended)

  1. Obtain or import an SSL certificate in IIS (via Server Certificates)
  2. Edit the site bindings to add an HTTPS binding on port 443 with the certificate
  3. The Web.config contains a commented-out HTTPS redirect rule. To enforce HTTPS, uncomment the <rewrite> section:
<rewrite>
  <rules>
    <rule name="Redirect to https" enabled="true" patternSyntax="Wildcard" stopProcessing="true">
      <match url="*" negate="false" />
      <conditions logicalGrouping="MatchAny">
        <add input="{HTTPS}" pattern="off" />
      </conditions>
      <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" />
    </rule>
  </rules>
</rewrite>

Note: Enabling the HTTPS rewrite rule requires the URL Rewrite IIS module. Download it from the IIS downloads page if not already installed.

Step 8: Firewall and Network Configuration

Ensure the following network paths are open:

SourceDestinationPortPurpose
Client machinesIIS Server443 (or 80)API and SignalR traffic
IIS ServerSQL Server1433 (or custom)Database connectivity

If a reverse proxy, load balancer, or WAF is in front of IIS:

  • WebSocket connections must be allowed (for SignalR at the /signalr path)
  • The maximum request body size must be increased to match the API's upload limits (~4 GB) if large file uploads are expected

Step 9: Verify the Installation

  1. Open a browser and navigate to:

    https://<server>/versions

    You should receive a JSON response containing the API version number. This endpoint does not require authentication.

  2. To access the interactive API documentation, navigate to:

    https://<server>/swagger/ui/index
  3. If either endpoint returns an error:
    • Check the Windows Event Viewer > Application log for ASP.NET or .NET Runtime errors
    • Check the IIS logs at C:\inetpub\logs\LogFiles
    • Verify the application pool is running (IIS Manager > Application Pools)
    • Verify the app pool identity has SQL Server access by testing the connection from the server

Step 10: Application Insights (Optional)

The API includes Application Insights telemetry. If your organization uses Application Insights:

  1. Locate or create an ApplicationInsights.config in the application root
  2. Set the InstrumentationKey to your environment's Application Insights resource key
  3. If Application Insights is not used, no action is needed — the module will be inactive without a valid key

Troubleshooting

SymptomLikely CauseResolution
500.19 — Configuration errorMissing .NET 4.8, missing ASP.NET registration, or bad Web.configInstall .NET 4.8 and run aspnet_regiis -i if needed. Check Event Viewer for the specific config error.
502.5 — Process failureApp pool crash on startup, usually a missing dependency or DB connectivity issueCheck Event Viewer Application log. Test SQL connectivity from the server using the service account.
503 — Service unavailableApplication pool has stoppedCheck Event Viewer for the crash reason. Review app pool Advanced Settings > Rapid-Fail Protection. Restart the pool.
SignalR falls back to long pollingWebSocket feature not installed, or blocked by proxyInstall the WebSocket Protocol IIS feature. Ensure the proxy/WAF allows WebSocket upgrades.
Large uploads failRequest size limits at the proxy/load balancer layerIncrease the request body limit on any upstream proxy to match the ~4 GB limit configured in the API.
Connection string errorsEncrypted values are machine-specific (DPAPI)Re-encrypt connection strings on the target server using the provided encryption utility.

Post-Installation Checklist

  • [ ] .NET Framework 4.8 installed
  • [ ] IIS features installed (including WebSocket Protocol)
  • [ ] Physical directory created and files deployed
  • [ ] Application pool created with correct identity, Integrated pipeline, .NET v4.0
  • [ ] Application pool: Start Mode = AlwaysRunning, Idle Timeout = 0
  • [ ] Site/application created and pointing to correct pool
  • [ ] Preload Enabled = True on the site/application
  • [ ] Connection strings configured for the target environment
  • [ ] AD service account has SQL Server access to both databases
  • [ ] AD service account has file system permissions on the app directory
  • [ ] HTTPS binding configured with SSL certificate
  • [ ] Firewall rules in place for client access and SQL connectivity
  • [ ] /versions endpoint returns a valid response
  • [ ] Swagger UI loads at /swagger/ui/index

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk