Frequently Asked Questions

Version 3 - Reviewed: November 7, 2023

TariffShark Application Server Customizations

The TariffShark application server is distributed in a zip file. A filed named Installer.Web.config is included within the zip and should be used as the starting point for creating your own web.config file. The web.config file is required on the application server and contains the customizable configuration settings for TariffShark.

The TariffShark application server installation guide and comments within the Installer.Web.config file do a good job of describing the configuration options, but this article goes into a bit more depth. Note that not every web.config setting is documented here. This article describes the configuration options that customize how TariffShark works.

Category web.config key Description Default Value
Mail Settings When a new User is created and when a user forgets his password, the system must be able to send the user a temporary password, which is done via email. Mail Settings must be configured or users will not receive their passwords.
Mail Settings <mailSettings> Configure this web.config element to enable TariffShark to send email.
<smtp from="" deliveryMethod="Network">
  <network host="" port="25" enableSsl="true" />
Security A one-time handshake must be made between a TariffShark client and a TariffShark application server. We call this "server registration". Among other things, the process returns unique encryption keys to the client machine (this is a security measure). In order to protect a TariffShark application server from accepting random registration requests, a secret key must be supplied by the user when registering and unregistering.
Security RegisterSoftwareClientSecretKey Password used for registering and unregistering TariffShark clients <none>
Password Reset Password Reset settings define the rules that apply to creating and resetting passwords.
Password Reset Password.Reset.Duration Defines the lifespan (in minutes) during which password reset codes are valid 30
Password Policy Password Policy settings define the rules for acceptable user-created passwords.
Password Policy Password.Policy.ErrorMessage Error message to notify user of password not adhering password policy Passwords must be between 8 and 16 characters in length and contain at least one uppercase letter, one lowercase letter, and one digit. The following special characters are valid but not required: !@#$%^*-_=+?
Password Policy Password.Policy.MinLength Minimum password length 8
Password Policy Password.Policy.MaxLength Maximum password length 16
Password Policy Password.Policy.RequireUppercaseMin Minimum number of upper case letters required 1
Password Policy Password.Policy.RequireUppercaseMax Maximum number of upper case letters allowed 99
Password Policy Password.Policy.RequireLowercaseMin Minimum number of lower case letters required 1
Password Policy Password.Policy.RequireLowercaseMax Maximum number of lower case letters allowed 99
Password Policy Password.Policy.RequireDigitsMin Minimum number of numeric digits required 1
Password Policy Password.Policy.RequireDigitsMax Maximum number of numeric digits allowed 99
Password Policy Password.Policy.RequireSpecialMin Minimum number of special characters required 0
Password Policy Password.Policy.RequireSpecialMax Maximum number of special characters allowed 99
Password Policy Password.Policy.SpecialCharset Valid special characters !@#$%^*-_=+?
Password Expiration Policy Password Expiration Policy settings define the rules for password expiration.
Password Expiration Policy Password.Policy.ExpiresAfter A user account password expires after this number of days. 0 (disabled)
Password Expiration Policy Password.Policy.ExpiresWarnWithin A user is notified that their password is soon-to-expire within this number of days of expiry. 0 (disabled)
Password Reuse Policy Password Reuse Policy settings define the rules for allowable password reuse.
Password Reuse Policy Password.Policy.SavePreviousPasswords Do not allow a new password to match this number of previous passwords. 0 (disabled)
Account Lockout Policy Account Lockout Policy settings define the rules for user account lockout.
Account Lockout Policy Lockout.Policy.FailedLogins A user account becomes locked after this number of consecutive failed log in attempts. 5
Account Lockout Policy Lockout.Policy.Duration A locked user account is locked out for this number of minutes. 10
Filing XML Generation Mode [Tiger Only] For the Tiger release, XML generation was rewritten to be more efficient and require fewer resources. With this key you may choose whether XML generation is performed using the Tiger method or the previous Hammerhead method.
Filing XML Generation Mode GenerateFilingXMLMode When this optional web.config key is present and set to hammerhead, the application server uses the legacy Hammerhead algorithm for generating Filing XML. Otherwise, the more efficient Tiger algorithm is used. tiger
Production Server [Tiger Only] A server can be designated as a production server (or non-production).
Production Server AllowSetIsProduction When this optional web.config key is present and set to true, the application server's SetProduction web handler is enabled and may be used to designate a TariffShark server as either production or non-production. Learn more here. true
Session SessionExpiresMinutes If no activity is detected between TariffShark client and the server, user is logged out 60
Exceptions Exception settings configure the logging of exceptions that occur on the application server.
Exceptions Exceptions.LogToEventLog Log exceptions to Windows Event Log True
Exceptions Exceptions.LogToDatabase Log exceptions to TariffShark database False
Exceptions Exceptions.LogToEmail Log exceptions via email False
Exceptions Exceptions.LogToEmail.From When logging exceptions via email, send from this email address <none>
Exceptions Exceptions.LogToEmail.To When logging exceptions via email, send to this email address <none>