stackoom
  简体   繁体   中英

Does the Navision (2009) Webservice support authentication to a remote database?

 原文  2016-07-27 12:06:03       web-services/ authentication/ windows-authentication/ navision

Question

I'm currently attempting to deploy the Navision webservice (from Dynamics Navision 2009) and am finding that the webservice authenticates when connecting to a local Navision SQL database but NOT a remote Navision SQL database.

So we have servers S (with a full Navision install) and W (with only the Services installed). The CustomSettings.config file on these two systems is identical except that where S references localhost: 

<add key="DatabaseServer" value="127.0.0.1"></add>
<add key="ClientCredentialType" value="Windows"></add>

W references S: 

<add key="DatabaseServer" value="S"></add>
<add key="ClientCredentialType" value="Windows"></add>

(Other details omitted.) The webservice itself is running as the same domain user in both cases, and that user is authenticated within Navision.

When I connect to the webservice which is running on S, authentication works and the service proceeds as normal: 

http://S:7047/DynamicsNAV/WS/Company/Codeunit/RLIntegartion

I'll omit the actual result here. When connecting via W instead: 

http://W:7047/DynamicsNAV/WS/Company/Codeunit/RLIntegartion

the webservice instead returns XML indicating an authentication failure: 

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
  <s:Body>
    <s:Fault>
      <faultcode xmlns:a="urn:microsoft-dynamics-schemas/error">
        a:Microsoft.Dynamics.Nav.Types.NavDatabasePasswordException
      </faultcode>
      <faultstring xml:lang="en-US">
        The login failed when connecting to SQL Server S.
      </faultstring>
      <detail>
        <string xmlns="http://schemas.microsoft.com/2003/10/Serialization/">
          The login failed when connecting to SQL Server S.
        </string>
      </detail>
    </s:Fault>
  </s:Body>
</s:Envelope>

I can configure an ODBC connection on W to the Navision database on S and the connection succeeds and authenticates correctly, so the actual database connection and authentication appears to be fine.

I'm aware that the webservice itself must normally be accessed locally so that any files written can be read from where the Navision webservice has written them, but from what I can tell in the documentation the webservice may legitimately access the database from a separate server. However, in practice (per above) this doesn't seem to actually work.

Is this a restriction that Navision imposes? If not, does anyone have any suggestions as to why the webservice is failing to authenticate when accessing a remote database when the same webservice succeeds locally?

Or could it be a limitation imposed by the codeunit programmers? I've spoken to them and they indicate that this should work, but clearly it does not.

2 answers

solution1
 1  2016-07-27 17:49:18

That is known problem of Nav 2009. In later versions it's working without additional tricks. To solve this you need to create SPN .

Me personally was not able to set it properly so I just always installed web service tier on the same server with SQL. In this case it works.

solution2
 1  2016-07-28 08:08:52

There are three participants in this scheme - DB, web service and the client (that connects to this service). The problem appears only when all these three participants are on three different machines.

This three-machine setup will work only if the following requirements are fulfilled: 1) your client is capable of using Kerberos authentication (eg Internet Explorer or .NET applications are capable, but Chrome or PHP applications are not) 2) you set up NAV to use Kerberos authentication (as opposed to NTLM) and you set up delegation.

Delegation is a process that allows NAV server (or web service) to take the authentication ticket that came from client and pass it to SQL Server. You need to explicitly allow this in Active Directory setup. For that you will need SPNs - they basically describe the subjects that take part in this delegation.

You may refer to these manuals to setup the whole thing:

MSDN Walkthrough: Installing the Three Tiers on Three Computers

MSDN How to: Configure Web Services with Delegation

NAV 2009 Web Services on a three machine setup

You can also revert to more simple setup of using two-machines setup. In this case, either NAV server and SQL server should be on the same machine, or NAV server and the web service client should be on the same machine. As an example of the latter, you may create a small custom web service which acts as a proxy for your calls, and publish it on the same machine as NAV server/web service.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Android webservice library with authentication support? PHP SOAP request to navision webservice Form Based authentication support for RestEasy webservice client Perl SOAP::Lite service - Authentification with NTLM and Navision 2009 SP1 Webservice on Navision / Microsoft Dynamics version 5… or else? WCF Webservice does not support HTTP version 2 Multiple authentication providers (Database and Webservice) for Symfony 2 Authentication in navision web service under VPN Navision Web Serice xmlport import webservice using PHP how can i use the function CREATE in soap webservice in Navision in PHP?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM