mibuso.com

Microsoft Business Solutions online community
It is currently Sat Aug 23, 2014 9:30 am

All times are UTC + 1 hour [ DST ]




Post new topic Reply to topic  [ 6 posts ] 
Author Message
 Post subject: Webservice : C# Application web Nav 2009 R2
PostPosted: Tue Feb 21, 2012 5:37 pm 
Offline

Joined: Wed Nov 30, 2011 12:51 pm
Posts: 18
Country: Belgium (be)
Hello, :D

I'm trying to create a web application (extranet) allowing to access Nav data on our website.
For this purpose I created a webservice. All is ok and I can use Nav methods.

The second step is to secure the access to the webservice.
How would you do this ? And how can I allow access to specific user outside of our domain for specifi methods... ? (for instance : specific customer, etc.).
Do I have to create another Webservice to identofy which users can access the webservice ?

I have no idea at all how it could work.

1) Can you give me some information, links or tutorial please ?
2) Is it possible to use soap Header with a webservice published from Nav 2009 R2 ?
3) Where can I see the content of the webservice published (I can't fnd any .asmx file in the nav installation folder) ?
4) Would you use WCF in place of Webservice ? Is it possible with NAV 2009 R2 ?

All your advices are welcom !

Thanks a lot.


Top
 Profile  
 
 Post subject: Re: Webservice : C# Application web Nav 2009 R2
PostPosted: Tue Feb 21, 2012 11:46 pm 
Offline
MVP Microsoft Dynamics NAV
NAV TechDays 2014 attendee

Joined: Thu Mar 13, 2008 10:50 pm
Posts: 52
Location: Croatia
Country: Croatia (hr)
Access to the web service is secured automatically, you don't need to do anything specifically to secure it further. Any web service calls are always executed in the context of the user who has authenticated against them.

To answer your 4 questions:

1) Try the tutorials that come with NAV help. Check out Freddy's blog. Check out also my blog - I have delivered a Brown Bag session once about web services, and there is a post on my blog with a download to the session, with lots of examples there
2) Web services in NAV use SOAP. Whenever you call them, it's SOAP. They don't support any other protocol
3) You can't see any .asmx files, because Web services in NAV don't use IIS. They are a standalone WCF service. WSDL of any of them is accessed by simply navigating to the service URL.
4) It does use WCF - they are WCF-based services, not IIS based. If you are asking about consumption, check my latest blog series on the differences of consuming the web services through service references and web references.

I hope this helps.

_________________
(Co-)author of "Implementing Microsoft Dynamics NAV 2009"
http://navigateintosuccess.com/


Top
 Profile  
 
 Post subject: Re: Webservice : C# Application web Nav 2009 R2
PostPosted: Wed Feb 22, 2012 1:22 pm 
Offline

Joined: Wed Nov 30, 2011 12:51 pm
Posts: 18
Country: Belgium (be)
First of all, thank you for your quick and concise reply. It helped me. :)
I read articles from Freddy's blog. It was very helpfull for my understanding. Thanks :thumbsup:

But I have one more question.

Freddy wrote this at the end of his article on :

Quote:
If you want to specify a different user you will need to set the ClientCredential property like this:
customerService.ClientCredentials.Windows.ClientCredential = new NetworkCredential("user", "password", "domain");


Does he mean other users in our domain (active directory) ? That's it ?
My final goal is to provide to some customers the access to only specific methods of the webservice. So, in this case, the customer go to our website, log in in an administration window and can view for example the list of their own ledger entries, etc.

1) Can you give me more details, steps or links in order to achieve this ?
2) How manage rĂ´le and permissions on the webservice methods ?
3) How manage customers username and password on our internet site ?

I hope my explanations are clear.

EDIT : I'm currently watching your brown bag session

Thanks.


Top
 Profile  
 
 Post subject: Re: Webservice : C# Application web Nav 2009 R2
PostPosted: Wed Feb 22, 2012 2:41 pm 
Offline

Joined: Thu Oct 30, 2008 10:38 am
Posts: 1005
Location: Earth
Country: Netherlands (nl)
Validation of customers and other web users should be handled by your website.
The user where the website runs under should make the calls to the NAV webservice.
You should store the customer number on your website, and link them to the correct webuser.
Then all the calls made to the webservice on nav should have that customer number as parameter.
You're searching too far if you want to grant customer by customer access to NAV, because that will increase your licensed calls.
Your webservice should not be restricted, it's the website that should limit the possible calls by a web user.

_________________
|Pressing F1 is so much faster than opening your browser|
|MCBMSS: 5.0 intro|MCTS:NAV09 839..841|JetReports© Certified Specialist|
|Dynamics Anywhere: Mobile Business Solutions|


Top
 Profile  
 
 Post subject: Re: Webservice : C# Application web Nav 2009 R2
PostPosted: Thu Feb 23, 2012 11:33 pm 
Offline
MVP Microsoft Dynamics NAV
NAV TechDays 2014 attendee

Joined: Thu Mar 13, 2008 10:50 pm
Posts: 52
Location: Croatia
Country: Croatia (hr)
After reading the question again, and then Sogs reply, and then your question again, I now believe that I've misunderstood your initial question. What Sog says is what you need to do.

To answer your 3 questions:
1) Your web site code (e.g. ASP.NET) should handle who does what - it has nothing to do with NAV security here.
2) For page web services, the same way as you would control access to pages. For codeunits, whoever can run the codeunit, can run any method in it. This applies to extension codeunits as well.
3) As Sog said - create your own separate database for this. This should not be handled or controlled by NAV.

Where I disagree with Sog, you don't need to worry about licensed calls. Web services calls don't increase the number of licensed calls. As far as I know, no license counting is done for Web services calls, except maybe basic checking if you have a Light User, ESS user or External Connector license - which I can't prove because I don't have a license without these.

_________________
(Co-)author of "Implementing Microsoft Dynamics NAV 2009"
http://navigateintosuccess.com/


Top
 Profile  
 
 Post subject: Re: Webservice : C# Application web Nav 2009 R2
PostPosted: Fri Feb 24, 2012 4:41 pm 
Offline

Joined: Mon Aug 17, 2009 1:48 pm
Posts: 14
For point 2 in the previous post, I would like to add that you can use NAV 2009 R2's permission system to achieve the object and record level security. Please refer to http://msdn.microsoft.com/en-us/library/dd355101.aspx for help.


Top
 Profile E-mail  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 

All times are UTC + 1 hour [ DST ]


Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum


Search for:
Jump to:  
cron