NAV2013R2 Publish web services - authentification

drstakz

Hi!
I have NAV 2013 R2 instance with Windows credential type. With this, I am configured Web Services (OData and also SOAP) and published it. Inside the company (site) I am authorized by Access Directory, and all is OK.
Is true, that for another computer (not server) was necessary set NAV site as intranet group and also set "Use NTLM Authentication" at NAV Administration for an instance. But all is OK.

My question is, if I will publish web services link to internet (outside of the company), for B2B.... How safety set authentification for third party services which not available AD.

Access Key for SOAP is only for NavUserPassword or AccessControlService authentication. And combine credential type is not possible. Or not?

Any best practices ?

Thanks for answer!
Regards Z.

kine

We are using AD authentication without problems from outside... the calling client could use ad login and password to autheticate. Of course, I recommend to use https to protect the password. And do not forget, that you can use WebService access key. It is used just instead password. But you need to use the NAVUserPassword authentication on the service tier, but this is not problem, you just needs some certificate, which you need even when you will use the HTTPS...

drstakz

Hi Kamil,
thanks for a response! I'm pleased that the B2B connection may not be too difficult.

I have one more question about this. What you mean, is it possible create two instances of NAV? First for Windows authentication and second with NAVUserPassword auth. and also SSL (two different authentication types at one NAV database / company).
Port of the second instance will be published at firewall outside a company and for authentication will used Web Service access key. First instance will be only for company internal use.

Thanks
Z

kine

Yes, it is possible. Even I will recommend to do that. It is good practice to create new server instance for each "type" of applications. In this way, e.g. when you do some change of objects for the webservices and there is some problem with the service tier, you can restart the service tier for Webservices only, and not the one used by the local users. It means additional isolation of set of users from system maintenance point of view. It is much easier to do that in NAV 2013 R2 where the service instances were instroduced and are easilly maintained by Powershell scripts...

rushabh149

kine wrote:

We are using AD authentication without problems from outside... the calling client could use ad login and password to autheticate. Of course, I recommend to use https to protect the password. And do not forget, that you can use WebService access key. It is used just instead password. But you need to use the NAVUserPassword authentication on the service tier, but this is not problem, you just needs some certificate, which you need even when you will use the HTTPS...

Hi Kamil, we are trying to allow external users to access web application that will consume NAV web services. These are external users and only need to read some data. How to call web service from asp.net by using NAVUserPassword? I know that you need to pass username and web service access key (as password), but cannot find how to pass these to NAV 2013 R2 web services. For windows authentication we normally use UseDefaultCredentials = True. I have setup certificate additional application server etc. and can open windows client with such user. But if you have done webservice call with NAV User Password or if you have information, can you please let me know.

Thanks.

kine

NAVService.Credentials = new NetworkCredential(user,pwd,domain);

rushabh149

Thanks Kamil. Somehow domain parameter in method confused me that it has to be domain member and navuserpassword won't work. But I used network credentials as you have suggested without using domain and it is working well.

Thanks.