i all,
I have Nav2015 with webclient. My webclient works with https. The certificate is issued by our certification authority and webclient on windows works perfectly, so it supposed that self-signed certificate isnt necessary.
On Windows (in or out domain) in IE or Chrome with http or https web client works.
On Macbook works webclient in CHrome OK, but on safari server verifies the user and show main role center. When I click on any button on rolecenter, webclient does nothing or show error:"Communication with the server failed, and the content cannot be displayed. Refresh the page or open a new browser window"
Ipad (safari or chrome) works same like safari on Macbook (http,https)
DynamicsNav tablet app( android or iOS) shows error after entering server address (Failed to connect to the server)(My main problem for my client)
I just missing something somewhere, maybe some fresh eyes will spot it :-)
0
Answers
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<configSections>
<section name="DynamicsNAVSettings" type="System.Configuration.AppSettingsSection, System.Configuration, Version=2.0.0.0,Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</configSections>
<system.webServer>
<rewrite>
<rules>
<rule name="RedirectToWebClientSubFolder" stopProcessing="true">
<match url=".*" />
<action type="Redirect" url="WebClient/Pattern/{C:1}" appendQueryString="true" redirectType="Found" />
<conditions trackAllCaptures="true">
<add input="{URL}" pattern=".*/WebClient$|.*/WebClient/.*" negate="true" />
<add input="{URL}" pattern=".*/*./([^/]*)$" />
</conditions>
</rule>
</rules>
<outboundRules>
<rule name="Relative location header" preCondition="IsRedirection">
<match serverVariable="RESPONSE_Location" pattern=".*/WebClient/Pattern/(.*)" />
<action type="Rewrite" value="WebClient/{R:1}" />
</rule>
<preConditions>
<preCondition name="IsRedirection">
<add input="{RESPONSE_STATUS}" pattern="30\d" />
</preCondition>
</preConditions>
</outboundRules>
</rewrite>
</system.webServer>
<DynamicsNAVSettings>
<!-- Specifies whether NTLM fallback is permitted when authenticating. To require Kerberos authentication, set this value to false -->
<add key="AllowNtlm" value="true" />
<!--
Sets the maximum size, in kilobytes, of a data chunk that is transmitted between Microsoft Dynamics NAV Web client
and Microsoft Dynamics NAV Server. The value should be between 4 and 80.
-->
<add key="ClientServicesChunkSize" value="28" />
<!--
Sets the company in Microsoft Dynamics NAV to connect to.
-->
<add key="Company" value="" />
<!--
Sets the threshold in memory consumption at which Microsoft Dynamics NAV Web client starts compressing data sets.
This limits amount of consumed memory. The value is in kilobytes.
-->
<add key="ClientServicesCompressionThreshold" value="64" />
<!--
Sets the time zone for Microsoft Dynamics NAV Web client. The time zone is applied to date and time data.
The value must match a time zone that is in the registry of the computer running Microsoft Dynamics NAV Web client
under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones.
-->
<add key="TimeZone" value="UTC" />
<!--
Sets the language version of the Microsoft Dynamics NAV Web client. The value must be valid culture name
for a language in Microsoft Dynamics NAV, such as en-US or da-DK.
-->
<add key="Language" value="cs-CZ" />
<!--
Specifies the culture name that is used to format dates, times, numbers, and currency. The value must be a
language culture name that has the format nn-NN, such as en-US.
-->
<add key="RegionFormat" value="cs-CZ" />
<!--
Specifies the security services to protect the data stream between the Microsoft Dynamics NAV Web client and
Microsoft Dynamics NAV Server. This value must match the value that is specified in the Microsoft Dynamics NAV Server
configuration file. Valid options include: EncryptAndSign, Sign, None
-->
<add key="ClientServicesProtectionLevel" value="EncryptAndSign" />
<!--
The name of the computer running the Microsoft Dynamics NAV Server to connect to.
-->
<add key="Server" value="xxxxxxxxx" />
<!--
Name of the Microsoft Dynamics NAV Server instance to connect to (for client) or listen on (for server).
-->
<add key="ServerInstance" value="NAVFRE" />
The type of client credential used for authentication.
Possible values:
Windows - Windows authentication is used, and client will connect with "current user"
this user is expected to be the same and known to both server and client
This is the default mode and is typically used on a LAN with Active Directory
In this mode X.509 certificates are not used and options set below are ignored
UserName - Windows authentication on the server. Client is expected to present username/password
indentifying a windows user known (created) on the server.
Typically the client will ask for these credentials and pass them to the server
Certificates are used to protect the passing of credentials.
This is typically used when only the server is part of an Active Directory, or
when the client is not trusted, e.g. connection over a WAN/Internet
NavUserPassword - Authentication is managed by the server but not based on windows users.
Client is expected to present username/password matching a user known to the server.
Typically the client will ask for these credentials and pass them to the server
Certificates are used to protect the passing of credentials.
This mode is used in hosted environments e.g. Azure where the list of allowed users
are maintained by NAV and not based on windows users.
AccessControlService - Authentication for the Web Client is handled by Windows Azure Access Control Service.
An ACS namespace needs to be set up before. Also the Identity Providers need to be set up
as well as the Relying Party representing the NAV Web Client.
To support ACS, you need to specify the ACS WS Federated authentication endpoint in the ACSUri.
-->
<add key="ClientServicesCredentialType" value="Windows" />
<!--
The listening TCP port for the Microsoft Dynamics NAV Server. This is part of the server's URL. Valid range: 1-65535
-->
<add key="ClientServicesPort" value="8046" />
<!--
Specifies whether the connection to the Dynamics NAV Server instance requires an SPN.
If true, the connection will only be made to a service with an SPN <ServerInstance>/<Server>:<ClientServicesPort>
If false, the connection will be attempted to a service with or without an SPN.-->
<add key="ServicePrincipalNameRequired" value="false" />
<!--
Specifies the amount of time that a connection between the Dynamics NAV Web client and the Dynamics NAV Server can remain idle before the session is stopped.
Time span format: [dd.]hh:mm:ss[.ff]
dd: days
hh: hours
mm: minutes
ss: seconds
ff: fractions of a second
-->
<add key="SessionTimeout" value="00:20:00" />
<!--
Specifies whether the Report Viewer options for saving a report as an Excel, Word, or PDF are visible.
Enabling this parameter might require changing security settings on the server.
For more information, see the documentation for configuring the Report Viewer.
-->
<add key="ShowReportViewerExportOptions" value="false" />
<!--
Specifies whether to show the search action for finding a page or report.
The action appears in the ribbon and navigation pane of the web client.
-->
<add key="ShowPageSearch" value="true" />
<!--
Specifies the connection to the server.
-->
<add key="UnknownSpnHint" value="(net.tcp://xxxxxxxxxxxxx/Service)=NoSpn" />
<!--
The DNS or subject name from the server certificate.
-->
<add key="DnsIdentity" value="" />
<!--
Specifies the sign-in page that Microsoft Dynamics NAV redirects to when configured for Single Sign-On.
For Azure AD (Office 365) authentication, the ACSUri setting has the following format:
https://login.windows.net/<AAD TENANT ID>/wsfed?wa=wsignin1.0%26wtrealm=<APP ID URI>
Where
"<AAD TENANT ID>" is the ID of the Azure AD tenant, for example "CRONUSInternationLtd.onmicrosoft.com". Use "common" if the application is configured as a multitenant Azure AD application.
"<APP ID URI>" is the ID that was assigned to the Microsoft Dynamics NAV application when it was registered in Azure AD, for example "https://localhost/".
For ACS authentication, the ACSUri setting is a top level partition of ACS that is used to create the ACS tokens, for example "cronusinternationalltd.accesscontrol.windows.net/.../wsfederation"
Remarks:
- Notice the difference between ACS "wsfederation" and Azure AD "wsfed" resource
- The query string parameter needs to be URI-encoded (use "%26" instead of "&").
-->
<add key="ACSUri" value="" />
<!--
Name of the Microsoft Dynamics NAV Help Server to connect
to. The value of the "Server" setting is used as the default.
-->
<add key="HelpServer" value="DOMAINDIRSYNC" />
<!--
The listening TCP port for the Microsoft Dynamics NAV Help Server.
Valid range: 1-65535
-->
<add key="HelpServerPort" value="49000" />
</DynamicsNAVSettings>
</configuration>