Does the Navision (2009) Webservice support authentication to a remote database? - web-services

I'm currently attempting to deploy the Navision webservice (from Dynamics Navision 2009) and am finding that the webservice authenticates when connecting to a local Navision SQL database but NOT a remote Navision SQL database.
So we have servers S (with a full Navision install) and W (with only the Services installed). The CustomSettings.config file on these two systems is identical except that where S references localhost:
<add key="DatabaseServer" value="127.0.0.1"></add>
<add key="ClientCredentialType" value="Windows"></add>
W references S:
<add key="DatabaseServer" value="S"></add>
<add key="ClientCredentialType" value="Windows"></add>
(Other details omitted.) The webservice itself is running as the same domain user in both cases, and that user is authenticated within Navision.
When I connect to the webservice which is running on S, authentication works and the service proceeds as normal:
http://S:7047/DynamicsNAV/WS/Company/Codeunit/RLIntegartion
I'll omit the actual result here. When connecting via W instead:
http://W:7047/DynamicsNAV/WS/Company/Codeunit/RLIntegartion
the webservice instead returns XML indicating an authentication failure:
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
<s:Body>
<s:Fault>
<faultcode xmlns:a="urn:microsoft-dynamics-schemas/error">
a:Microsoft.Dynamics.Nav.Types.NavDatabasePasswordException
</faultcode>
<faultstring xml:lang="en-US">
The login failed when connecting to SQL Server S.
</faultstring>
<detail>
<string xmlns="http://schemas.microsoft.com/2003/10/Serialization/">
The login failed when connecting to SQL Server S.
</string>
</detail>
</s:Fault>
</s:Body>
</s:Envelope>
I can configure an ODBC connection on W to the Navision database on S and the connection succeeds and authenticates correctly, so the actual database connection and authentication appears to be fine.
I'm aware that the webservice itself must normally be accessed locally so that any files written can be read from where the Navision webservice has written them, but from what I can tell in the documentation the webservice may legitimately access the database from a separate server. However, in practice (per above) this doesn't seem to actually work.
Is this a restriction that Navision imposes? If not, does anyone have any suggestions as to why the webservice is failing to authenticate when accessing a remote database when the same webservice succeeds locally?
Or could it be a limitation imposed by the codeunit programmers? I've spoken to them and they indicate that this should work, but clearly it does not.

That is known problem of Nav 2009. In later versions it's working without additional tricks. To solve this you need to create SPN.
Me personally was not able to set it properly so I just always installed web service tier on the same server with SQL. In this case it works.

There are three participants in this scheme - DB, web service and the client (that connects to this service). The problem appears only when all these three participants are on three different machines.
This three-machine setup will work only if the following requirements are fulfilled:
1) your client is capable of using Kerberos authentication (e.g. Internet Explorer or .NET applications are capable, but Chrome or PHP applications are not)
2) you set up NAV to use Kerberos authentication (as opposed to NTLM) and you set up delegation.
Delegation is a process that allows NAV server (or web service) to take the authentication ticket that came from client and pass it to SQL Server. You need to explicitly allow this in Active Directory setup. For that you will need SPNs - they basically describe the subjects that take part in this delegation.
You may refer to these manuals to setup the whole thing:
MSDN Walkthrough: Installing the Three Tiers on Three Computers
MSDN How to: Configure Web Services with Delegation
NAV 2009 Web Services on a three machine setup
You can also revert to more simple setup of using two-machines setup. In this case, either NAV server and SQL server should be on the same machine, or NAV server and the web service client should be on the same machine. As an example of the latter, you may create a small custom web service which acts as a proxy for your calls, and publish it on the same machine as NAV server/web service.

Related

How to make call out to secured web service

Am receiving the message "System.Net.WebException: The HTTP request was forbidden with client authentication scheme 'Anonymous'." when trying to call the web service at "https://graphical.weather.gov/xml/SOAP_server/ndfdXMLserver.php" using BizTalk 2013.
I've imported the wsdl directly from the site, creating the schemas and the bindings to make the call. The Send port is set up as WCF-BasicHttp, Security Mode: Transport, Transport Client Credential Type: None. I'm able to call the service using SOAP-UI from the BizTalk server, providing no form of authentication.
Have read numerous posts and documentation, but nothing I've done to this point has helped. I'm sure I'm missing something; just not sure what that something is!
From the looks of the WSDL: <soap:binding style="rpc" transport="http://schemas.xmlsoap.org/soap/http"/> it's an RPC type web service
Like the documentation specifies: 'The WCF adapters do not support consuming Remote Procedure Call (RPC)-style Web services because the message parts in RPC-style Web services are referring to the message types rather than the message elements where WCF adapters are using elements for the message parts. We recommend that you add the RPC-style Web services through Add Web Reference wizard for consuming the Web services in BizTalk projects.'

IP-addresses Log file by all requests in MULE CE 3.3.0?

in MULE CE 3.3.0 I want to implement this process:
1- Post- office has a service for giving postal-code to clients. So post-office creates a WSDL-file for its service.
2- Here, our company is a connector between post-office and clients. Our company using mule and create another WSDL file based on post-office’s WSDL file and published out the WSDL for client usage.
3- Company-A and Company-B, get the WSDL-file URL and for instance in My-eclipse IDE or any other IDEs create a portlet and deploy it in a liferay portal as a web-service for displaying postal-code to its clients.
During this process I want to have a log file of ip-addresses. It means, I want to after each request that Company-A’s client or Company-B’s client sent to the server(Our company), it’s Ip-address insert into a database or in a file.
I illustrated my position in the image by a red Arrow. Now I want to put an script in MULE server that and gather all the ip addresses that Company-A's and Company-B's customers who use post-code webservice.
Can I use cxf-interceptor for this issuse ? and how? guide me?
As genjosanzo has suggested in https://stackoverflow.com/a/15993127/387927, you can access all the Mule headers in a CXF interceptor. This means that yes, you can achieve your goal with a CXF interceptor.
Here is an example of such an interceptor: https://github.com/mulesoft/mule/blob/mule-3.3.1/modules/cxf/src/main/java/org/mule/module/cxf/support/MuleHeadersInInterceptor.java
Here is a configuration sample that shows how to use Spring to instantiate and configure CXF interceptors: https://github.com/mulesoft/mule/blob/mule-3.3.1/modules/cxf/src/test/resources/header-conf.xml
The gist of it is:
<cxf:inInterceptors>
<spring:bean id="foo1" class="org.apache.cxf.interceptor.LoggingInInterceptor"/>
</cxf:inInterceptors>

Security of SOAP based web service in Java, Netbeans, Tomcat

I have created an android application that calls (using kSOAP library) a SOAP based web service (developed in java, netbeans) over the intranet.
Now i want to make the application live, so this will require my web service to be exposed on the internet.
I have following questions...
How do i make sure that no one knows about the web service link except my android application
No one is able to call the web service except my android application
The data transferred between android application and web service is secure and encrypted
What kind of authentication mechanism should be used
I'm new to web services security so forgive me if my questions are dumb :)
This is impossible. Anyone having your app might use a traffic analyzer like wireshark and see all the requests it makes.
Sign each request you app makes(add some soap header) and check the signature on the server side
Use HTTPS
How to do authentication using SOAP?

What's the difference between WSDL,DISCO and EVENT?

All of them are web services, but what's the difference?
WSDL (Web Service Description Language) is a standard notatation for describing a Web Service in xml.
DISCO is a tool for querying SOAP and similar services and extracting useful information from the WSDL provied.
EVENTs is a proposed standard which uses WSDL and extends WSDL to support publish subcribe type event driven processes.
WSDL:
WSDL is a markup language that describes the web service. In order to use this Web service, the Client application developers need to know the methods exposed by the Web service and the parameters to be passed to these methods. It is imperative that access to these methodologies is available at development time and it is just this need that WSDL addresses.
DISCO:
The Web Service Discovery Tool (DISCO) is used to discover the URLs of XML Web Services located on a Web server and saves documents related to each XML service on a local disk. The DISCO takes the URL and discovers and produce publishes discovery documents (.wsdl, .xsd, .disco and .dicomap files) as arguments. Some of the options available for use with this tool are:
/d[omain]:domain - Specifies the domain name to use when connecting to a proxy server that requires authentication
/nosave - Does not save the discovered document or results
/nologo - Suppresses the Microsoft startup banner display
/o[ut]:directoryName - Specifies the output directory in which to save the discovered documents. Current directory is the default one.
/p[assword]:password - Specifies the password to use when connecting to a proxy server
/proxy:url - Specifies the URL of the proxy server to use for HTTP requests.
DISCO is a tool, not a web service itself.
EVENT:
if you mean to WS-Eventing, see here.
UDDI- UDDI is a central directory. It will have web services listed from multiple domain and servers.
DISCO- Disco contain web services listed from one domain and server.By which particular web service can be selected.
WSDL- It describe the rules or grammar for the function that are exposed in the web services.

BizTalk web-service call: unable to connect to remote server

I am trying to call a web service from a BizTalk (2006) orchestration.
Having got the hang of the basics, I have been following this tutorial (page 74 onwards) in which i have a web reference to an external web service (I am using this web service instead of the one in the tutorial), I have my web message in a Send component, and have set up the request / response ports for the web service call.
I'm fairly sure that eveything is set up correctly, but my orchestration fails to call the web service with the following error:
The adapter failed to transmit the message going to send port
"My_Order_Processor.Orchestration-CurrencyConvertPort-36c122f41c5596ae"
with URL "http://www.webservicex/net/CurrencyConvertor.asmx.
WebException: Unable to connect to the remote server.
SocketException: An existing connection was forcibly
closed by the remote host 209.162.186.60:80
The IP 209.162.186.60 is the address for the web service I am trying to connect to. I am trying to narrow down the reasons for the error, e.g.:
Firewall issues
Proxy server issues (I don't know how to configure BizTalk to use a proxy server)
Something else
The BizTalk server can ping the web service, I can access the internet (through IE), I can add the WebReference to the project successfully (meaning at least the orchestration designer can access the web service okay). I have also tried a different web service, with the same result.
Any ideas on finding out why this is happening or how to find out more info? (I'm new to BizTalk)
I've seen this veru vague error before for many different reasons. Two suggestions.
Download something like NetMon and watch what is going on on the wire.
Turn off chunked encoding. For some reason, many web services don't handle this well.
Let us know what you find out.
Could this not be an authentication issue? Check that you can connect to the webservice using the Bts credentials.
This turned out to be a proxy issue.
By navigating to Biz Talk Group -> Platform Settings -> Adapters -> SOAP, I was able to configure the BizTalk server host's SOAP adapter (which is what the web service call uses to make the call) to use our company proxy server correctly. Double click the 'send' SOAP adapter, go to Properties under adapter name.