Dynamics Nav 2013 web service without authorization

5.8k views Asked by At

We are going to integrate Dynamics NAV 2013 with PHP eCommerce and are planning to do this by dynamics nav web services. I know that to integrate with PHP I have to enable NTLM authentication, but I'm wondering if is it possible to publish web service which doesn't require login/password authorization?

Second thing, if I want to allow only specified IP's to access my web service, is it possible to do this in Navision or it's server administrators problem?

2

There are 2 answers

0
Alexander Drogin On BEST ANSWER

The client consuming a Nav web service has to be authenticated and mapped to a system user account, but it is possible to authenticate via the user name and the corresponding web service access key instead of the domain password. Common approach is to create a user account that is used for web service access only, generate the web service access key, and pass this dedicated user's credentials from the consuming application. Client application will be required to provide the security certificate. Besides, it is a good idea to create a separate service instance specifically for external access (usually users connecting via WAN).

  1. Create a new Nav server instance and set ClientServicesCredentialType" = "NavUserPassword". How to configure authentication via NavUserPassword
  2. Create a user account with Web Service Access Key: Use an Access Key for SOAP and OData Web Service Authentication
  3. Setup security certificate for the web service: Implementing Security Certificates
  4. Develop your application that will consume Nav web service, and pass the Nav user name and the web service access key instead of the password from this application.

This way, all users connecting from your web application will be authenticated, but they won't have to enter user name / password and you don't risk exposing your domain account credentials.

As for your second question - there is no way to setup this restriction from inside Nav that I'm aware of. I think this is a task for sysadmins - firewall applications allow you to setup very elaborate access rules.

0
Mak Sim On
  1. No you can't disable auth (you able to select auth type other than ntlm though). And I believe there is no case in witch you shoud do this with Nav. Nav stores financial information so no-no-no you should not do this under any corcumstances.
  2. No you can't restrict acceess by IP via Nav.