Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases now! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Extending Microsoft Dynamics NAV 2016 Cookbook

You're reading from   Extending Microsoft Dynamics NAV 2016 Cookbook Extend Dynamics NAV 2016 to win the business world

Arrow left icon
Product type Paperback
Published in Jan 2017
Publisher Packt
ISBN-13 9781786460608
Length 458 pages
Edition 1st Edition
Languages
Arrow right icon
Author (1):
Arrow left icon
Alexander Drogin Alexander Drogin
Author Profile Icon Alexander Drogin
Alexander Drogin
Arrow right icon
View More author details
Toc

Table of Contents (11) Chapters Close

Preface 1. Writing Basic C/AL Code FREE CHAPTER 2. Advanced C/AL Development 3. Reporting and Data Analysis 4. .NET Interoperability in C/AL 5. Extending C/AL with COM Components 6. SharePoint Integration 7. Control Add-ins 8. Web Services 9. Events and Extension Packages 10. PowerShell

Configuring web server

Web server configuration requires proper attention, because the setup must ensure security of the data sent over the Internet. This recipe will explain how to access your NAV Server from a web browser using a secure connection with the HTTPS protocol. In conclusion, we will see how to connect to NAV from a mobile device will simple additional steps.

Getting ready

Several prerequisites must be met before you can connect to your NAV server over the Web.

  • Microsoft Dynamics NAV Web Server must be installed and connected to the NAV Server instance which you want to be accessible from the phone client. Web server and NAV Server can be running on separate computers, but the web server must have access to the NAV instance.
  • To generate a self-signed security certificate you will need the New-SelfSignedCertificateEx PowerShell cmdlet that can be downloaded from Microsoft TechNet.
  • To connect to the NAV server from a mobile device, as per the There's more section, NAV Phone Client must be installed on your device. The installation path depends on the OS version of your mobile device. For example, on an Android device, tap the Google Play icon and type Dynamics NAV in the Search window. Then choose the Dynamics NAV application from the search result and follow the on-screen installation instructions.

How to do it...

  1. From the Start menu, run the Dynamics NAV Administration Shell or Windows Powershell and change the active directory to the folder where you saved the New-SelfSignedCertificateEx.ps1 cmdlet.
  2. Run the cmdlet with the following parameters, replacing "<Server Name>" with the name of your computer hosting the web server:
          .\New-SelfSignedCertificateEx.ps1 -Subject "CN=<Server Name>"
          -IsCA $true -Exportable -StoreLocation LocalMachine -StoreName My 
    
  3. Run Microsoft Management Console. Open the Application menu and type mmc.
  4. Click Add/Remove Snap-in in the File menu.
  5. Select Certificates in the list of available snap-ins, click Add, then choose Computer Account, and then Local Computer.
  6. Unfold the Personal / Certificates folder under the Console Root and locate the certificate you just created. You can easily identify it by the Issued To and Issued By fields. They both will have the name of your computer.
  7. Right-click on the certificate, select All Tasks | Manage Private Keys. Add Read permission for NETWORK SERVICE account.
  8. Copy the certificate from Personal | Certificates to Trusted Root Certification Authorities | Certificates.
  9. Double-click on the certificate name or choose Open from the drop-down menu. Open the Details tab and scroll to the Thumbprint field.
  10. Copy it to a text editor and remove all white spaces from it. The correct certificate thumbprint must be a 40-digit hexadecimal number. For example: 0d64836e14b528488bcc64853088553705078969.
  11. Right-click on the certificate name and choose All Tasks | Export. Accept the default values for all options in the certificate export master: do not export the private key, choose the X.509 in DER encoding as the certificate format. Specify the file's location and name; this is the file you will need to copy to the client connecting to NAV.
  12. In the Microsoft Management Console, click Add/Remove Snap-ins, choose Microsoft Dynamics NAV in the snap-ins list, and add it to the console root.
  13. Right-click on the Microsoft Dynamics NAV snap-in and choose Add Instance.
  14. In the Server Instance window, specify the new instance name and services ports. For this demo, we will name the instance WebLogin. When setting ports for services, make sure they are not used by other NAV instances.
  15. Select Network Service as the service account:

    How to do it...

  16. Click OK to accept the settings and create the service instance. Still in the management console, click the Edit button in the right pane to change the configuration setting of the new service:

    How to do it...

  17. The first parameter that should be changed is Credential Type. The default value is Windows; select NavUserPassword in the dropdown list.
  18. You also need to provide the certificate thumbprint in the Certificate Thumbprint field. To obtain the thumbprint value, return to your certificate created in the first step and double-click on the certificate name or choose Open from the drop-down menu. Open the Details tab and scroll to the Thumbprint field.
  19. Copy the thumbprint to the NAV service setup. Don't forget to remove all white spaces from it, or the value will not be accepted.
  20. Add the Internet Information Services snap-in to the Microsoft Management Console. Click Add/Remove Snap-in and select Internet Information Services.
  21. In the Sites folder locate Microsoft Dynamics NAV 2016 Web Client. Select the site root and click on Bindings in the Actions pane.
  22. Add site binding for HTTPS protocol: choose https for Type and leave the default port as 443 for HTTPS connections. In the SSL certificate option choose the certificate you created in the first step, from the drop-down list.
  23. In the IIS management console, select the DynamicsNAV folder under the Microsoft Dynamics NAV 2016 Web Client site and then click on Explore action in the Actions pane. This action will open the folder in which web site files are located. Alternatively, you can open this folder in a file manager. The default files location is C:\inetpub\wwwroot\DynamicsNAV90.
  24. Open the web.config file in a text editor, change the following three configuration keys, and save the file:
    • ServerInstance. New value: WebLogin
    • ClientServicesCredentialType. New value: NavUserPassword
    • ClientServicesPort. New value: 7056

  25. Connect to the NAV server with the role-tailored client and open users setup: Administration | IT Administration | General | Users.
  26. Create a new user. Enter a user name and set the password in the Microsoft Dynamics NAV Password Authentication tab. Leave the Windows User Name field blank.
  27. Assign permission sets of your choice to the user. At least one user in the database must have the SUPER permission set.
  28. Install the certificate on the client computer.
  29. Run the web browser and open the page by typing this URL, https://localhost:8080/DynamicsNAV90/.

    You will required to enter the user name and password:

    How to do it...

  30. After successful authentication, you will be redirected to the default role center:

    How to do it...

How it works...

In Step 1 through Step 8 we generate a self-signed SSL certificate the same way we did in the previous recipe of this chapter, Configuring NAV Server. The certificate is required whenever we need to establish a secure connection with authentication type other than Windows.

After running the New-SelfSignedCertificateEx cmdlet, your new certificate is created in the LocalMachine certificate store. A client computer connecting to the server must hold a copy of this certificate. To copy it to the client PC or mobile device, you need to export the certificate file. Step 9 exports the security certificate into a file that will be installed on client. A new NAV Server instance is created and configured in Step 10 to Step 17. We need two service instances here to redirect web requests to a separate service and leave Windows users unaffected. The user login type in NAV is defined by the server-side setup, and once a service is configured for NAVUserPassword credential type, it cannot authenticate users with the Windows credential type; they will receive a "Protocol mismatch" error. Since web users are outside of the corporate domain and cannot access the server with Windows credentials, we must change the authentication type they use. But we still want domain users to be able to login with their Windows domain account. And this is why we need the second service instance. Users within domain will be connecting to the service DynamicsNAV90, nothing will change for them. On the other hand, web requests will be redirected to the WebLogin service. Since both services point to the same database, all users will work with the same data and application.

Our front-end is the web server published by the Internet Information Services (IIS), and the IIS service must forward all incoming requests to the correct back-end service. Now let us configure the web service.

The final setup on the web server side is to configure authorization requests from IIS to the NAV instance that will serve them.

There's more...

With the web server configuration complete, you can connect to the same service from a mobile device running NAV Tablet Client or Phone Client.

Your mobile device must have the SSL certificate registered, same as the Windows Role-Tailored Client. To install the certificate on the mobile device:

  • Copy the exported certificate file to the mobile device, locate it, and click on the file.
  • Give a name to the certificate when asked. This name is independent of the server or client name and can be any text as shown in the following screenshot:

There's more...

After the certificate is successfully installed, you will see a confirmation. Then locate the Dynamics NAV phone client shortcut in your applications and click it. You will be prompted to enter the service name:

There's more...

Enter the server name and the web instance name and connect to the server. You will be asked to enter a user name and password. These are the name and the password of the user created in the previous step.

Now you are connected to the NAV server:

There's more...

Note

If you are configuring a web server inside your corporate network, it is possible that you won't be able to perform this step and connect to the server from a mobile phone. Corporate security policies often block connections to internal resources from outside. In this case, discuss possible solutions with your company's system administrators.

See also

  • The Configuring NAV Server recipe
You have been reading a chapter from
Extending Microsoft Dynamics NAV 2016 Cookbook
Published in: Jan 2017
Publisher: Packt
ISBN-13: 9781786460608
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime