Reputation: 2636
Authentication for NAV Web Services with Windows User over HTTP Basic Authentication
I have a NAV instance which exposes (OData) Web Services and is configured to use Windows as the credential type. I am able to authenticate against these Web Services successfully with NTLM. However, I would prefer to use HTTP basic authentication to authenticate against the service. I understand that one can create an Access Key for authentication. I understand that if I set the Basic Authentication Username to the User Name and the password to the Web Service Access Key from the NAV User Card, I should be able to use Basic HTTP Authentication. I have done this successfully on other NAV instances that are configured to use the NavUserPassword credential type. However, this doesn't work for the instance with Windows credential type.
More specifically, if I request a protected resource from the NavUserPassword instance, I recieve a 401 with a WWW-Authenticate header with value Basic realm="". If I do the same with the Windows instance, I get a WWW-Authenticate header with value NTLM. This suggests that it's not a simple case of providing the wrong password but a more complicated case of the NAV instance not being configured to accept any Web Service Access Keys.
The documentation on Web Services Authentication seems to imply that for Windows credential type, HTTP Basic Authentication for Web Services is not possible, but that isn't very explicit and I'm not sure if I am parsing the documentation correctly.
As an aside, the above documentation suggests that OAuth may also be used as an authentication mechanism but the linked documentation is behind a PartnerSource portal wall. If HTTP Basic Authentication isn't an option in my case, is OAuth an option?
Upvotes: 1
Views: 9317
Answers (2)
Reputation: 2314
I haven’t tried myself, but as it’s said here
All users of a Microsoft Dynamics NAV Server instance must be using the same credential type. You specify which credential type is used for a particular Microsoft Dynamics NAV Server instance in the Microsoft Dynamics NAV Server Administration tool.
So you can’t authenticate user with NavPassword if the instance is configured for ntlm. But you always can have separate instance (= service tier) installed and configured for another credentials type.
You can also restrict regular RTC users from connecting that instance at all and make it dedicated to web services.
Upd
As I've already mentioned service tier is the same as Nav instance. One can find out how to create new nav instance from Microsoft Docs. The difference between instances will be in the URL to access them. Different instances can be located on separate servers as well as on the same one.
In terms of MS Windows Nav instance is a service.
Upvotes: 3
Reputation: 705
it is possible, the steps are
- You'll need a Service Tier using NavUserPassword Auth (for this you'll need a certificate)
- In NAV you need to create a new user and generate a Web Service Key for it
- Using the Username and the Key you can use Basic Auth
https://learn.microsoft.com/en-us/dynamics-nav/web-services-authentication
Upvotes: 1
Related Questions
- which Dynamics NAV web service to use
- NTLM authentication for Microsoft Dynamics NAV '18 web service from Node.js fails
- Does the Navision (2009) Webservice support authentication to a remote database?
- Calling an external API from Microsoft Dynamics Nav
- Dynamics Nav 2013 web service without authorization
- .NET web service secure
- Web Service over HTTP with NTLM Authentication
- Authentication in navision web service under VPN
- Soap NTLM Authorization
- Consuming Web Service via Windows Authentication