Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Extending Microsoft Dynamics NAV 2016 Cookbook

You're reading from   Extending Microsoft Dynamics NAV 2016 Cookbook Extend Dynamics NAV 2016 to win the business world

Arrow left icon
Product type Paperback
Published in Jan 2017
Publisher Packt
ISBN-13 9781786460608
Length 458 pages
Edition 1st Edition
Languages
Arrow right icon
Author (1):
Arrow left icon
Alexander Drogin Alexander Drogin
Author Profile Icon Alexander Drogin
Alexander Drogin
Arrow right icon
View More author details
Toc

Table of Contents (11) Chapters Close

Preface 1. Writing Basic C/AL Code FREE CHAPTER 2. Advanced C/AL Development 3. Reporting and Data Analysis 4. .NET Interoperability in C/AL 5. Extending C/AL with COM Components 6. SharePoint Integration 7. Control Add-ins 8. Web Services 9. Events and Extension Packages 10. PowerShell

Configuring NAV Server

After installing the demonstration or development configuration, you can access the NAV database without any additional setup - just run the Role-Tailored Client. Now let's see how to change default settings and connect to NAV Server with NAV user credentials instead of Windows domain authentication.

Getting ready

The NAV User Password authentication method requires an SSL certificate that must be installed on both server and client computers. For testing purposes, you can generate a self-signed certificate with the New-SelfSignedCertificateEx PowerShell cmdlet that can be downloaded from Microsoft TechNet.

How to do it...

  1. Run Role-Tailored Client and connect to your NAV Server instance.
  2. In the main application menu, navigate to Administration | IT Administration | General | Users to open the list of user accounts and click New.
  3. Fill in the user card. The first field to enter is User Name. Enter here the login name the user will enter when connecting to the server.
  4. Leave Windows User Name blank and move to the Microsoft Dynamics NAV Password Authentication tab, click on the assist edit button in the Password field, and enter a new user password.
  5. Move to User Permission Sets tab and assign one or more permission sets to the user account.

    Note

    Users without permission sets won't be able to login to the server. At least one user account must have the SUPER permission set assigned to it.

  6. From the Start menu, run the Windows PowerShell console with administrator credentials. To do this, open the start menu, type PowerShell, right-click on the application name, and choose the command Run as administrator.
  7. Change the current directory to the folder where you saved the New-SelfSignedCertificateEx.ps1 cmdlet.
  8. Load the contents of the New-SelfSignedCertificateEx.ps1 file into the shell:
          . .\New-SelfSignedCertificateEx.ps1 
    
  9. Run the function New-SelfSignedCertificateEx with the following parameters, replacing "<Server Name>" with the name of your computer hosting the web server:
          New-SelfSignedCertificateEx -Subject "CN=<Server Name>"
            -IsCA $true -Exportable -StoreLocation LocalMachine 
    

    The following screenshot shows the output generated:

    How to do it...

  10. Run Microsoft Management Console: open the Application menu and type mmc.
  11. Click Add/Remove Snap-in in the File menu.
  12. Select Certificates in the list of available snap-ins, click Add, then choose Computer Account, and then Local Computer.
  13. Unfold the Personal | Certificates folder under the Console Root and locate the certificate you just created. You can easily identify it by the Issued To and Issued By fields. They both will have the name of your computer.
  14. Right-click on the certificate, select All Tasks | Manage Private Keys. Add Read permission for NETWORK SERVICE account.
  15. Copy the certificate from Personal | Certificates to Trusted Root Certification Authorities | Certificates.
  16. Double-click on the certificate name or choose Open from the drop-down menu. Open the Details tab and scroll to the Thumbprint field:

    How to do it...

  17. Copy it to a text editor and remove all white spaces from it. The correct certificate thumbprint must be a 40-digit hexadecimal number. For example, 0d64836e14b528488bcc64853088553705078969.

    Note

    This number is only an example. Your certificate will have a different thumbprint.

  18. Keep the value, it will be required in the next step.
  19. From the Start menu, run Dynamics NAV 2016 Administration.
  20. Unfold the Microsoft Dynamics NAV (local) snap-in under the console root and choose your server instance name. If you accepted the default name when installing the server, it should be DynamicsNAV90.
  21. Click Edit in the configuration pane. Change the value of the Credential Type field from Windows to NAVUserPassword.
  22. Fill the Certificate Thumbprint field. Copy the value you received from the self-signed certificate. Make sure you delete all spaces between digit groups. The certificate thumbprint must be exactly 40 characters long.
  23. Click Save - you will be warned that the service must restart before the new settings will be activated.
  24. To restart the service, click on the snap-in name (Microsoft Dynamics NAV), then choose the service instance in the middle pane of the management console. After that, the Restart button will be available in the Actions pane on the right. Click Restart and wait for the action to complete:

    How to do it...

  25. Open the ClientUserSettings.config file located in the AppData directory. Its default location is C:\Users\<UserName>\AppData\Roaming\Microsoft\Microsoft Dynamics NAV\90\ClientUserSettings.config.
  26. Change the value of the ClientServicesCredentialType key from Windows to NavUserPassword:
            <add key="ClientServicesCredentialType" 
              value="NavUserPassword" /> 
    
  27. Run the Role Tailored Client. You will be requested to enter a user name and password. Enter a user name and password of the user you created earlier. You will be connected to NAV with the NAV user credentials instead of your domain account.

How it works...

Changing the authentication method requires a number of changes in configuration on both the server and client side.

Creating a NAV user account

Since we want to change the server authentication type, first of all we need to create a user account that will be able to connect to the server after the new configuration takes effect. Step 1 to Step 5 create a new user that will connect with new credentials.

Generating a self-signed certificate

When a NAV client connects to a server with Windows authentication, Windows hides all security details inside the Kerberos protocol. If we want to connect without Windows authentication, we must provide a digital certificate that will ensure security of communication between client and server. Real-life certificates are issued by a trusted certification authority, but for development and testing purposes you can create your own certificate.

Step 6 and Step 7 will create such a self-signed certificate. When generating a certificate, make sure that the server name passed to the cmdlet exactly matches the computer's full name, as shown in its properties. If you don't know the server's full name, open the Windows File Explorer, right-click on Computer, and select Properties. If your computer is connected to a domain, its full name should include the domain name. For example: mycomputer.domain.com.

Obtaining the certificate thumbprint

After running the New-SelfSignedCertificateEx cmdlet, your new certificate is created in the LocalMachine certificate store. Each SSL certificate has a so-called thumbprint, a hexadecimal number generated by a hash algorithm from the certificate content. This number must be provided to both the NAV server and client to establish a secure connection.

Changing the server configuration

Step 15 to Step 20 modify the server instance configuration. We simply change two keys in the server setup, but this would not work without long preparation work made in previous steps.

A final modification in the client configuration file is required to ensure that client and server will use the same authentication protocol.

You have been reading a chapter from
Extending Microsoft Dynamics NAV 2016 Cookbook
Published in: Jan 2017
Publisher: Packt
ISBN-13: 9781786460608
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image