NAV 2009 Vs NAV 2013 Web Services (WS) Technology
NAV 2009
Security for Web Services (WS) in NAV 2009 is managed by using Windows
Authentication.
This is the reason access to NAV 2009 Web Services requires
the user to log into a domain and be a valid Windows Login in NAV.
Consequently, this is also why the user accessing the Web Services URL
receives a login prompt when the SPNs/delegation is not setup properly.
All the SPN/delegation setup allows the NAV Service (either RTC or WS) to
authentic a user and then use that user's credentials when accessing
data.
This authentication/delegation process is essential to making sure that
unwanted (or unauthorized) users do not have access to a customer's NAV data.
it would not work to have a public facing website where all users are
anonymous access the NAV WS.
The WS functionality was not designed for this.
You would need some intermediate solution (maybe some C# or .NET app) to take
the submitted data from the website,
verify, process, and submit it to the
published NAV web service; the solution would then need to receive the
reply/result
from the NAV web service to provide to the website.
The intermediate solution would store the necessary NAV credentials (a domain
user account that has a NAV login) to access the NAV web service.
NAV 2013
NAV 2013 is a better technology!, many autenthication methods are supported
!
With NAV 2013 it's possibile to connect to Web Services using Windows
authentication (and Windows User), NavUser, Navuser + Ecrypted key, OpenId
(Cloud Scenario)
These defferential authentication processes are essential to making sure that
unwanted (or unauthorized) users do not have access to a customer's NAV data
(like Nav 2009 architecture)
NAV User Mapping
> isn't possibile to map on NAV users : "Everyone",
"Anonymous Login" etc. (security reasons)
> is possibile to map instead "Network
services", "Local System" ex: for NAS utilization insted of dedicated Windows
(service) user
NAV 2013 Mixed Mode Scenario
we need two
separate services to managed different authentication environments
1) 1 service only for NAV RTC User (with windows domani authentication) ex :
DB_RTC
2) 1 service only for WS Services (with NavUser authentication, +
encrypted password ...) ex: DB_WS
may be a solution !
Bob