Tag: SSL

PowerBI.com

Microsoft Power BI – Part – VI

Ashwini Tripathi

Continuing from my previous post, if you have not seen yet please check it out it will help you continuing with this post.

You can check:

Microsoft Power BI – Part – I

Microsoft Power BI – Part – II

Microsoft Power BI – Part – III

Microsoft Power BI – Part – IV

Microsoft Power BI – Part – V

Today we will discuss how to use Power BI Content Pack:

PowerBI-60

Few things to keep in mind to get report Generated Successfully.

Point-1 You have required objects for this content pack in your database.

If you are using 2016, you can skip this as these objects are available in 2016. If you are using 2015 or 2013 then export these objects from 2016 and import in your database.

PowerBI-61

Above Pages will be present in your previous version of database, you need to import the 6 Query objects. These are necessary as these are used as source to fetch data from your data base by this content pack.

Point-2 Web Services need to be published.

PowerBI-62

Make sure you use same name for Services as you may get error while connecting and refreshing/ fetching data using this content pack.

Point-3 SSL port and web address is used to access the services.

https is used as this will not work on http.

Self-signed certificate will not work which we use for test purpose for publishing services and testing. It will throw Trusted relationship connection type error. If you have one use the same instead using Self-signed certificate.

No worries, don’t be disappointed. I will give you tip to overcome this requirement just follow as below:

You may remember that in our previous post we installed and used Power BI Gateway, actually we got a Trusted Certificate which we can use for this purpose.

PowerBI-63

Open IIS Manager on your system.

PowerBI-64

Select Serve/ Machine in Left Navigation Tree and Select Server Certificates.

PowerBI-65

Locate the Data Management Gateway SSL Certificate, this got installed when you installed Gateway. Double click to open the Properties of the certificate.

PowerBI-66

Switch to Details Tab, Scroll down to find Thumbprint, and Copy the Thumbprint and paste to Notepad finally remove all space leading, trailing and any in between.

It should look like above right bottom corner notepad window no space in Thumbprint signature.

Copy this Value and use as Thumbprint in you Navision Service.

PowerBI-67

Select Your Service.

Edit.

Paste the Certificate Thumbprint.

Make Sure SSL is Enabled for your OData Services.

Save.

Restart the Service.

We are done with the basic requirements now let us connect using Power BI Miscrosoft Navision Content Pack.

Now Login with your credentials to Power BI.

PowerBI-68

From Left bottom corner Select Get Data.

PowerBI-69

Select Get Data from Services.

PowerBI-70

Scroll to find Microsoft Dynamics NAV Services and Select Connect.

PowerBI-71

Copy your OData Service URL. Make sure you remove Service name from the URL and trailing ‘/’ after company name from the URL.

Select Next.

PowerBI-72

Select the Authentication Method and then Sign In.

PowerBI-73

Wait for few minutes you dataset will be loaded.

As a result you will get: Dataset, Report & Dashboard ready for you in few minutes depending upon the data volume and connection speed.

PowerBI-74

The report and dashboard view will be as per the available data in your database.

Hurray!!!

You are done with your practice session.

This is a Holi Gift for my reader from my side.

I will come up with more features explanation and other Tips & Tricks in my upcoming posts, till then keep practicing and learning from blogs and helps available online.

 

Advertisement
Corfu Navision 2016, Development Tips, How To, IIS, Information, Instalation & Configuration

Configuring SSL to Secure the Connection to Microsoft Dynamics NAV Web Client

Ashwini Tripathi

It is always recommend that you secure Microsoft Dynamics NAV data that is transmitted over the Internet by enabling Secure Sockets Layer (SSL) on the connection to Microsoft Dynamics NAV Web client.

Enabling SSL on a website requires that an SSL certificate is installed on the web server. An SSL certificate is a small file that the web server uses to prove its identity and establish a trusted connection with the browser that is trying to access Microsoft Dynamics NAV Web client.

When a browser connects to the Microsoft Dynamics NAV Web client, the web server replies by sending its certificate to the browser. This certificate contains the web server’s public encryption key and the name of the authority that granted the certificate. The browser verifies the certificate using the authority’s public key.

Note You can configure SSL for the Microsoft Dynamics NAV Web client when you install the Microsoft Dynamics NAV Web Server components.

Obtaining an SSL Certificate

In a production environment, you should obtain an SSL certificate from a certification authority. Some large organizations may have their own certification authorities, and other organizations can request a certificate from a third-party organization. In a test environment or development environment, you can create your own self-signed certificate.

To create a self-signed SSL certificate

Open Internet Information Services (IIS) Manager, on the Start menu, choose Administrative Tools, and then choose Internet Information Service (IIS) Manager.
IIS-1

  • In the Connections pane, choose the top-level node for the server.
  • On the Home page, under IIS, choose Server Certificates, and then in the Actions pane, choose Open Feature.

IIS-2

  • On the Server Certificates page, choose Create Self-Signed Certificate.
  • In the Specify Friendly Name dialog box, type a brief name for the certificate, and then choose the OK button.

IIS-3

The new certificate appears on the Server Certificate page.
IIS-4

Adding an HTTPS Binding That Uses the Certificate on the Microsoft Dynamics NAV Web Client Site

After you get the certificate, you add a binding to the https protocol on the website. When you add the binding, you associate it with the certificate.

To add an https binding with the certificate to the website

  • Open Internet Information Services (IIS) Manager.
  • In the Connections pane, expand the Sites node, and then choose the Microsoft Dynamics NAV Web client site to which you want to add the binding.

By default, the site has the name Microsoft Dynamics NAV 2016 Web Client.

  • In the Actions pane, choose Bindings.

IIS-5

  • In the Site Bindings dialog box, choose Add.
  • In the Add Site Binding dialog box, set the Type field to https.

IIS-6

You can use the default port 443 or change it to another port. If you change it to another port, you will have to provide the port number in the URL when you try to open the client.

  • Set the SSL certificate field to the certificate that you obtained or created for the site.

IIS-7

  • Choose the OK button, and then choose the Close button.

Redirecting HTTP to HTTPS (Optional)

To ensure that users always access the site that is secured with SSL, you can automatically redirect HTTP requests to HTTPS. This means that users do not have to explicitly include https in the URL in the browser.

For example, the nonsecure URL of the Microsoft Dynamics NAV Web client could be

http://mywebclient:8080/DynamicsNAV90/WebClient

The secure URL could be

https://MyWebclient:443/DynamicsNAV90/WebClient

If a user types

http://MyWebclient:8080/DynamicsNAV90/WebClient,

the browser automatically redirects to

https://MyWebclient:443/DynamicsNAV90/WebClient

 

There are different ways to redirect HTTP requests to HTTPS.

The following procedure describes how to redirect HTTP requests to HTTPS by installing the Microsoft Application Request Routing for IIS 7 and modifying the web.config file for the Microsoft Dynamics NAV Web client.

To redirect HTTP to HTTPS

The web.config file is located in the physical path of the web application on IIS. By default, the path is

%systemroot%\inetpub\wwwroot\[VirtualDirectoryName]\WebClient.

For example, the folder for the default Microsoft Dynamics NAV Web client application is

%systemroot%\inetpub\wwwroot\DynamicsNAV90\WebClient.

  • In the <system.webServer> element, add the following elements.

<rewrite>

<rules>

<rule name=”Redirect to HTTPS”>

<match url=”(.*)” />

<conditions>

<add input=”{HTTPS}” pattern=”off” ignoreCase=”true” />

</conditions>

<action type=”Redirect” url=”https://{SERVER_NAME}/{R:1}” redirectType=”SeeOther” />

</rule>

</rules>

</rewrite>

 

  • Save the web.config file.

 

Development Tips

Configuring Web Services to Use SSL (SOAP and OData)

Ashwini Tripathi

Secure Sockets Layer (SSL) is a cryptographic protocol that helps provide security and data integrity for data communications over a network.

By encrypting your Microsoft Dynamics NAV web services using SSL, you make your data and the network more secure and more reliable.

Microsoft Dynamics NAV Web Services and SSL

Microsoft Dynamics NAV supports SSL authentication for SOAP and OData web services.

The server authenticates itself to the client, but the client does not authenticate itself to the server.

When the web service client connects to the Microsoft Dynamics NAV Server instance, the server replies by sending its digital certificate to the client. This certificate contains the server’s public encryption key and the name of the authority that granted the certificate. The client verifies the certificate using the authority’s public key.

We have covered above top related to Creating and Implementing Certificates for Microsoft Dynamics NAV Server. If not seen please follow below links for better understanding:

How to create a root CA and a private key file by using the makecert.exe utility

How to create certificate revocation list for the root certification authority

How to create and install a test certificate for the Microsoft Dynamics NAV Server computer

How to grant access to the certificate’s private key to the service account for the Microsoft Dynamics NAV Server

Implementing Security Certificates.

Configuring Microsoft Dynamics NAV Web Services to Use SSL

The first step is to prepare Microsoft Dynamics NAV to use SSL. This involves configuring the relevant Microsoft Dynamics NAV Server instance to specify SSL.

The following procedure uses Microsoft Dynamics NAV Server Administration tool to configure the Microsoft Dynamics NAV Server instance.

  • Choose the Start button, and in the Search programs and files box, type Microsoft Dynamics NAV Administration, and then choose the related link.
  • In Microsoft Dynamics NAV Server Administration tool, in the left pane, under Console Root, expand the node for the Microsoft Dynamics NAV Server computer. This is typically named Microsoft Dynamics NAV (Local), which is the local computer.

The Microsoft Dynamics NAV Server instances on the computer appear in the left pane and center panes.

In the left pane, choose the relevant instance to display settings for that instance in the center pane.

UseSSL-1

  • At the bottom of the center pane, choose Edit.
  • To configure SOAP web services to use SSL, expand the SOAP Web Services tab, and then select the Enable SSL

Make a note of the port that is used by SOAP web services. You will need the port number later on in this walkthrough.

UseSSL-2

  • To configure OData web services to use SSL, expand the OData Web Services tab, and then select the Enable SSL

Make a note of the port that is used by OData web services. You will need the port number later on in this walkthrough
UseSSL-3

  • Choose Save at the bottom of the center pane.
  • In the right pane, under Actions, choose Login Account.
  • Make a note of the service account information. You will need this information later on in this walkthrough.

UseSSL-4

Configuring the Access Control List and the Web Services Ports for SSL

An access control list (ACL) is part of the Windows security infrastructure and features. The ACL controls who can access resources on a computer.

Note

These procedures use the netsh tool (netsh.exe) for configuring the HTTP server. The netsh tool is supplied with Windows 7 and Windows Server 2008.

By default the netsh tool is located in the c:\Windows\System32 folder.

To configure the ACL

  1. On the computer running Microsoft Dynamics NAV Server, open a command prompt as an administrator as follows:
    1. From the Start menu, choose All Programs, and then choose Accessories.
    2. Right-click Command Prompt, and then choose Run as administrator.
  1. At the command prompt, type the following command to change to the Windows\System32 directory.

cd\Windows\System32

  1. To view the ACL for the web services ports to determine if any entries are already using the relevant host name and port, type the following command:

netsh http show urlacl

  1. Each entry is listed by the Reserved URL field, which has the format http://hostname:port. hostname is the name of the computer running the service and port is the port number the service runs on. A ‘+’ (plus sign) in the Reserved URL field represents localhost, which indicates the computer that you are working on.
  2. By default, SOAP and OData web services in Microsoft Dynamics NAV use ports 7047 and 7048, respectively, and connect to a Microsoft Dynamics NAV Server instance named DynamicsNAV80. The default reserved URL entries for these services are: http://+:7047/DynamicsNAV80/ and http://+:7048/DynamicsNAV80/.
  3. You must delete any entries that use the same port as the SOAP or OData web services.

To delete an entry, type the following command:

netsh http delete urlacl url=http://hostname:Port/NAVserver/

Substitute Port with the port number of the SOAP or OData web service and NAVserver with the name of the Microsoft Dynamics NAV Server instance.

For example, to delete the default entries for SOAP and OData, use the following two commands:

netsh http delete urlacl url=http://+:7047/DynamicsNAV80/

netsh http delete urlacl url=http://+:7048/DynamicsNAV80/

  1. To register the ports for the SOAP and OData web service with https, type the following command for each service:

netsh http add urlacl url=https://hostname:port/navserver user=DOMAIN\user

  1. Substitute the following options with the proper values:
Option Description
hostname The name of the computer running Microsoft Dynamics NAV Server. Use + for localhost.
port The port that is used by the web service.
navserver The name of the Microsoft Dynamics NAV Server instance to use with the web service. The default is DynamicsNAV80.
DOMAIN\username The domain and user name of the service account for Microsoft Dynamics NAV Server. If the service account for Microsoft Dynamics NAV Server is Network Service, then use “NT AUTHORITY\NETWORK SERVICE”.
  1. For example, if the service account for Microsoft Dynamics NAV Server has the domain ABC and the user name xyz, and then the command for the SOAP web service is as follows:

netsh http add urlacl url=https://+:7047/DynamicsNAV80 user=”NT AUTHORITY\NETWORK SERVICE”

  1. If the service account for Microsoft Dynamics NAV Server is Network Service, then the command is as follows:

netsh http add urlacl url=https://+:7047/DynamicsNAV80 user=”NT AUTHORITY\NETWORK SERVICE”

  1. To verify that your port has been registered, repeat step 3.

To configure the port to use the SSL certificate

  1. At the command prompt, type the following command to view the current port configurations:

netsh http show sslcert

  1. All port bindings to SSL certificates are listed. Each entry is indicated by the IP:port field, where IP is the IP address that uses the port (0.0.0.0 indicates all IP addresses) and port is the port number.
  2. If SSL is already configured on the address and port that you want to use for SOAP or OData web services, then use the following command to delete the entry:

netsh http delete ssl ipport=ipaddress:port

  1. Substitute ipaddress and port with the IP address and port number of the entry that you want to delete.
  2. For example, to delete the entry on the default SOAP port, use the following command:

netsh http delete ssl ipport=0.0.0.0:7047

  1. To bind an SSL certificate to the SOAP or OData web service port, use the following command:

netsh http add sslcert ipport=ipaddress:port certhash=thumbprint appid={id}

  1. Substitute the following options with the proper values:
Option Description
ipaddress The IP address that can use the web service. Use 0.0.0.0 to include all IP addresses.
port The port that is used by the web service.
thumbprint The certificate thumbprint that you obtained in previous post.
id A 32-digit hexadecimal number that identifies the Microsoft Dynamics NAV application. The id must be in the format {NNNNNNNN-NNNN-NNNN-NNNN-NNNNNNNNNNNN). If you do not know the appid, then use any value, such as {00112233-4455-6677-8899-AABBCCDDEEFF}.
  1. For example, the following command binds a certificate that has the thumbprint c0d0f27095b03d4317e219841024328cef248779 to port 7047 for all IP addresses:

netsh http add sslcert ipport=0.0.0.0:7047 certhash=c0d0f27095b03d4317e219841024328cef248779 appid={00112233-4455-6677-8899-AABBCCDDEEFF}

Imp Note: – Please replace the port and thumbprint values with your valid values.

Restart the Microsoft Dynamics NAV Server Instance

You can use the Microsoft Dynamics NAV Server Administration Tool to restart the Microsoft Dynamics NAV Server instance.

To restart Microsoft Dynamics NAV Server

  1. In Microsoft Dynamics NAV Server Administration tool, in the left pane, under Console Root, choose the Microsoft Dynamics NAV Server computer.
  2. In the center pane, choose the Microsoft Dynamics NAV Server instance that you have configured, and then in the right pane under Actions, choose Restart.
  3. After the instance restarts, close Microsoft Dynamics NAV Server Administration tool.

Verifying the Configuration

You should now be able to use web services that are encrypted with SSL. To verify this, type the following URL in the address bar for your browser.

https://localhost:7047/DynamicsNAV80/WS/services

The page lists any web services that have been published.