AIF WebServices needs to be authenticated with a Windows user that is configured in Ax. This can be done with Ntlm authentication. If the Ntlm-authentication is not an option, the X.509 authentication can be an alternative. X.509 certificates can be mapped easily to a windows account and so makes it possible for the client to authenticate as an Windows-user.
The following snapshots can serve as a simple “how-to”-setup the X.509 certificates for the AIF-WebServices.
The IIS-configuration
The anonymous access need to be activated:
The client certificate mapping needs to be activated:
After selecting the certificate, the certificate needs to be mapped to the Windows-account:
The service configuration:
The service configuration is configured to authenticate on the transport level:
and the MapClientCertificateToWindowsAccount attribute is activated:
The client configuration:
The client authentication is configured for transport:
And the configuration points to the X.509 certificate. The clientCertificate-element is documented on msdn.
If your are using a dummy-certificate, you need to implement the RemoteCertificateValidationCallback in the client application as described in this article.
I got the AIF Web Services (hosted under IIS 7) Error “The Application Integration Framework Web service cannot determine the Windows login of the user calling the Web service”
ReplyDeleteCan you please send me the config of your WebApplication for IIS? See: http://technet.microsoft.com/en-us/library/cc754617(WS.10).aspx
ReplyDelete