AXForum  
Вернуться   AXForum > Microsoft Dynamics AX > DAX Blogs
All
Забыли пароль?
Зарегистрироваться Правила Справка Пользователи Сообщения за день Поиск

 
 
Опции темы Поиск в этой теме Опции просмотра
Старый 23.01.2011, 10:12   #1  
Blog bot is offline
Blog bot
Участник
 
25,643 / 848 (80) +++++++
Регистрация: 28.10.2006
daxdilip: How to: Configure Dynamics AX AIF Services to listen for SSL Requests (https)
Источник: http://daxdilip.blogspot.com/2011/01...cs-ax-aif.html
==============

This post covers my experience on integrating Commerce Server Services with AIF Web Services across 2 domains. It was a bit challenging setup especially configuring the communication between AIF and Commerce Server over https, Troubleshooting WCF Bindings was the major component in this whole piece.

Note, in our infrastructure topology we have Dynamics AX 2009 SP 1 (Rollup 6), IIS 7.5 and Commerce Server 2009.

So, in brief these were the following steps carried out to make the integration work:

a. Import the Certificate and Configure IIS to listen for https requests
b. Troubleshooting TSL SSL Error
c. Troubleshooting AIF Authentication windows error
d. Troubleshooting binding web.config (bindings "Transport")


Now, Let's get into the details:

How to: Import Certificate and Configure IIS for SSL

http://blogs.iis.net/rlucero/archive...iguration.aspx

http://www.digicert.com/ssl-support/...port-iis-7.htm

In my case, I already had the certificates ready supplied by the internal support team, so had to follow the Import Certificate and Configure website steps in the above link.

Once the IIS, is configured to listen to HTTPS, then one should be able to browse the AIF Services successfully through browser, note it will prompt for Certificate, accept it and move ahead.

Troubleshooting TSL SSL Error

Trying to invoke the AIF Services through the Commerce Server Client interface gives this error " Could not establish trust relationship for the SSL/TLS secure channel with authority ". This was fixed by invoking an explicit remoteCallback validation for the certificate in the client code.

///
/// Remotes the certificate validate.
///
. private static bool RemoteCertificateValidate(

object sender, X509Certificate cert,
. X509Chain chain, SslPolicyErrors error)

{

return true;
}



Troubleshooting AIF Authentication windows error


Moving forward, encounterd this error "The Application Integration Framework Web service cannot determine the Windows login of the user calling the Web service"
This was logged in the Event viewer of AOS box, atleast had a sigh of relief to see that the communication reached till AOS box.


This is the core problem which we faced and the reason is AIF Web Services are built with a tighter windows user authentication as it doesn't understand Certificate mode of authentication and this error is thrown from the Microsoft AIF Intergration Framework dll.


I tried couple of workarounds by creating small demo applications and configurations and presented it to our Solution Team

i. Firstly, changed the binding to basicHttpBinding on the AIF Server and Created a small app on the Commerce Server client box and this works fine and it can communicate without any problems with AIF Web Services. The downside is it's not much secure. But basicHttpBinding is much faster than wsHttpBinding.


ii. Installed and Configured Microsoft Dynamics AX .Net Business Connector on the Commerce Server Client box and created a small app which can communicate to AX via the .Net Business Connector. This works fine but I won't be recommending it as we need to rewrite the AIF Logic which AIF Framework provides out of the box and the other downside to this approach is maintainability issues as we need to maintain .Net BC on Commerce Server box (i.e. the Commerce Server code will have a tight coupling with AX .Net BC Code, and also upgrades to .Net BC means we would need to take the Commerce Server Web Sites down)


iii.To host intermediary Non-AIF Services on the same box where AIF Services resides. This will act as wrapper services for AIF Services. So, the Commerce Server client will be invoking the Non-Aif Services and this will inturn invoke the AIF Web Services, there won't be a direct or live connection between Commerce Server and AIF. Any communication between these 2 apps will be handled by this broker or intermediary web service. The downside is performance may hamper a bit as there is an extra layer.



We chose to go with basicHttpBinding with Certificates installed on server and client and explicitly passing the Business Connectory Proxy Credentials in the code before invoking the service.

Troubleshooting binding web.config (bindings "Transport")

This is the final version of how the server-side and client-side bindings look. I tried various combinations on the security and transport mode before arriving at this one.






References:
Florian in his blog has an interesting article on securing AIF Services cross domain which works with IIS 6.0 and Windows Server 2003.
http://floditt.blogspot.com/2010/06/...bservices.html






Источник: http://daxdilip.blogspot.com/2011/01...cs-ax-aif.html
__________________
Расскажите о новых и интересных блогах по Microsoft Dynamics, напишите личное сообщение администратору.
 

Похожие темы
Тема Автор Раздел Ответов Посл. сообщение
emeadaxsupport: List of fixes that improve performance of certain features in Dynamics AX 2009 Blog bot DAX Blogs 0 13.10.2009 19:06
CRM DE LA CREME! Configuring Microsoft Dynamics CRM 4.0 for Internet-facing deployment Blog bot Dynamics CRM: Blogs 0 18.08.2009 11:05
gatesasbait: Dynamics AX 2009 SSRS and SSAS Integration Tips Blog bot DAX Blogs 3 09.07.2009 13:07
Developer for Microsoft Dynamics AX Certification Roadmap Blog bot DAX Blogs 1 13.05.2009 16:17
axStart: Microsoft Dynamics AX 2009 Hot Topics Web Seminar Series Blog bot DAX Blogs 0 06.08.2008 12:05

Ваши права в разделе
Вы не можете создавать новые темы
Вы не можете отвечать в темах
Вы не можете прикреплять вложения
Вы не можете редактировать свои сообщения

BB коды Вкл.
Смайлы Вкл.
[IMG] код Вкл.
HTML код Выкл.
Быстрый переход

Рейтинг@Mail.ru
Часовой пояс GMT +3, время: 20:07.