Microsoft Dynamics NAV 2013 supports four credential authorization mechanisms for Microsoft Dynamics NAV users. When you create a user, you provide different information depending on the credential type that you are using in the current Microsoft Dynamics NAV Server instance. You specify which credential type is used for a particular Microsoft Dynamics NAV Server instance by configuring the relevant RoleTailored client configuration file and Microsoft Dynamics NAV Server instance configuration.
|All users of a Microsoft Dynamics NAV Server instance must be using the same credential type.|
For more information about how to create users in RoleTailored clients, see How to: Create Microsoft Dynamics NAV Users.
Microsoft Dynamics NAV supports the following credential types:
- Windows - With this credential type,
users are authenticated using their Windows credentials (Active
Directory, local workgroup, or the local computer’s users). Before
you create a Windows user in the RoleTailored client, there must
already be a corresponding user in Windows. In Microsoft Dynamics
NAV 2009, all RoleTailored client users were Windows users. Because
they are authenticated through Windows, Windows users are not
prompted for credentials when they start the RoleTailored
- Username - With this setting, the user
is prompted for username/password credentials when starting the
RoleTailored client. These credentials are then validated against
Windows authentication by Microsoft Dynamics NAV Server. There must
already be a corresponding user in Windows. Security certificates
are required to protect the passing of credentials across a
wide-area network. This setting should typically be used when the
Microsoft Dynamics NAV Server computer is part of an authenticating
Active Directory domain, but the computer where the Microsoft
Dynamics NAV Windows client is installed is not part of the
- NavUserPassword - With this setting,
authentication is managed by Microsoft Dynamics NAV Server but is
not based on Windows users or Active Directory. The user is
prompted for username/password credentials when they start the
client. The credentials are then validated by an external
mechanism. Security certificates are required to protect the
passing of credentials. This mode is intended for hosted
environments, for example, where Microsoft Dynamics NAV is
implemented in Azure.
- AccessControlService - With this
setting, Microsoft Dynamics NAV relies on Windows Azure Access
Control Service (ACS) for user authentication services. ACS is a
cloud-based service that provides user authentication and
authorization for web applications and services. ACS integrates
with standards-based identity providers, including enterprise
directories such as Active Directory, and web identities such as
Windows Live ID, Google, Yahoo!, and Facebook.
|If Microsoft Dynamics NAV Server is configured to use NavUserPassword or AccessControlService authentication, then the username, password, and access key can be exposed if the SOAP or OData data traffic is intercepted and the connection string is decoded. To avoid this condition, configure SOAP and OData web services to use Secure Socket Layer (SSL). For more information, see Walkthrough: Configuring Web Services to Use SSL (SOAP and OData)|
Configuring the Credential Type
RoleTailored clients and Microsoft Dynamics NAV Server must be configured to use the same credential type.
To configure the credential type
Edit the client configuration file for each relevant user.
A separate instance of the ClientUserSettings.config file is maintained for each Microsoft Dynamics NAV Windows client user. You must modify the configuration for each instance of the file. The default location for this file is C:\Users\<username>\AppData\Roaming\Microsoft\Microsoft Dynamics NAV\70, where <username> is the name of the user.
Note For information about how to configure Microsoft Dynamics NAV Web client, see Configuring Microsoft Dynamics NAV Web Client by Modifying the Web.Config File.
- Find the ClientServicesCredentialType parameter and
change the value to one of the options listed earlier.
- Save ClientUserSettings.config and restart the Microsoft
Dynamics NAV Windows client.
- Find the ClientServicesCredentialType parameter and change the value to one of the options listed earlier.
Edit the configuration for the Microsoft Dynamics NAV Server instance.
Use either the Microsoft Dynamics NAV Server Administration tool or the Microsoft Dynamics NAV PowerShell API. For more information, see Configuring Microsoft Dynamics NAV Server.
Find the ClientServicesCredentialType parameter in the configuration for the instance and change the value to one of the options listed.
Note In the Microsoft Dynamics NAV Server Administration tool, the parameter is named Credential Type and is on the Client Services tab. Important When Microsoft Dynamics NAV Server services are deployed on Azure, you must configure them on Azure.
Restart the Microsoft Dynamics NAV Server instance. Use either the Microsoft Dynamics NAV Server Administration tool, the Microsoft Dynamics NAV PowerShell API, or the Services tool in Windows Control Panel.