How to: Configure User Authentication for the Microsoft Dynamics NAV Web Client

You can configure the Microsoft Dynamics NAV Web client to authenticate users on one of the following credential types.

Credential type	Description	Prompted to sign in
Windows	Users are authenticated using a Windows account (Active Directory). Users are automatically authenticated using the Windows account that is currently logged on to the device that they are using to access the Microsoft Dynamics NAV Web client.	No
UserName	Users are authenticated using their Windows account.	Yes
NavUserPassword	Users are authenticated using their Microsoft Dynamics NAV user name and password, not their Windows credentials.	Yes
AccessControlService	Users are authenticated using Access Control Service (ACS) for user authentication services.	Yes

For more information about the credential types and their use, see Users and Credential Types.

To set up user authentication, complete the following tasks:

Implementing Security Certificates
Implement security certificates on the computer that is running Microsoft Dynamics NAV Server and the computer that is running Microsoft Dynamics NAV Web Server components.

Note

This step is not required when you use the Windows credential type.
Configuring the Credential Type for Microsoft Dynamics NAV Server
Configuring the Credential Type on the Microsoft Dynamics NAV Web Client Website

Note
This step is not required when you use the Windows credential type.

Implementing Security Certificates

When using UserName, NavUserPassword, or AccessControlService credential type, you must implement security certificates on the computer that is running Microsoft Dynamics NAV Server and the web server computer that is running Microsoft Dynamics NAV Web Server components. Security certificates protect the passing of credentials between the Microsoft Dynamics NAV Web client and Microsoft Dynamics NAV Server. A certificate is a file that the web server uses to prove its identity and establish a trusted connection with Microsoft Dynamics NAV Server.

Note
You do not have to perform this task for Windows authentication.

To implement security certificates

To create your own certificates and implement them in a test environment for the Microsoft Dynamics NAV Web client, see Walkthrough: Implementing Security Certificates in a Test Environment.

In this scenario, you create your own self-signed certificates, and then install them on the computers that are running Microsoft Dynamics NAV Server and the Microsoft Dynamics NAV Web Server components.
To implement certificates in a production environment for Microsoft Dynamics NAV Web client, see How to: Implement Security Certificates in a Production Environment.

In this scenario, you obtain certificates from a certification authority. Some large organizations may have their own certification authorities, and other organizations can request a certificate from a third-party organization. After you obtain the certificates, you install them on the computers that are running Microsoft Dynamics NAV Server and the Microsoft Dynamics NAV Web Server components.

Configuring the Credential Type for Microsoft Dynamics NAV Server

The credential type of the Microsoft Dynamics NAV Web client must match the credential type in the Microsoft Dynamics NAV Server instance that is used by the Microsoft Dynamics NAV Web client.

To configure the credential type for the Microsoft Dynamics NAV Server instance

Start either the Microsoft Dynamics NAV Server Administration tool or the Microsoft Dynamics NAV PowerShell API.

For more information, see Microsoft Dynamics NAV Server Administration Tool or Microsoft Dynamics NAV Windows PowerShell Cmdlets.
Find the ClientServicesCredentialType parameter in the configuration for the Microsoft Dynamics NAV Server instance.

In the Microsoft Dynamics NAV Server Administration tool, the parameter is named Credential Type and is on the General tab.

For more information, see Configuring Microsoft Dynamics NAV Server.

Change the value to either Windows, UserName, NavUserPassword, or AccessControlService.

Important
If not already done, under the Client Services tab, you must set the Certificate Thumbprint parameter to the thumbprint of the security certificate that is used by Microsoft Dynamics NAV Server.

Restart the Microsoft Dynamics NAV Server instance.

Configuring the Credential Type on the Microsoft Dynamics NAV Web Client Website

To configure the credential type for the Microsoft Dynamics NAV Web client, you modify the web.config file of the website that is running the Microsoft Dynamics NAV Web Server components.

You must also enable the authentication methods on the IIS website for Microsoft Dynamics NAV Web client.

To configure the credential type in the web.config file of the Microsoft Dynamics NAV Web client

On the computer that is installed the Microsoft Dynamics NAV Web Server components, open the installation folder for the Microsoft Dynamics NAV Web client. By default, the folder is c:\Program Files\Microsoft Dynamics NAV\70\Web Client.
Open the web.config file in a text editor, such as Notepad.

Note

You must open the web.config file as an administrator or have permission to modify the file.
In the <system.web> element, find the <authentication> element, and change it to one of the following.
- For the Windows credential type, include the following element.
  Copy Code
  
  <authentication mode="Windows"/>
- For UserName, NavUserPassword, or AccessControlService credential types, include the following elements:
  Copy Code
  
  <authentication mode="Forms"> <forms loginUrl="~/SignIn.aspx" timeout="2880"/> </authentication>

Note
You must open the web.config file as an administrator or have permission to modify the file.

	Copy Code
<authentication mode="Windows"/>

	Copy Code
<authentication mode="Forms"> <forms loginUrl="~/SignIn.aspx" timeout="2880"/> </authentication>

In the <DynamicsNavSettings> element, which is toward the end of the file, find the <add key="ClientServicesCredentialType" value=""/> element, and then change it to one of the following.

	Copy Code
<add key="ClientServicesCredentialType" value="Windows"/>

	Copy Code
<add key="ClientServicesCredentialType" value="UserName"/>

	Copy Code
<add key="ClientServicesCredentialType" value="NavUserPassword"/>

	Copy Code
<add key="ClientServicesCredentialType" value="AccessControlService/>

If you are configuring the Windows credential type, then you are finished. Save the web.config file. For other credential types, continue to the next step.

Find the <add key="DnsIdentity" value=""/> element, and change it as follows.

	Copy Code
<add key="DnsIdentity" value="SubjectName"/>

Replace subjectName with the subject name or common name (CN) of the certificate that is used on the computer that is running Microsoft Dynamics NAV Server.

Note
You can find the subject name by opening the certificate in the Certificates snap-in for Microsoft Management Console (MMC) on the computer that is running Microsoft Dynamics NAV Web client and Microsoft Dynamics NAV Server. For more information, see Walkthrough: Implementing Security Certificates in a Test Environment or How to: Implement Security Certificates in a Production Environment.

If you are configuring AccessControlService authentication, then find the <add key="ACSUri" value=""/> element, and set the value to the URI of the Access Control Service.
Copy Code
<add key="ACSUri" value=""/>
Save the web.config file.

	Copy Code
<add key="ACSUri" value=""/>

To enable an authentication method on the website for Microsoft Dynamics NAV Web client

On the computer that is running Microsoft Dynamics NAV Web Server components, open Internet Information Services (IIS) Manager.

On the Start menu, in the Search Programs and Files box, type inetmgr, and then press Enter.
In the Connections pane, under Sites, choose Microsoft Dynamics NAV 2013 Web Client.
Under IIS, double-click Authentication.
In the Authentication pane, enable the appropriate authentication based on the credential type.
- For the Windows credential type, enable Windows authentication.
- For UserName and NavUserPassword credential types, enable both Forms authentication and Anonymous authentication.
To enable an authentication method, choose the authentication method from the list, and then choose Enable in the Actions pane.
For Windows authentication, you must set up an authentication provider. By default, Windows authentication is configured with the Negotiate and NTML providers, which is sufficient for most installations and no action is required. If the computer that is running Microsoft Dynamics NAV Web Server components and Microsoft Dynamics NAV Server are on different computers, and delegation with Kerberos is configured between the two computers, then the Negotiate provider must be first in the list of providers.

To set up the providers, do the following:
1. Choose Window Authentication, and then under Actions choose Providers.
2. To add a provider, select the provider from the Available Providers list, and then choose Add.
3. To move a provider in the Enables Providers list, select the provider, and then choose the Move Up or Move Up button.
4. Choose the OK button.
Restart the web server.

In the Connections pane of IIS Manager, choose the root node for your computer, and then in the Actions pane, choose Restart.