1.) Import the [SharedProject_LNPS_DynamicScriptService.xpo] within the XPO folder into the AOT. This XPO contains the class that runs dynamic X++ script.
2.) Compile the project and deploy the [LNPS_DynamicScriptServiceGroup] Service group. This creates a new AIF basic Inbound port.
3.) Examine the newly created Inbound port and make a note of the WSDL URI.
4.) Create a sample Console.Net application and consume this WCF Service endpoint using the WSDLURI.
5.) Open the [app.config] file and copy the Client configuration section as below (this contains the routing information to your AOS).
App.config |
<client> <endpointaddress="net.tcp://app001-01:8211/DynamicsAx/Services/LNPS_DynamicScriptServiceGroup" binding="netTcpBinding"bindingConfiguration="NetTcpBinding_LNPS_DynamicScriptClass" contract="LNPS_DynamicScriptService.LNPS_DynamicScriptClass" name="NetTcpBinding_LNPS_DynamicScriptClass"> <identity> <userPrincipalNamevalue="svc_app001_aos-t@PSLAB.LOCAL" /> </identity> </endpoint> </client> |
6.) On your Sharepoint server and setup a folder on your application drive called [GenericBroker]. Copy the solution that’s been published on Codeplex into this location (you may need to remove read-only attribute of the downloaded files).
7.) Locate the [web.config] file and replace the entire <client> section with the Xml above. Save the file.
8.) Copy the MDF and LDF files within the Database folder to the Data folder of your Dynamics SQL server.
· Alternatively, you can create the database from scratch using the DDL’s within the DDL solution folder.
9.) Attach the database to the default instance and setup a SQL login that has read/write access to this database. This database will be used to log incoming requests and their associated response packets.
· Alternatively, you can authorise the service account, under which the REST web-service will run, the necessary read/write access to the database.
10.) Return back to the [web.config] file and amend the database connection to point to the new SQL Server and adjust the security depending on whether you are using SQL login or integrated windows authentication.
Web.config |
<connectionStrings> <addname="GenericBrokerEntities" connectionString="Server=SQL001;Database=GenericBroker;User Id=GenericBroker;Password=password;" providerName="System.Data.SqlClient" /> </connectionStrings> |
11.) Open IIS and setup a new website under the Sites folder and assign it a free Http port that doesn’t clash with Sharepoint (typically 8100). Set the Application pool to the same one that Enterprise portal uses. The [GenericBroker] website is a basic ASP.NET website that is targeted at the .Net 2.0 framework to match this Application pool.
12.) Set the authentication level of the website to Anonymous:
13.) The Enterprise portal Application pool runs under the Business connector service account. This means the website will have access to all necessary AOT objects and the authority to run the dynamic X++ script service (despite the anonymous access setting). This fundamentally solves the problem of bypassing Active Directory authentication for non AD sources.
14.) At the moment everyone has full unrestricted access to this website. In order to secure the web-service and restrict it to just the designated sources, we will use IP address filtering. Edit the [Global.asax] file and locate the following routine:
Global.asax |
void Application_BeginRequest(object sender, EventArgs e) { // 127.0.0.1 LocalHost // 200.1.0.15 Server01 System.Collections.Generic.List<string> validIPList = new System.Collections.Generic.List<string>() { "127.0.0.1", "200.1.0.15" }; var currentIP = Infrastructure.GetIP4Address(); bool found = false; foreach (var s in validIPList) { if (s == currentIP) { found = true; } } if (!found) { // reject request Context.Response.StatusCode = (int)System.Net.HttpStatusCode.Forbidden; Context.Response.End(); } } |
15.) Modify the IP address collection to include all servers that require unathenticated access.
16.) Once this is done, then all machines that are not in this IP list will get the following message if they attempt to access the web-service:
17.) Validated machines will get a list of service operations:
