References:
- https://help.sana-commerce.com/sana-commerce-81/advanced-installation-topics/ssl-certificate-for-ax-web-service/configure-aif-web-service
- https://help.sana-commerce.com/sana-commerce-81/installation/prepare-ax-server-environment/configure-the-web-service
- https://help.sana-commerce.com/sana-commerce-81/advanced-installation-topics/ssl-certificate-for-ax-web-service/configure-aif-web-service
Windows Authentication: Leverages NTLM/Kerberos to securely authenticate a user over an encrypted channel. This does work on Server 2016, but testing of the binding must be done from a different location. Loopback testing will fail while the binding itself is otherwise fully functional.
Basic: Will accept a windows username / password and will be passed in plain text. Ensuring https transmission is critical for this reason.
None: Should only be used by development for internal access and NEVER used publicly.Configuration for Microsoft Dynamics AX 2012:
If you need to configure the AIF Web service to work with SSL:
Step 1: In Microsoft Dynamics AX go to the following location: System administration -> Setup > Services and Application Integration Framework -> Inbound ports.
Step 2: Locate the created during the installation process service and click the 'Configure' button to the right of the 'Adapter' field to modify the WCF configuration:
AIF Web Service
Detailed information about how to create and activate AIF Web service can be found in the installation manual.
Step 3: Create a new service binding (binding type 'basicHttpBinding') and set the binding parameters as shown on the screenshot below:
Creating and Configuring a Service Binding
Step 4 : On the 'Security' tab set the 'Transport' mode to TransportCredentialOnly and 'TransportClientCredentialType' to Windows
Step 5: In IIS, ensure that Windows Authentication is both installed on the server (if it's missing, install the feature with Server Manager) and enabled at each layer of IIS. The same authentication name must be enabled at the Server, Default Site, and Sub-Site level for the specified authentication type to function correctly.
Alternate Option 1 (Basic): Set TransportClientCredentialType to Basic in conjunction with Basic Authentication Enabled for the Aif site in IIS.
Option 2 (None): Set TransportClientCredentialType to "None" in conjunction with Anonymous Authentication Enabled for the Aif site in IIS.
Configuring Security Settings
Step 5: Create new endpoint and link it to the newly created binding:
Creating the Endpoint
Step 6: In the 'Service Behaviors' configuration set 'HttpsGetEnabled' to 'True':
Configuring Service Behavior
Option 1 (Basic): Set TransportClientCredentialType to Basic in conjunction with Basic Authentication Enabled for the Aif site in IIS.
Option 2 (None): Set TransportClientCredentialType to "None" in conjunction with Anonymous Authentication Enabled for the Aif site in IIS.
Configuring Security Settings
Step 5: Create new endpoint and link it to the newly created binding:
Creating the Endpoint
Step 6: In the 'Service Behaviors' configuration set 'HttpsGetEnabled' to 'True':
Configuring Service Behavior