eConnect configuration to integrate data to GP - dynamics-gp

We need to integrate data from our application to GP using eConnect. We have GP and eConnect installed in a server.Our application runs from another machine which has to send data to GP in our server using eConnect.
Is that necessary to install eConnect in developer's machine as well as in the server?
As eConnect uses windows authentication, we use integrated security in our application to connect with eConnect. So, we are now able to integrate data from one user's machine whose credentials was given while installing eConnect in server.
Can anyone help?

In short, yes. The eConnect SDK must be installed on every client machine that issues eConnect for requests. If you are building a web application, then you would need the eConnect SDK installed on the webserver from which the requests originate.
If you are developing windows forms application to be installed on each users' PC, then the eConnect SDK must also be installed on each users' PC. Because this is often not a desirable deployment scenario, many people are in the practice of creating a new service to encapsulate the specific eConnect requests that the application needs so that the SDK only needs to be installed on the server.
Another option worth considering is a separate installation for Dynamics GP called the Dynamics GP Web Services. That would allow you to issue web service requests without the need of installing the eConnect SDK. However, installing Web Services for Dynamics GP is not trivial.
Regarding security, the eConnect SDK creates a windows service where credentials are supplied. It is these credentials that are used to authenticate eConnect to Dynamics GP. Keep in mind that Dynamics GP does not support Active Directory authentication for user access. However, one can use a domain service account in the eConnect service and set that up for access directly in SQL Server with DYNGRP role. Normally, this account would be a service account created for this purpose and not the user account.

Related

What are the possible solutions to host an internal website for a company using google cloud platform?

I developed an internal portal that is relevant to the engineering team. I restricted access to the portal by implementing Sign in With Google and as expected it is only accessible to our organization email-ids only. Now, I want to host the portal and we use Google Cloud Platform. I want to further restrict access to the portal within the organization.
What are the possible solutions to host the portal internally using Google Cloud Platform? If I host the portal and gave access to public, what could be the possible security implications?
If I understand well your concept, you are running a Web portal to authenticate your organization users to access your Frontend application, which retrieves information on a GCS bucket to be displayed on this Web page.
In this situation, the Identity-Aware Proxy (docs) that could fit your needs.
The IAP lets you manage access to applications running in the App Engine standard environment, App Engine flexible environment, Compute Engine, and GKE. IAP establishes a central authorization layer for applications accessed by HTTPS, so you can adopt an application-level access control model instead of using network-level firewalls or VPNs. When you turn on IAP, you must also use signed headers or the App Engine standard environment Users API to secure your app.
In this link you can see a quick example of how you can control access to your web apps and VMs in GCP using the IAP feature.

AD FS and Microsoft Dynamics CRM 2016 IFD Setup

I am trying to setup a Dynamics CRM 2016 Internet Facing Deployment. The application/SQL server is a Windows Server 2012 machine and CRM is hosted as a separate website(not the default website). Where do I install AD FS? Is it supposed to be on the Active Directory server or on the application server? Are there any other factors to be considered?
yes you can deploy your ADFS on the application server. If you look at page 10 of this deployment guide - https://www.microsoft.com/en-us/download/details.aspx?id=41701 you can see that same server deployments are supported. Although, it's a bit messy and separate server deployment is recommended.
One thing to keep in mind is that whenever you need to restart your application server (installing rollups\updates) your ADFS will go down as well, and if there are other applications using it, your users will loose access to them.
It could be any server but I would suggest to use separated server for that purpose.

Development with offline Azure Active Directory

We are developing a HTML5/Angular web application with a server backend that willb be hosted in MS Azure which will also authenticate via the Azure Active Directory. However, during development, there is occasionally the need to work offline and disconnected from the internet. When this happens it is not possible to debug and test the application as it is not possible to reach Active Directory to authenticate.
It is possible to create a local Virtual Machine in VirtualBox with all the necessary AD functionality included and then switch the software to use that local VM in development mode but then Azure AD in release mode?
If it is, what steps/roles etc.. will need to be installed in my local Server VM.
Many thanks
Alan
No, it is impossible to use the feature provide by Azure AD without internet connect.
It is possible to create a local Virtual Machine in VirtualBox with all the necessary AD functionality included and then switch the software to use that local VM in development mode but then Azure AD in release mode?
If you want to use the authentication, you may need to setup your own Identity Provider server when you are working off-line. There are a lot of open source library can help to setup the Identity Provider server like IndentyServer,
AspNet.Security.OpenIdConnect.Server etc.

Enable Impersonation for SSRS reports on Azure

In our current Production Setup, we have setup SSRS and have been able to successfully use the SSRS reports in our .NET Web Application since years. We have used Impersonation in Web.Config (there might be other solutions available, we had to go with this) as shown below.
<identity impersonate="true" userName="domainname/username" password="password"></identity>
This solution worked well becuase our Active Di
rectory and SSRS server are located in the same Network / domain.
Now, as part of our Azure migration, we have migrated our SSRS server to an Azure VM. and we are able to view the reports using Report Server Manager within the VM. Now, when we access the Web Application (App Service - Web App), we are getting the following error. Below is the updated impersonation attribute that we have used.
<identity impersonate="true" userName="username#ouremailaddressdomainname.onmicrosoft.com" password="password"></identity>
"Could not create Windows user token from the credentials specified in the config file. Error from the operating system 'The user name or password is incorrect"
Obviously, this is because of the fact that we don't have a Active Directory domain setup in Azure. Below are my questions.
Can we utilize the users available in the default Directory that gets created on Azure?
If yes, how do I specify the impersonization?
Thanks,
Prawin
With your planned setup you cannot use identity impersonation. This is because the AppService Web Apps do run in an isolated sand-boxed environment which cannot be part of a Windows Domain.
You have couple of options:
Change the reporting server to use mixed mode Authentication and create local for the SQL Server login and user with appropriate permissions. Then configure your reporting application to provide these SQL Server credentials
Move your Web Application to same VM (will not require Domain environment) as your Reporting Server (or just the part which deals with the reports)
Move your application to a separate VM and utilize the Azure Active Directory Domain Services to make the VMs part of same domain (an overkill IMO)
I would vote for the first option, as it requires least changes and leverages PaaS services (App Service). Everything else is overkill or just an abuse of the cloud platform.

How do I setup SharePoint 2013 (On Premise) for third party apps?

I have created a provider-hosted app which was developed and tested against SharePoint Online. I now want to install this on SharePoint 2013 On Premise.
It is my intention that, despite being a provider hosted app, I wish to host the app web in IIS on the SharePoint server (single farm not a cluster). I then intend to use a local URL for my App Web URL.
I understand the process of setting up an App Catalog (On SharePoint Online) as a repository for my App which in turn will enable users to add it to a site.
I have only been able to find a guide to setup On Premise SharePoint to allow users to use the SharePoint store but I only want to set it up for third party apps.
My question is do I need to go through all the steps in this link https://technet.microsoft.com/en-gb/library/fp161236.aspx even if I don't want/require store access? I don't not want to do more than necessary and I would prefer a simple solution for my clients.
I followed this guide https://technet.microsoft.com/en-gb/library/fp161234.aspx in the hope that creating the app catalog would be sufficient but I get the error "Sorry, apps are turned off. If you know who runs the server, tell them to enable apps."

Resources