After installing the demonstration or development configuration, you can access the NAV database without any additional setup - just run the Role-Tailored Client. Now let's see how to change default settings and connect to NAV Server with NAV user credentials instead of Windows domain authentication.
The NAV User Password authentication method requires an SSL certificate that must be installed on both server and client computers. For testing purposes, you can generate a self-signed certificate with the New-SelfSignedCertificateEx PowerShell cmdlet that can be downloaded from Microsoft TechNet.
Run Role-Tailored Client and connect to your NAV Server instance.
In the main application menu, navigate to Administration | IT Administration | General | Users to open the list of user accounts and click New.
Fill in the user card. The first field to enter is User Name. Enter here the login name the user will enter when connecting to the server.
Leave Windows User Name blank and move to the Microsoft Dynamics NAV Password Authentication tab, click on the assist edit button in the Password field, and enter a new user password.
Move to User Permission Sets tab and assign one or more permission sets to the user account.
From the Start menu, run the Windows PowerShell console with administrator credentials. To do this, open the start menu, type
PowerShell, right-click on the application name, and choose the command Run as administrator.Change the current directory to the folder where you saved the
New-SelfSignedCertificateEx.ps1cmdlet.Load the contents of the
New-SelfSignedCertificateEx.ps1file into the shell:. .\New-SelfSignedCertificateEx.ps1
Run the function
New-SelfSignedCertificateExwith the following parameters, replacing"<Server Name>"with the name of your computer hosting the web server:New-SelfSignedCertificateEx -Subject "CN=<Server Name>" -IsCA $true -Exportable -StoreLocation LocalMachineThe following screenshot shows the output generated:
Run Microsoft Management Console: open the Application menu and type
mmc.Click Add/Remove Snap-in in the File menu.
Select Certificates in the list of available snap-ins, click Add, then choose Computer Account, and then Local Computer.
Unfold the Personal | Certificates folder under the Console Root and locate the certificate you just created. You can easily identify it by the Issued To and Issued By fields. They both will have the name of your computer.
Right-click on the certificate, select All Tasks | Manage Private Keys. Add Read permission for NETWORK SERVICE account.
Copy the certificate from Personal | Certificates to Trusted Root Certification Authorities | Certificates.
Double-click on the certificate name or choose Open from the drop-down menu. Open the Details tab and scroll to the Thumbprint field:
Copy it to a text editor and remove all white spaces from it. The correct certificate thumbprint must be a 40-digit hexadecimal number. For example,
0d64836e14b528488bcc64853088553705078969.Keep the value, it will be required in the next step.
From the Start menu, run Dynamics NAV 2016 Administration.
Unfold the Microsoft Dynamics NAV (local) snap-in under the console root and choose your server instance name. If you accepted the default name when installing the server, it should be DynamicsNAV90.
Click Edit in the configuration pane. Change the value of the Credential Type field from Windows to NAVUserPassword.
Fill the Certificate Thumbprint field. Copy the value you received from the self-signed certificate. Make sure you delete all spaces between digit groups. The certificate thumbprint must be exactly 40 characters long.
Click Save - you will be warned that the service must restart before the new settings will be activated.
To restart the service, click on the snap-in name (Microsoft Dynamics NAV), then choose the service instance in the middle pane of the management console. After that, the Restart button will be available in the Actions pane on the right. Click Restart and wait for the action to complete:
Open the
ClientUserSettings.configfile located in theAppDatadirectory. Its default location isC:\Users\<UserName>\AppData\Roaming\Microsoft\Microsoft Dynamics NAV\90\ClientUserSettings.config.Change the value of the
ClientServicesCredentialTypekey fromWindowstoNavUserPassword:<add key="ClientServicesCredentialType" value="NavUserPassword" />Run the Role Tailored Client. You will be requested to enter a user name and password. Enter a user name and password of the user you created earlier. You will be connected to NAV with the NAV user credentials instead of your domain account.
Changing the authentication method requires a number of changes in configuration on both the server and client side.
Since we want to change the server authentication type, first of all we need to create a user account that will be able to connect to the server after the new configuration takes effect. Step 1 to Step 5 create a new user that will connect with new credentials.
When a NAV client connects to a server with Windows authentication, Windows hides all security details inside the Kerberos protocol. If we want to connect without Windows authentication, we must provide a digital certificate that will ensure security of communication between client and server. Real-life certificates are issued by a trusted certification authority, but for development and testing purposes you can create your own certificate.
Step 6 and Step 7 will create such a self-signed certificate. When generating a certificate, make sure that the server name passed to the cmdlet exactly matches the computer's full name, as shown in its properties. If you don't know the server's full name, open the Windows File Explorer, right-click on Computer, and select Properties. If your computer is connected to a domain, its full name should include the domain name. For example: mycomputer.domain.com.
After running the New-SelfSignedCertificateEx cmdlet, your new certificate is created in the LocalMachine certificate store. Each SSL certificate has a so-called thumbprint, a hexadecimal number generated by a hash algorithm from the certificate content. This number must be provided to both the NAV server and client to establish a secure connection.
Step 15 to Step 20 modify the server instance configuration. We simply change two keys in the server setup, but this would not work without long preparation work made in previous steps.
A final modification in the client configuration file is required to ensure that client and server will use the same authentication protocol.