Web Services Authentication
When users send a request for a web service, they are authenticated according to the credential type that is configured for Microsoft Dynamics NAV Server. To access a web service, users must provide valid credentials for the credential type being used. If Microsoft Dynamics NAV is configured for Windows credential type, then users are automatically authenticated against the Windows account that their computer is running under, and they are not prompted for their credentials. For other credential types, users are prompted to enter a user name and password.
If your solution uses NavUserPassword or AccessControlService as the credential type, users can access data through SOAP and OData web services if they specify a password or a web service access key. You set up the user accounts in the User Card window based on how they will access Microsoft Dynamics NAV data. For example, if you set up a user account that will allow an external application to read Microsoft Dynamics NAV data through a web service, you can generate a web service access key and specify that in the User Card window for the relevant user accounts. Then, you add the access key to the configuration of the application that consumes the web service. In contrast, when users access Microsoft Dynamics NAV data through a web service in Microsoft Excel, for example, they specify a password instead of a web service access key.
Microsoft Dynamics NAV also supports OAuth authentication on OData and SOAP endpoints. OAuth is an open standard for authentication that provides client applications with secure delegated access to server resources. OAuth enables you to extend single sign-on with Office 365 to Microsoft Dynamics NAV web services.
Learn about how to create users and configure the credential type for Microsoft Dynamics NAV Server.
Learn about how to use a web access key to authenticate SOAP and OData web services.
Learn about OAuth authentication on Microsoft Dynamics NAV web services.
If the Microsoft Dynamics NAV Server is configured to use NavUserPassword or AccessControlService authentication, then the username, password, and access key can be exposed if the SOAP or OData data traffic is intercepted and the connection string is decoded. To avoid this condition, configure SOAP and OData web services to use Secure Socket Layer (SSL). For more information, see Walkthrough: Configuring Web Services to Use SSL (SOAP and OData)
When Microsoft Dynamics NAV data is consumed by a web service, users cannot be authenticated if their user name or password contains Unicode characters. This is a limitation in the basic authentication mechanism that is defined in the HTTP/1.1 specification.
The same limitation applies to exposing Microsoft Dynamics NAV data in external products such as a browser or a Microsoft .NET Framework assembly.