When users send a request for a web service, they are authenticated according to the credential type that is configured for Microsoft Dynamics NAV Server. To access a web service, users must provide valid credentials for the credential type being used. If Microsoft Dynamics NAV is configured for Windows credential type, then users are automatically authenticated against the Windows account that their computer is running under, and they are not prompted for their credentials. For other credential types, users are prompted to enter a user name and password.

If your solution is configured for NavUserPassword or AccessControlService, then you can configure Microsoft Dynamics NAV user accounts to include an access key that can be used instead of a password to for authenticate SOAP and OData web service requests.

To See

Learn about how to create users and configure the credential type for Microsoft Dynamics NAV Server.

Users and Credential Types

Learn about how to use a web access key to authenticate SOAP and OData web services.

How to: Use an Access Key for SOAP and OData Web Service Authentication

If the Microsoft Dynamics NAV Server is configured to use NavUserPassword or AccessControlService authentication, then the username, password, and access key can be exposed if the SOAP or OData data traffic is intercepted and the connection string is decoded. To avoid this condition, configure SOAP and OData web services to use Secure Socket Layer (SSL). For more information, see Walkthrough: Configuring Web Services to Use SSL (SOAP and OData)

When Microsoft Dynamics NAV data is consumed by a web service, users cannot be authenticated if their user name or password contains Unicode characters. This is a limitation in the basic authentication mechanism that is defined in the HTTP/1.1 specification.

The same limitation applies to exposing Microsoft Dynamics NAV data in external products such as a browser or a Microsoft .NET Framework assembly.

See Also