Web Services
Web Services
Overview
The Empower Web Services are based on a REST (Representational State Transfer) architecture. The Empower modules and other applications call these web services for various functions such as data retrieval, document vaulting, email alerts, and reporting. Arena Empower customizes some of these web services to meet specific customer requirements such as ERP/MRP integrations, custom reports, and interfaces to other business systems (such as CRM, MES, CAD, etc.) The Web Services communicate directly to the Empower databases.
The Empower Web Services and databases can reside on the same or different servers. The Empower Web Services and Web Applications are built on the .NET Framework 4.8. Your Web Server must be running Internet Information Services (IIS) 6.0 or greater and the .NET Framework 4.8 or greater.
Security
.NET application security configuration and IIS security configuration are completely independent and can be used independently or in conjunction with each other.
IIS maintains security related configuration settings in the IIS database. However, .NET maintains security (and other) configuration settings in XML configuration files (web.config).
The following figure illustrates the relationship between IIS and .NET.
.NET implements authentication using authentication providers, which are code modules that verify credentials and implement other security functionality such as cookie generation. .NET supports the following three authentication providers:
- Forms Authentication
- Using this provider causes unauthenticated requests to be redirected to a specified HTML form using client side redirection. The user can then supply logon credentials, and post the form back to the server. If the application authenticates the request (using application-specific logic), .NET issues a cookie that contains the credentials or a key for reacquiring the client identity.
- Passport Authentication
- This is a centralized authentication service provided by Microsoft that offers a single logon facility and membership services for participating sites.
- Windows Authentication
- This provider utilizes the authentication capabilities of IIS. After IIS completes its authentication, .NET uses the authenticated identity's token to authorize access.
<!-- web.config file -->
<authentication mode = "[Windows/Forms/Passport/None]">
</authentication>
Authentication Using Windows
For accounts Using Windows Authentication mode, you can use accounts maintained by a Windows domain controller or Active Directory. When authentication happens using this method, .NET constructs and attaches a Windows Principal object to the application context based on the authenticated user. As a result, the .NET thread can run as the authenticated user and can obtain the user's group membership.
Impersonation and Delegation
With impersonation, .NET applications can optionally execute with the identity of the client on whose behalf they're operating. Impersonation is usually performed for resource access control.
If impersonation is enabled, .NET will receive the token to impersonate from IIS. This is controlled by specifying a value in the application's Web.config file.
<identity impersonate="true"/>
To identify a specific account, use the name and password attributes:
<identity impersonate="true" userName="domain\user" password="passwd"/>
Web.config
Many Web Service and application settings are controlled in a XML (web.config) file contained in the main Empower Web Services directory
(~\prod\web.config).
Example Web.config file:
<?xml version="1.0"?>
<configuration>
<appSettings/>
<connectionStrings>
<add name="EmpowerDatabase" connectionString="data source=(local);Initial Catalog=Empower;User ID=User;Password=Pwd;" providerName="System.Data.SqlClient"/>
<add name="EmpowerDocumentsDatabase" connectionString="data source=(local);Initial Catalog=OmniDocs;User ID=User;Password=Pwd;" providerName="System.Data.SqlClient"/>
<add name="EmpowerToolkitDatabase" connectionString="data source=(local);Initial Catalog=Empower;User ID=User;Password=Pwd;" providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<authentication mode="Windows"/>
<identity impersonate="true" userName="domain\user" password="passwd"/>
<httpRuntime executionTimeout="5000"/>
</system.web>
</configuration>
The key settings in this file are the "EmpowerDatabase", "EmpowerDocumentsDatabase", and "EmpowerToolkitDatabase" connection strings, and authentication and identity settings.
The web.config file can be edited directly with a text file editor or from the Properties dialog box in IIS.