3

In our organisation we are trying to develop a mobile application/website as a front-end for a Dynamics AX 2012. We are following the architecture which is suggested by MICROSOFT (https://technet.microsoft.com/en-us/library/dn155874.aspx).

Even though ACS is now deprecated in AZURE the architecture suggested by the Microsoft forced us to use ACS which I have created after requesting the Azure team.

Dynamics AX Architecture suggsted by Microsoft

Steps followed as per the document:

We have setup the following items and we are currently stuck at one place:

  1. Setup three windows 2012 R2 servers running on a single domain - First One for AX & DC, Second one for ADFS Server, and third one for middle tier WCF service - Done & Tested individually

  2. Setup of Dynamics AX 2012 server with a AIF service which is exposed in Inboud ports - Done Setup a ADFS server and create few users - Done, Listening to Service bus according to the event logs & Tested authentication using powershell console.

  3. Create a sample console application to call the ADFS to get the token and pass it to Azure Service bus - ADFS is returning a token and ACS is returning a token

  4. Setup a middle tier service which will sit in between AX 2012 & mobile client - Setup done and service bus throwing 404 error

I have done all the steps and it is failing when am trying to contact the Service bus with two tokens. Have anyone done this before and I would like to know what is that am missing?

The post call to Service bus:

Post URL:

https://xxxxx.servicebus.windows.net/ExpenseRest/Expense?Action=Create

Headers:

Content-Type: application/json; charset=utf-8
Authorization: WRAP access_token="net.windows.servicebus.action=Send&http%3a%2f%2fschemas.microsoft.com%2faccesscontrolservice%2f2010%2f07%2fclaims%2fidentityprovider=http%3a%2f%2fFQDN.COM%2fadfs%2fservices%2ftrust&Audience=http%3a%2f%2finvmobile.servicebus.windows.net%2f&ExpiresOn=1503321191&Issuer=https%3a%2f%2fxxxxxxx-sb.accesscontrol.windows.net%2f&HMACSHA256=SS%SSS%SSSS%3d&wrap_access_token"
Host: xxxxxx.servicebus.windows.net
Content-Length: 4382
Expect: 100-continue

Body:

{"adfstoken":"adfs_encoded_token","expenseData":{"Amount":"100","Comments":"Expense of 100 INR","CurrenyCode":"EUR","Date":"08/18/2017"}

Error:

404, No service is hosted at the specified address

jln1989
  • 31
  • 2

1 Answers1

0

so if you want to use ACS you would essentially need to white list the feature via a support request. The new recommended way to connect is via SAS. Now the document you refer too above recommends building WCF service and or service bus listener which is essentially .Net code. There is a few diagrams but what I refer too is particularly on page 27 or so.

So if you work in .Net code you can essentially also just implement SAS right away which is more future looking than trying to make ACS work.

Some interesting additional data on SAS, how to implement it, what ports to open through a firewall, etc.

Ports you need to open depends on if you use any of the clients or the SB rest apis. From the documentation it seems those are the ports necessary: https://learn.microsoft.com/en-us/azure/service-bus-messaging/service-bus-amqp-protocol-guide

Azure Service Bus requires the use of TLS at all times. It supports connections over TCP port 5671, whereby the TCP connection is first overlaid with TLS before entering the AMQP protocol handshake, and also supports connections over TCP port 5672 whereby the server immediately offers a mandatory upgrade of connection to TLS using the AMQP-prescribed model. The AMQP WebSockets binding creates a tunnel over TCP port 443 that is then equivalent to AMQP 5671 connections.

Both modern clients should use AMQP. There is an older client version which is very unlikely be used by Accenture: The older .NET library used to at some point have a custom, WCF based protocol that used TCP over 9354 (called SBMP, SB Messaging Protocol) and at some time may have used an older technology called WebStreams

If you use solely would use our rest api they might be able to use only 443. A little more data on SAS https://learn.microsoft.com/en-us/azure/service-bus-messaging/service-bus-sas

Christian Wolf
  • 1
  • 1