AIF Services, User is not authorized for this port.

(0) Share

Report

Posted on by Community Member

Hello,

I am trying to access AIF service using claims user from a remote location and its giving me following 2 execptions:
1)The submitting user '' is not a valid Microsoft Dynamics AX user.

2)User is not authorized for this port.

Please suggest something

*This post is locked for comments

I have the same question (0)

All responses (14)

Answers (1)

Suggested answer

Vilmos Kintera 46,149 on at

Like (1)

Report

For the AIF service you probably did not provide a security context (ie. domain name and user account). The user who calls AX through the AIF port needs to be an enabled, valid AX account. In the inbound AIF port, you could define a Trusted intermediary, if that is enabled and you do not have anyone provided there that is the reason why the connection is not authorized.

In my case we are running a web fronted, eCommerce portal. The fronted talks to a .Net API, which makes the call to AX via AIF, where we use a specific user account to make the connection. The user is made as Trusted intermediary. We then impersonate the claims-based account to create the sales order as that user.

Was this reply helpful? Yes No
Martin Dráb 237,990 Most Valuable Professional on at

Like (1)

Report

Look at Trusted Intermediary in AIF Services.

Was this reply helpful? Yes No
Community Member on at

Like (0)

Report

Martin, I am using the same approach of intermediary user and its giving me this error. Previously when I wasn't using intermediary user it was giving some other exception like server has rejected client credentials.

Was this reply helpful? Yes No
Community Member on at

Like (0)

Report

For the AIF service you probably did not provide a security context (ie. domain name and user account).

Vilmos, can you please tell where I am supposed to provide security context? Right now my AIF service consumption code looks like

InventTransferOrderServiceClient client = new InventTransferOrderServiceClient();

CallContext context = new CallContext();

client.ClientCredentials.UserName.UserName = "domain\\username";

client.ClientCredentials.UserName.Password = "password";

Did you mean this??

Was this reply helpful? Yes No
Martin Dráb 237,990 Most Valuable Professional on at

Like (0)

Report

Set the user name to context.LogonAsUser. Also review that it exactly matches configuration of the claims user. We can't know, because you showed us a placeholder only ("domain\\username"), nevertheless the fact that you're trying to use a password there looks suspicious.

Was this reply helpful? Yes No
Community Member on at

Like (0)

Report

Martin, this username and password was just for testing purpose but nothing worked. Now my context is like this

callcontext.LogonAsUser = "domain\\claimsuser";

but still the same exception in AX exceptions. User is not authorized for this port.

Was this reply helpful? Yes No
Martin Dráb 237,990 Most Valuable Professional on at

Like (0)

Report

You didn't confirm that the domain and username matches the configuration of the claim user in AX. Please review it and confirm.

Is the trusted intermediate correctly configured for the port and does it have permissions to call the service?

Was this reply helpful? Yes No
Verified answer

Vilmos Kintera 46,149 on at

Like (0)

Report
This is how it should work:

YourServiceClient client = new YourServiceClient(); client.ClientCredentials.Windows.ClientCredential.Domain = "intermediarydomain"; client.ClientCredentials.Windows.ClientCredential.UserName = "intermediaryuser"; client.ClientCredentials.Windows.ClientCredential.Password = "intermediarypassword"; CallContext context = new CallContext(); context.Company = "axcompany"; context.LogonAsUser = @"claimsuserdomain\claimsusername";

Pass in the context to the service method call within your client.

Your intermediary account must be an enabled user in AX, with at least System User role.
Your claims user must be an enabled user in AX, with System User and other security roles that the task requires.

This setup works fine. If it does not work for you, then either you have a problem with Windows Firewall where certain ports must be opened for communication and Active Directory authentication, your user accounts might be incorrectly set up, or your Visual Studio solution setup and/or referenced DLLs are not correct.

Was this reply helpful? Yes No
Community Member on at

Like (0)

Report

Yes domain and username matches. One thing that could have gone missing is, configuring port for intermediate user and giving permissions to call the service. Can you please ellaborate how to configure port for claims user? Is it done by checking the option Allow intermediate user to impersonate? and FYI, For testing purposes I already have assigned system administrator role to my claims user.

Was this reply helpful? Yes No
Community Member on at

Like (0)

Report

Thanks Vilmos it worked for me. But I am just wondering that giving username and password in code is not a good approach. Can we avoid it and access service without giving password?

Was this reply helpful? Yes No