In order to enable Anonymous service for .Net Core edition of Creatio all you need to do is to add information about this service to "AnonymousRoutes" block of ..\Terrasoft.WebHost\appsettings.json file.
The documentation clearly says that there is way to create a configuration service with Anonymous authentication. Hope you went through the Academy link I pasted in the question.
My question was -
The documentation only lists out the steps for the WCF based configuration services (Used by .Net Framework on Windows). How does one go about creating an anonymous service on a Linux installation of Creatio using .Net Core?
In order to enable Anonymous service for .Net Core edition of Creatio all you need to do is to add information about this service to "AnonymousRoutes" block of ..\Terrasoft.WebHost\appsettings.json file.
We have a Creatio installation on Creatio SaaS cloud with a few custom configuration services we have built. The security requirements are very stringent and we need to be able to permit access to these custom configuration services only to a few users & only to a few IPs. Pls find below questions in this regard -
From what we understand, access to the GUI application and to the back end services are shared across the same Creatio credentials (via user setup). Can we disable GUI access to a few users and only enable access to these specific custom configuration services? Also, can we disable access to these configuration services for all other GUI users? In short - A few users only for these configuration services. A few users only for the GUI.
We would like to permit only certain IPs access these configuration services. This can be handled in 4 layers - Network infrastructure layer (Load balancer etc), IIS Configuration on the WebServer, Explicitly verify and restrict access to certain IPs inside the configuration service logic. Which of these 3 is recommended from a feasibility & security perspective on Creatio SaaS cloud?
In the example above the system user with "1" login won't be able to login to the application.
As for disabling access to custom configuration service you need to find a location record for this service in the /Terrasoft.WebApp/Web.config file (just an example below):
As a result the Supervisor won't be able to get access to the GeneratedWebFormService service.
2) As for restricting access from IP-addresses - such a possibility is present to restrict login to the UI, but there is no in-built possibility to restrict access to the endpoint via IP. We don't have any recommendations on this matter and you can test all the possible approaches and choose the most suitable one.
In the example above the system user with "1" login won't be able to login to the application.
As for disabling access to custom configuration service you need to find a location record for this service in the /Terrasoft.WebApp/Web.config file (just an example below):
As a result the Supervisor won't be able to get access to the GeneratedWebFormService service.
2) As for restricting access from IP-addresses - such a possibility is present to restrict login to the UI, but there is no in-built possibility to restrict access to the endpoint via IP. We don't have any recommendations on this matter and you can test all the possible approaches and choose the most suitable one.
We have this situation where we need to create a bi-directional connection with our customer platform, using SOAP protocol. We would like to know if its possible to create a SOAP based services in Creatio to be accessed by our customer? If yes, any information on how to implement this?
You need to develop a configuration service (either regular or anonymous) using SOAP. Here is the article that describes how to configure web-services and integrate them into the Creatio app.
For example:
1) Create a source code for the service contract SPMSUBPServiceContract:
using System;using System.Collections.Generic;using System.Linq;using System.Runtime.Serialization;using System.ServiceModel;using System.ServiceModel.Web;using System.Text;namespace SPMSUBPService
{[ServiceContract]public interface IService
{[OperationContract]
SPMClientInfoResponse SPMClientInfo(string Login);}[DataContract]publicclass SPMClientInfoResponse
{bool success =true;
string errorText ="";[DataMember]publicbool Success
{
get {return success;}
set { success = value;}}[DataMember]public string ErrorText
{
get {return errorText;}
set { errorText = value;}}}}
and the source code of the SPMSUBPService service directly:
And everything is ready, the service is accessible via /0/ServiceModel/SPMSUBPService.svc and the WSDL as well /0/ServiceModel/SPMSUBPService.svc?singleWsdl
We manage to make this service working, but since it was a long time ago we don't have the specific steps to fix the error.
However, we have the updated steps that we use in order to make the service available. Maybe if you go through these following steps you could fix your problem.
Note: These steps only work for .Net Framework instances.
1. Create a new file called “DemoServiceName.svc" in ..\Terrasoft.WebApp\ServiceModel folder, and add this line:
1. How does one achieve a custom URI path like '/customer/update/{id}' while building a custom configuration service? Can we use the UriTemplate attribute to define a custom path like below -
The Creatio documentation suggests that basic authentication is only available for the OData API and not for a custom configuration web service. Anonymous/Forms authentication are the only 2 ways to authenticate for configuration web services. Would like to reconfirm this.
A typical system integration use case is the following -
1. Creatio pings an external product/system asking it to do some asynchronous processing.
2. External product/system pings a Creatio custom configuration call back to inform it regarding the status.
Typically, external products only permit registering a callback URL and do not provide for customization to do forms authentication with Creatio. How does one over come this? One way is to make the call back permit anonymous authentication but this is a bad security practice. Is there a way to enable basic authentication for custom configuration services on Creatio?
Custom configuration service becomes available after user authentication via the AuthService.svc. If you don't have a possibility to call it directly from your integration you can create another layer of service from your side to send a response from external product and call auth service and after that configuration web service.
The only way to bypass the Auth service for configuration web services is to create an anonymous web service. As a workaround, you can path login and password to the method in this service and check the validity of credentials in this service using auth service.
