Appendix D - QPR Web Services Foundation Configuration
Appendix D - QPR Web Services Foundation Configuration
QPR Web Services Foundation is accessed using the QPR Web Services Server, which requires the following configuration to run properly:
•Microsoft .NET Framework 4.0 present on the machine
•Access to QPR.WAS.Core.dll and relevant product plugins in ..\Web Application Server folder relative to the WebServices installation folder.
•Rights to modify files under <path to All Users profile>\Application Data\QPR Software\QPR 2012\QPR 2012.1 (C:\ProgramData\QPR Software\QPR 2012\QPR 2012.1 in Windows Vista and later versions.)
•If QPR Web Services Server is installed on a different computer than QPR Web Application Server, also the QPR Web Services Server computer needs to be configured to use the same script location as the QPR Web Application Server computer.
Testing the Configuration
The QPR Web Services Server installation installs also a test utility with which you can determine that your environment is properly configured for the service. The utility is called servicetester.aspx and its URL depends on the authentication/encryption settings. See the Accessing QPR Web Services Server section for the correct URL.
Using SSL with QPR Web Services Server
A secure connection to QPR Web Services Server requires that the site hosting qpr.isapi.dll is set to use https.
By default QPR Web Services Foundation uses regular authentication by authentication methods enabled in QPR Configuration Manager. However, if you wish to use Integrated Windows Authentication (IWA), the following additional steps are needed:
•Configure the Portal virtual directory under the QPR2012 application to use IWA and allow full access to MainService.svc file.
•Make sure that IWACGIBinaryIP setting in the [WAS Settings] section of QPR_Servers.ini is set to 127.0.0.1.
•Make the following modifications in the <QPR servers installation root>\WebServices folder:
oRename the Web.config file to some other name
oRename the Web.config.IWA file to Web.config
Accessing QPR Web Services Server
The URL for QPR Web Services Server depends on your authentication and encryption settings. See the listing below for more information. The URL listed in the table is the base URL, so append servicetester.aspx or MainService.svc to the URL depending on the intended use.
•Basic scenario, QPR authentication without SSL: http://<hostname>/QPR2012/Portal/qpr.isapi.dll/wsforward/
•Integrated Windows Authentication (IWA), no SSL: http://<hostname>:9002/QPR2012/Portal/qpr.isapi.dll/wsforward/ (note the changed port)
•IWA and SSL: This combination requires using two instances of qpr.isapi.dll, one for basic IWA scenario (see above) and other for IWA+SSL. For IWA+SSL, duplicate the contents of the qpr.isapi.dll installation folder create a new IIS virtual directory (e.g. wsHttps, pointing at the folder you just copied) under the QPR2012 application and configure the virtual directory NOT to use Windows Authentication. Preferably it should not be able to connect to QPR WAS (this can be achieved by providing an invalid HOST_ADDR value to qprsettings.dat in the new folder). With this configuration the URLs would be as follows:
ohttps://<hostname>/QPR2012/Portal/qpr.isapi.dll/wsforward/ for webHttp and basicHttp endpoints
ohttps://<hostname>/QPR2012/wsHttps/qpr.isapi.dll/wsforward for the wsHttp endpoint
Microsoft IIS 7 & 7.5 Configuration
In addition to basic configuration, the following should be noted with Microsoft Internet Information Services 7 and 7.5:
•Windows Authentication module needs to be installed for IIS. This can be done in Server Manager -> Roles -> Web Server (IIS) -> Add Role Services.
This section provides information on how to resolve common configuration issues related to running QPR Web Services Foundation.
Issue: Servicetester.aspx doesn't work properly and log displays lots of access denied errors
Solution #1: Give the ASPNET user rights to modify files under <path to All Users profile>\Application Data\QPR Software\QPR 2012\QPR 2012.1 (C:\ProgramData\QPR Software\QPR 2012\QPR 2012.1 in Windows Vista and later versions). In Windows Server 2008, give the rights to NetworkServices user instead of ASPNET.
Issue: Servicetester does not work but redirects to the main service page. Any functionality needing QPR Web Services Foundation does not work.
Solution: Remove the following handler mappings from the QPR2012 application in IIS:
Issue: I'm using Integrated Windows Authentication and servicetester.aspx spawns endless IIS authentication dialogs and giving valid credentials does not help.
Solution: Change the IWACgiBinaryIP setting in QPR_Servers.ini to 127.0.0.1. Also make sure that you have <authentication mode="Windows"/> in your Web.config's <system.web> section. Also verify that Integrated Windows Authentication is properly configured with the following checklist:
•In Web.config, the following must be set:
o <system.web> section:
o <bindings> section, <webHttpBinding>'s <binding name="Qpr_WebServices_MainService_webHttpBinding"> element:
o <bindings> section, <basicHttpBinding>'s <binding name="Qpr_WebServices_MainService_basicHttpBinding"> element:
<transport clientCredentialType="Ntlm" />
•In QPR_Servers.ini, make sure that the IWACGIBinaryIP key in [WAS Settings] section points to the same network interface that is used to access WSS through the IP in qprsettings.dat. For example, if your IIS is in machine 192.168.0.1 and your WSS is in machine 192.168.0.2, these are the correct settings:
o qprsettings.dat: WS_HOST_ADDR=192.168.0.2
o QPR_Servers.ini: IWACGIBinaryIP=192.168.0.1
•In IIS, QPR2012/Portal directory must have Windows authentication enabled and Anonymous authentication disabled.