QPR Web Services Foundation is accessed using the QPR Web Services Server, which requires the following configuration to run properly:
•Microsoft .NET Framework 4.0 present on the machine
•Access to QPR.WAS.Core.dll and relevant product plugins in ..\Web Application Server folder relative to the WebServices installation folder.
•Rights to modify files under C:\ProgramData\QPR Software\QPR 2017\QPR 2017.1.
•If QPR Web Services Server is installed on a different computer than QPR Web Application Server, also the QPR Web Services Server computer needs to be configured to use the same script location as the QPR Web Application Server computer.
Testing the Configuration
The QPR Web Services Server installation installs also a test utility with which you can determine that your environment is properly configured for the service. The utility is called servicetester.aspx and its URL is http://<hostname>/QPR2017-1/Portal/qpr.isapi.dll/wsforward/servicetester.aspx (substitute http with https when using SSL).
Using SSL with QPR Web Services Server
A secure connection to QPR Web Services Server requires that the site hosting qpr.isapi.dll is set to use https.
By default QPR Web Services Foundation uses regular authentication by authentication methods enabled in QPR Configuration Manager. However, if you wish to use Integrated Windows Authentication (IWA), the following additional steps are needed:
•Configure the Portal virtual directory under the QPR2017-1 application to use IWA and allow full access to MainService.svc file.
•Make sure that IWACGIBinaryIP setting in the [WAS Settings] section of QPR_Servers.ini is set to 127.0.0.1.
•Make the following modifications in the <QPR servers installation root>\WebServices folder:
oRename the Web.config file to some other name
oRename the Web.config.IWA file to Web.config
Accessing QPR Web Services Server
QPR Web Services Server base URL (append MainService.svc or servicetester.aspx to the end depending on the intended use) http://<hostname>/QPR2017-1/Portal/qpr.isapi.dll/wsforward/ without SSL and https://<hostname>/QPR2017-1/Portal/qpr.isapi.dll/wsforward/ with SSL. Both URLs work with QPR authentication as well as Integrated Windows Authentication (IWA). Note that for optimal SSL functionality only official certificates should be used.
Microsoft IIS 7 & 7.5 Configuration
In addition to basic configuration, the following should be noted with Microsoft Internet Information Services 7 and 7.5:
•Windows Authentication module needs to be installed for IIS. This can be done in Server Manager -> Roles -> Web Server (IIS) -> Add Role Services.
This section provides information on how to resolve common configuration issues related to running QPR Web Services Foundation.
Issue: Servicetester.aspx doesn't work properly and log displays lots of access denied errors
Solution #1: Give the ASPNET user rights to modify files under C:\ProgramData\QPR Software\QPR 2017\QPR 2017.1. In Windows Server 2008, give the rights to NetworkServices user instead of ASPNET.
Issue: Servicetester does not work but redirects to the main service page. Any functionality needing QPR Web Services Foundation does not work.
Solution: Remove the following handler mappings from the QPR2017-1 application in IIS:
Issue: I'm using Integrated Windows Authentication and servicetester.aspx spawns endless IIS authentication dialogs and giving valid credentials does not help.
Solution: Change the IWACgiBinaryIP setting in QPR_Servers.ini to 127.0.0.1. Also make sure that the default web.config file has been replaced with web.config.IWA file available in the WebServices folder.
•In QPR_Servers.ini, make sure that the IWACGIBinaryIP key in [WAS Settings] section points to the same network interface that is used to access WSS through the IP in qprsettings.dat. For example, if your IIS is in machine 192.168.0.1 and your WSS is in machine 192.168.0.2, these are the correct settings:
o qprsettings.dat: WS_HOST_ADDR=192.168.0.2
o QPR_Servers.ini: IWACGIBinaryIP=192.168.0.1
•In IIS, QPR2017-1/Portal directory must have Windows authentication enabled and Anonymous authentication disabled.