Skip to content

Installing the web service

Jump to bottom
Ryan Newington edited this page May 28, 2018 · 8 revisions

Installing the web service

The Lithnet FIM Service REST API runs as an IIS application. The following guide will show you how to setup the REST API in the following configuration

  • A new IIS SSL-protected web site which exposes the API at https://<hostname>:<port>/v1/resources
  • The web service will be protected by SSL and use basic authentication
  • The web service will be configured to pass through authentication to the FIM service. Requests to the FIM service will be submitted with the user’s security context, and any MPRs governing permissions within the FIM service itself will apply to those requests.
  • A security group will restrict access to the API to only authorized API users As this is a WCF web service, alternate configurations are possible, but outside the scope of this guide.

Prerequisites

  • IIS 7.5 or higher with the following features installed
  • ASP.NET
  • .NET Extensibility
  • ISAPI Extensions
  • ISAPI Filters
  • Basic Authentication
  • .NET Framework 4.6.1
  • A valid SSL certificate for your API
  • If you are installing the module on a server other than a FIM Service server, then you will need to copy Microsoft.ResourceManagement.dll from the FIM Service server, and register it in the GAC

Procedure

  1. Obtain the current installation package from the releases page
  2. Unzip the package to C:\inetpub\rmws, or another directory where you want to host the web service
  3. Create a new IIS web site pointing to the folder created in the step above. Configure the appropriate hostname, port, and certificate, and ensure the application pool account is set to ASP .NET v4.0 classic

  1. From the SSL settings option, configure the web site to require SSL

  1. Using the authentication feature, enable basic authentication and ASP.NET impersonation, and disable other authentication types

  1. Create a new security group in active directory. This group will be used to allow users to access the web service
  2. Create a new Authorization Rule to allow only those users to access the API, and remove the default “All Users” rules

  1. Navigate back to the top-level web server node, and configure the ISAPI and CGI Restrictions feature to allow ASP.NET v4.0

  1. Update the assembly redirection information in the web.config file for the version of Microsoft.ResourceManagement dll you have installed on the server.

      <runtime>
     <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
       <dependentAssembly>
         <assemblyIdentity name="Microsoft.ResourceManagement" publicKeyToken="31bf3856ad364e35" culture="neutral" />
         <bindingRedirect oldVersion="0.0.0.0-4.1.3653.0" newVersion="4.1.3653.0" />
       </dependentAssembly>
     </assemblyBinding>
  </runtime>

  2. Update the lithnetResourceManagementClient section of the web.config file point to your FIM service endpoint

    <lithnetResourceManagementClient resourceManagementServiceBaseAddress="http://localhost:5725"/>

  3. Restart the web site The web service is now configured and ready for use. You can go to https://<hostname>:<port>/v1/help to view a list of queries that you can use.

Clone this wiki locally