Prerequisites for the Web API
This page describes the prerequisites for successfully installing and running the Web API.
Use the checklist above to verify that you have performed all steps required to get Nodinite flying
The Web API is involved in SQL Server related operations and Nodinite uses the Windows Service Microsoft Distributed Transaction Coordinator (DTC) that is responsible for coordinating transactions that span multiple resource managers. We have written a dedicated tutorial for Nodinite with our best practices for how to install and configure the DTC Windows Service.
You must configure the DTC as documented otherwise Nodinite will not be able to function
When you install Nodinite using the install and update tool the Web API is assigned an IIS App Pool. This IIS App Pool is set to run with ASP.NET Impersonation and all consumers of the Web API will be impersonated to a dedicated Windows Service account.
If the impersonated service account for IIS App Pool is not a local administrator then the Windows Domain account must be added to the local 'IIS_IUSRS' group. The account used must also be assigned certain SQL Rights, see next paragraph.
NOTE: If the Windows User account for the Application pool is not assigned the sysadmin role, then you must make sure the account is added to the list of logins to apply correct user rights for (as new databases are created). This settings is governed by the ImLogServiceUsers system parameter.
The Web API accesses the databases using the impersonated configured for the Web API and must have the following SQL rights assigned:
- Configuration Database
- Grant Execute rights on all existing and future stored procedures:
GRANT EXECUTE TO [Domain\user]
Replace [Domain\user] with the Windows account being used for the Web API
- Log Databases (can be multiple )
Note: db_ddladmin is required for the service account to have proper rights to read statistics. Without this permission, performance may be degraded, especially true for remote servers (linked servers). Read more here. Contact our support if you have any questions about this.
The Web API requires both inbound and outbound ports to be opened. Since Nodinite is highly configurable, the actual ports in use may differ from what's being exampled here.
The Web API requires both inbound and outbound ports to be open. Depending on your environment different ports may be used. On a high level the following services must be allowed:
- TCP Ports for REST
- Configuration Database - ports used to communicate with SQL Server
|80||HTTP||default for HTTP)|
|443||HTTPS||default for HTTPS)|
- 1-65535 - It all depends on what port you have assigned using 'Edit Bindings' for the Web Site hosting the Web API (inbound and outbound see next bullet)
If you're going to host Nodinite on non default ports, Please contact our support for guidance at firstname.lastname@example.org
The Web API accesses the databases using the Impersonated Windows Account. You must ensure that TCP ports used are allowed by your firewalls, depending on location of the SQL database the actual ports used may differ. The following Windows Services are involved:
|53||DNS||The Agent needs to know where your other servers/services are (can sometimes optionally be solved with user-defined entries in the
|88||Kerberos||Review 'Microsoft Kerberos' user guide|
|135||DTC/RPC||This port is shared between many Windows Services|
|1433/...||SQL Server instance ports (multiple)||Depends on policies and settings on target environment. Please review the How to configure RPC dynamic port allocation to work with firewalls user guide|