Best Practice for retrieving data from SAP by .net [closed]
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this questionI'm looking for a 'best practice' in the industry for integrating SAP with a .Net application. So far I only need to read data from SAP, there's no need to update.
开发者_开发知识库The most straightforward way I've found is using SAP Connector and call a BAPI. I am using SAP Connector 3.0. But I'm just wondering whether there's better design out there for retrieval of data? The requirement is - to touch SAP as little as possible and able to transfer data in bulk.
Also, if using this design, other than the SAP login info which I can safeguard via standard encryption etc, is there any other security concern?
Thanks.
I've written many SAP RFC applications. I believe that the .Net connector sits on top of their RFC protocol as does the Java connector. In my experience, the best practice depends on who you ask at SAP. They do have a web application server (WebAS I think it is called these days....it was renamed a few times) that can probably host a web service, but it depends on what you have installed. I think many people opt for the .Net or Java connector still. (I prefer the C++ library personally since it is quite fast, but that is only for the extremely foolish ;) )
My information may be dated, but if they have been consistent then the RFC communication layer is not encrypted out of the box. There is a third party plugin that is used on SAP GUI and all RFC type connectors (.Net/JCo) to encrypt the data stream. You have to set it up in the rfc .ini file.
Then there are IDOCs, which I don't think you want to play with. It is a flat file format much like EDI but dumber.
About the security part, if you're using the equivalent of JCO with .Net, you have a user on the SAP backend to connect with.
This user should be of type "Connection" (so that no-one can use it with the SAPGUI), and should have authorizations that are limited to what is needed (so that no program can use it to perform others operations that you did not thought). While the chance that someone manage to get this user/password are low, you don't take chance with productive datas. Also, password should not be a simple one.
This may sound like basic security, but since i just found the exact opposite on a productive system, i prefer to state it.
Regards
加载中,请稍侯......
精彩评论