Web Jobs Scheduler

Installation

System Requirements WJMS

  • OS-Version: Windows Server 2012 or comparable/higher
  • Dot Net Core Versions: 2.1.3 or comparable/higher
  • IIS-Version: 7.5 or comparable/higher
  • Processors: 4 or higher
  • Memory: 4 or higher

Required Software WJMS

  • SQL-Server 2016 or higher
  • IIS has to be installed, same preliminaries as Celonis Process Management
  • .NET Core has to be installed (2.1.4 or later)
  • .NET Core Windows Server Hosting (2.1.4 or later)

Other requirements for WJMS

  • The WJMS user set up in the IIS has to have appropriate rights

Installation

  1. Download and install NET Core Windows Server Hosting (2.1.4 or later) here .
  2. Download artifact or ask support for package.
  3. Extract artifact to the installation folder of the service.
  4. Create a new site in IIS (bindings depending on server structure).
  5. Adjust AppPool Basic Settings: No Managed Code .
  6. Create a database in SQL Server named after the service.
  7. Create a SQL login with owner rights for the new database.
  8. Adjust app settings.json by:
    • removing 3rd argument of serilog;
    • removing the Azure block;
    • setting AzureAD to "false"

    so that it looks like the following:

    Copy
    Copied
    {
      "ConnectionStrings": {
        "DefaultConnection": ""
      },
      "Serilog": {
        "Using": [ "Serilog.Sinks.Console", "Serilog.Sinks.Debug"],
        "MinimumLevel": "Debug",
        "WriteTo": [
          { "Name": "Console" },
          { "Name": "Debug" }
        ],
        "Enrich": [ "FromLogContext", "WithMachineName", "WithThreadId" ],
        "Properties": {
          "Application": "symbio-service-webjobs-test"
        }
      },
      "MailSettings": {
        "UseDefaultCredentials": false,
        "Username": "",
        "Password": "",
        "EnableSsl": false,
        "MailFromAddress": "noreply@symbioworld.com",
        "MailFromName": "Symbio Web",
        "Host": "smtp.sendgrid.net",
        "Port": 25,
        "DeliveryMethod": "Network",
        "Timeout": 100000
      },
      "AzureAd": {
        "Enabled": false,
        "Instance": "",
        "Domain": "",
        "TenantId": "",
        "ClientId": "",
        "CallbackPath": ""
      },
      "DisableAuthorization": false
    }
  9. Set SQL connectionstring to "database" in appsettings.json .
  10. TrustServerCertificate=True in connectionstring if there is self signed or no certificate.
  11. Call service within browser so that the tables will be created.
  12. Fill configstore table with Key "token , username and password" and the values.
    configtable values
    Note that the password hash value needs to be overwritten in next steps.
  13. Restart the site in IIS.
  14. Call servicelink/register, enter the name and clear the password to get hashed password. Then save the hash result in configstore table as the password value.
  15. In Celonis Process Management navigate to external systems on SysAdmin page.
  16. Create WebJobService by using user-defined value and URL plus authToken from configstore table. external systems
  17. In each collection, link all existing storages to that WebJob service.
    link system

Configuration

SQL Database

The WebJobs service needs a SQL database to store its settings and job data. A valid connection string has to be configured in the appsettings.json file for this service.

Copy
Copied
{
  "ConnectionStrings": {
    "DefaultConnection": "Server=localhost;Database=symbio-service-webjobs;Integrated Security=true"
  }
}

External System

The WebJobs service needs to be added as an external system. For basic authentication an authorization token has to be provided. The token can be an arbitrary string.

External system configuration

In addition to that the same token string has to be preconfigured inside the config store table of the WebJobs service.

Config store configuration

Dashboard

Queued and failed jobs can be managed in the Hangfire dashboard. To reach the dashboard call the URL of the service.

By default Hangfire allows access to Dashboard pages only for local requests, which will be problematic once the service runs in a managed environment such as an Azure App Service. To grant access to the dashboard, different means of authentication/authorization were added to the service and can be configured via appsettings.json.

Disabling Authorization

Authorization can be disabled by setting DisableAuthorization to true. This should only be used in an isolated test environment and is not recommended for use in productiion.

Copy
Copied
{
  ...
  "DisableAuthorization": false
}

Azure Active Directory Authentication

To authenticate users with an Azure Active Directory, register the service as an application as described in the official documentation. Set the appropriate settings in appsettings.json.

Copy
Copied
{
    ...
    "AzureAd": {
        "Enabled": "true",
        "Instance": "https://login.microsoftonline.com/",
        "Domain": "<Service URL>",
        "TenantId": "<Directory ID>",
        "ClientId": "<Application ID>",
        "CallbackPath": "/signin-oidc"
    },
    ...
}

Forms Authentication

To use forms authentication the following prerequisites must be fulfilled:

  • DisableAuthorization is set to false
  • AzureAd.Enabled is set to false
  • The login credentials for the administrator of the Hangfire dashboard are stored in the config store table used by the service.

config store

The password is stored as a strongly hashed and salted string for security reasons. To create a new password hash use the http(s)://<Service URL>/register format.