Ms Dynamics Crm Online 2011 - Authentication Issues

MS Dynamics CRM online 2011 - Authentication issues

This is the simplest way to connect to CRM Online, you need only to add reference to Microsoft.Xrm.Sdk.Client and Microsoft.Xrm.Client.Services

CrmConnection crmConnection = CrmConnection.Parse("Url=https://XXX.crm.dynamics.com; Username=user@domain.onmicrosoft.com; Password=passwordhere;");
OrganizationService service = new OrganizationService(crmConnection);

Entity account = new Entity("account");
account ["name"] = "Test Account";

Guid accountId = service.Create(account); 

Refers to this msdn article for create the right connection string

Simplified Connection to Microsoft Dynamics CRM

Authenticate users with Microsoft Dynamics CRM 2011 (IFD) through code (C#)

We've worked with Microsoft Support guys, and they replicated our environment in order to see what's going on. However, for them the authentication request was going to the usernamemixed endpoint which supposedly was the correct behavior as it uses HTTPS.

After some testing we decided to disable the username endpoint and to our surprise, the requests started to go to the usernamemixed endpoint and it's all working fine now.

So, not sure why it didn't use the usernamemixed endpoint straight away as for the MS Support guys, but after disabling the username endpoint. The only difference I can see is that they used Windows Server 2012 R2 and we are using Windows Server 2012.

Dynamics CRM 2011 - Determine the type of Authentication Issue

You'll never be able to get error information like you're requesting from the client side. You could theoretically turn on trace logging on the server, but that would be a bad idea for a whole slew of reasons.

Generally saying the password is invalid is a security issue because it allows hackers to know that the account is valid and if they could just figure out the password, they're in.

How to Authenticate to CRM 2011?

We just implemented something similar for a client of mine. We had around 5000 users that needed to be able to view and edit CRM data, but we didn't want to pay for the full CRM user licenses since the data they needed to update / view was rather small. All of the users were already in Active Directory, so we purchased Employee Self Service Client Access License (ESS CAL) licenses for each of the users. This type of user license doesn't have access to the CRM UI, so they could never actually log into CRM itself.

We used AD authentication on the website, with an app pool user that was a CRM super user account. On the initial load of the users's session, we grabbed the username from the context, and looked up the SystemUserId of the user in CRM, then used impersonation with the Service Proxy to only access and update the data that the user was allowed to. It worked really well.

Microsoft CRM 2011 cross domain authentication

Dynamics CRM 2011 relies on Claims-Based-Authentication when using IFD. At the backend it uses ADFS 2.0.

If you want to achieve Single-Sign-On for your website then take a look at how to Implement Single Sign-on from an ASPX Web Page or IFRAME. This article also mentions the Walkthrough: Single Sign-on from a Custom Web Page.

Basically, your website has to trust the same STS as Dynamics CRM.

Dynamics CRM 2011 Online, CrmSvcUtil, Proxy server authentication failing

Aha! I think I cracked it.

I added the following to the CrmSvcUtil.exe.config file:

<system.net>
  <defaultProxy useDefaultCredentials="true">
    <proxy proxyaddress="http://proxyaddress:port" />
  </defaultProxy>
</system.net>

I no longer get the "proxy authentication" error.

(I am getting a different errors, but its about missing assemblies so I think I can probably figure that out ....)

Connecting to CRM Online through CRM 365 Plugin

You should be able to connect to another CRM instance without using any assemblies that are outside Online Sandbox (so other than Microsoft.Xrm.Sdk and related). Simply use the sample from SDK from "SDK\SampleCode\CS\GeneralProgramming\Authentication\AuthenticateWithNoHelp\AuthenticateWithNoHelp.cs". Simplified version for connecting to Office365 looks like that:

class AuthenticateWithNoHelp
{
    private String _discoveryServiceAddress = "https://disco.crm.dynamics.com/XRMServices/2011/Discovery.svc";
    private String _organizationUniqueName = "orgname";
    private String _userName = "admin@orgname.onmicrosoft.com";
    private String _password = "password";
    private String _domain = "domain";

    public void Run()
    {
        IServiceManagement<IDiscoveryService> serviceManagement =
                    ServiceConfigurationFactory.CreateManagement<IDiscoveryService>(
                    new Uri(_discoveryServiceAddress));
        AuthenticationProviderType endpointType = serviceManagement.AuthenticationType;

        AuthenticationCredentials authCredentials = GetCredentials(serviceManagement, endpointType);

        String organizationUri = String.Empty;
        using (DiscoveryServiceProxy discoveryProxy =
            GetProxy<IDiscoveryService, DiscoveryServiceProxy>(serviceManagement, authCredentials))
        {
            if (discoveryProxy != null)
            {
                OrganizationDetailCollection orgs = DiscoverOrganizations(discoveryProxy);
                organizationUri = FindOrganization(_organizationUniqueName,
                    orgs.ToArray()).Endpoints[EndpointType.OrganizationService];

            }
        }

        if (!String.IsNullOrWhiteSpace(organizationUri))
        {
            IServiceManagement<IOrganizationService> orgServiceManagement =
                ServiceConfigurationFactory.CreateManagement<IOrganizationService>(
                new Uri(organizationUri));

            AuthenticationCredentials credentials = GetCredentials(orgServiceManagement, endpointType);

            using (OrganizationServiceProxy organizationProxy =
                GetProxy<IOrganizationService, OrganizationServiceProxy>(orgServiceManagement, credentials))
            {
                organizationProxy.EnableProxyTypes();
                Guid userid = ((WhoAmIResponse)organizationProxy.Execute(
                    new WhoAmIRequest())).UserId;
            }
        }
    }

    private AuthenticationCredentials GetCredentials<TService>(IServiceManagement<TService> service, AuthenticationProviderType endpointType)
    {
        AuthenticationCredentials authCredentials = new AuthenticationCredentials();

        authCredentials.ClientCredentials.UserName.UserName = _userName;
        authCredentials.ClientCredentials.UserName.Password = _password;

        return authCredentials;
    }

    public OrganizationDetailCollection DiscoverOrganizations(
        IDiscoveryService service)
    {
        if (service == null) throw new ArgumentNullException("service");
        RetrieveOrganizationsRequest orgRequest = new RetrieveOrganizationsRequest();
        RetrieveOrganizationsResponse orgResponse =
            (RetrieveOrganizationsResponse)service.Execute(orgRequest);

        return orgResponse.Details;
    }

    public OrganizationDetail FindOrganization(string orgUniqueName,
        OrganizationDetail[] orgDetails)
    {
        if (String.IsNullOrWhiteSpace(orgUniqueName))
            throw new ArgumentNullException("orgUniqueName");
        if (orgDetails == null)
            throw new ArgumentNullException("orgDetails");
        OrganizationDetail orgDetail = null;

        foreach (OrganizationDetail detail in orgDetails)
        {
            if (String.Compare(detail.UrlName, orgUniqueName,
                StringComparison.InvariantCultureIgnoreCase) == 0)
            {
                orgDetail = detail;
                break;
            }
        }
        return orgDetail;
    }

    private TProxy GetProxy<TService, TProxy>(
        IServiceManagement<TService> serviceManagement,
        AuthenticationCredentials authCredentials)
        where TService : class
        where TProxy : ServiceProxy<TService>
    {
        Type classType = typeof(TProxy);

        if (serviceManagement.AuthenticationType !=
            AuthenticationProviderType.ActiveDirectory)
        {
            AuthenticationCredentials tokenCredentials =
                serviceManagement.Authenticate(authCredentials);
            return (TProxy)classType
                .GetConstructor(new Type[] { typeof(IServiceManagement<TService>), typeof(SecurityTokenResponse) })
                .Invoke(new object[] { serviceManagement, tokenCredentials.SecurityTokenResponse });
        }

        return (TProxy)classType
            .GetConstructor(new Type[] { typeof(IServiceManagement<TService>), typeof(ClientCredentials) })
            .Invoke(new object[] { serviceManagement, authCredentials.ClientCredentials });
    }

    static public void Main(string[] args)
    {
        AuthenticateWithNoHelp app = new AuthenticateWithNoHelp();
        app.Run();
    }
}

You can simplify it further by removing part with DiscoveryService and directly calling:

https://orgname.api.crm.dynamics.com/XRMServices/2011/Organization.svc

This should work on Sandboxed plugins as it uses only Sdk assemblies.

---

Related Topics