|
|
CRM 1.2 Basic Authentication with SSL
I�ve red from �Overview of Changes for Microsoft CRM Version 1.2� article
the following:
7. Question: Does Microsoft CRM version 1.2 support other Authentication
methods?
Answer: Microsoft CRM version 1.2 supports NTLM, NTLM with Secure Socket
Layer (SSL) and Basic Authentication with SSL.
I�ve checked these Authentication methods experimentally and Microsoft CRM
1.2 Web UI works correctly. But our adapter failed executing:
BizUser.WhoAmI() methods in case Basic Authentication and Windows
Integrated Authentication with SSL (401 Access Denied).
Adapter works properly just in case of Windows Integrated Authentication
without SSL.
Please help me to solve this problem.
May be in this case I should fill NetworkCredentials specially?
May be I must set Auth mode to Microsoft CRM Web services separately?
P.S. 'Trust computer for delegation' checkbox was marked!!!
|
|
0
|
|
|
|
Reply
|
 tarastaras
|
1/12/2005 8:30:27 AM |
|
When you say "adapter" what are you referring to?
Matt Parks
MVP - Microsoft CRM
----------------------------------------
----------------------------------------
On Wed, 12 Jan 2005 03:30:27 -0500, "tarastaras" <trashnik@miratech.ua> wrote:
I�ve red from �Overview of Changes for Microsoft CRM Version 1.2� article
the following:
7. Question: Does Microsoft CRM version 1.2 support other Authentication
methods?
Answer: Microsoft CRM version 1.2 supports NTLM, NTLM with Secure Socket
Layer (SSL) and Basic Authentication with SSL.
I�ve checked these Authentication methods experimentally and Microsoft CRM
1.2 Web UI works correctly. But our adapter failed executing:
BizUser.WhoAmI() methods in case Basic Authentication and Windows
Integrated Authentication with SSL (401 Access Denied).
Adapter works properly just in case of Windows Integrated Authentication
without SSL.
Please help me to solve this problem.
May be in this case I should fill NetworkCredentials specially?
May be I must set Auth mode to Microsoft CRM Web services separately?
P.S. 'Trust computer for delegation' checkbox was marked!!!
|
|
|
0
|
|
|
|
Reply
|
Matt
|
1/12/2005 6:35:05 PM
|
|
G+ Adapter is ASP.NET sub application which located in Virtual Folder under
Microsoft CRM 1.2 Web Site in IIS.
This application is integrated in the main MS CRM frame using
customization (isv.config, etc).
We are using relative links to access some MS CRM Web pages (like Phone
Call activities)�
Best Regards
Taras,
e-mail: trashnik@genesyslab.com
|
|
|
0
|
|
|
|
Reply
|
tarastaras
|
1/13/2005 1:02:40 PM
|
|
OK, when I hear adpater I usually think BizTalk.
My guess is that you are running into a problem with SSL not negotiating the
handshake properly when it comes to your calls. I haven't tried to run SDK
calls over SSL before, but your code will basically establish it's own
connection with the server. It may be having trouble negotiaing the SSL
handshake.
Is there anyway to configure it so that your code can bypass SSL? Maybe by
using localhost instead of the machine name? Or try configuring the
MSCRMServices directory to not require encryption?
Matt Parks
MVP - Microsoft CRM
----------------------------------------
----------------------------------------
On Thu, 13 Jan 2005 08:02:40 -0500, "tarastaras" <trashnik@miratech.ua> wrote:
G+ Adapter is ASP.NET sub application which located in Virtual Folder under
Microsoft CRM 1.2 Web Site in IIS.
This application is integrated in the main MS CRM frame using
customization (isv.config, etc).
We are using relative links to access some MS CRM Web pages (like Phone
Call activities)�
Best Regards
Taras,
e-mail: trashnik@genesyslab.com
|
|
|
0
|
|
|
|
Reply
|
Matt
|
1/13/2005 7:43:57 PM
|
|
Microsoft CRM SDK
Microsoft.Crm.Platform.Proxy
Hello Matt,
As I right understand from �Microsoft CRM SDK� User has the only way to
programmatically access MS CRM metadata via �MSCRMServices� Web Services.
Microsoft.Crm.Platform.Proxy.dll is the wrapper for these services.
As I found experimentally MS CRM Web Site doesn�t use �MSCRMServices� with
*.srf files which refer to some handlers like �BizOrganization.dll�. I
moved all *.srf files from �MSCRMServices� folder and all continue to work
properly.
I played with Authentication modes: Set Basic Authentication to all
�Microsoft CRM Version 1.2� Web Site recursively and set Windows
Integrated Authentication just to �BizUser.srf� unit in �MSCRMServices�.
Then WhoAmI() start works correctly.
When I set Basic Authentication to �BizUser.srf� unit in �MSCRMServices�
then I can see in IIS log the following (�\system32\LogFiles\W3SVC1�):
2005-01-17 13:34:31 192.168.83.194 - 192.168.83.194 80 POST
/MSCRMServices/BizUser.srf - 401
Mozilla/4.0+(compatible;+MSIE+6.0;+MS+Web+Services+Client+Protocol+1.1.4322.573)
I tried to use �localhost� in URL, I played with NetworkCredentials and
tried to use DefaultCredentials from CredentialsCash. But the problem
remains open.
Can we use �MS CRM Platform� passing over �MSCRMServices� Web Services?
Taking into account that our ASP.NET application in hosted in the same IIS
and working under �User� security account.
Can we adjust security setting in �Microsoft.Crm.Platform.Proxy� or in
�MSCRMServices� Web Services to allow Basic Authentication method (with
SSL).
P.S. Our adapter must work in all Authentication modes as MS CRM can
works.
|
|
|
0
|
|
|
|
Reply
|
tarastaras
|
1/17/2005 1:51:34 PM
|
|
I've added the folowing code:
System.Net.NetworkCredential myCred = new
System.Net.NetworkCredential("crm", "crm", "adventure-works");
System.Net.CredentialCache myCredentialCache = new
System.Net.CredentialCache();
myCredentialCache.Add( new Uri( "http://mtx-app-crm" ),"Basic", myCred
);
myCredentialCache.Add( new Uri( "http://mtx-app-crm" ), "NTLM", myCred
); //Windows Integrated
bizUser.Credentials = myCredentialCache;
And then I be able to switch between Basic and Windows Integrated
Authentication methods, but I can't switch-on SSL. Even then I change Uri
to "https://mtx-app-crm".
|
|
|
0
|
|
|
|
Reply
|
tarastaras
|
1/18/2005 3:20:10 PM
|
|
I�ve added the following code and SSL starts working.
public class MyPolicy : System.Net.ICertificatePolicy
{
public bool CheckValidationResult(System.Net.ServicePoint srvPoint,
System.Security.Cryptography.X509Certificates.X509Certificate certificate,
System.Net.WebRequest request, int certificateProblem)
{
return true;
}
}
�
System.Net.ServicePointManager.CertificatePolicy = new MyPolicy();
bizUser.Url = "https://serverName/MSCRMServices/BizUser.srf";
System.Net.NetworkCredential myCred = new
System.Net.NetworkCredential("name", "passw", "domain");
System.Net.CredentialCache myCredentialCache = new
System.Net.CredentialCache();
try
{
System.Net.NetworkCredential myDefCred =
System.Net.CredentialCache.DefaultCredentials.GetCredential( new
Uri(bizUser.Url), "NTLM" );
if( myDefCred != null )
{
Logger.Debug( "myDefCred.UserName = " + myDefCred.UserName );
Logger.Debug( "myDefCred.Domain = " + myDefCred.Domain );
myCredentialCache.Add( new Uri( bizUser.Url ),"Basic", myCred );
myCredentialCache.Add( new Uri( bizUser.Url ), "NTLM", myDefCred );
//Windows Integrated
}
else
Logger.Debug( "myDefCred == null" );
}
catch( Exception ex )
{
Logger.Debug( "DefaultCredentials.GetCredential Exception " + ex );
}
bizUser.Credentials = myCredentialCache;
CUserAuth userAuth = null;
try
{
userAuth = bizUser.WhoAmI();
}
catch( Exception e )
{
Logger.Debug( "WhoAmI() Exception = ", e );
}
|
|
|
0
|
|
|
|
Reply
|
tarastaras
|
1/19/2005 2:39:44 PM
|
|
|
6 Replies
253 Views
(page loaded in 0.096 seconds)
|
|
|
|
|
|
|
|
|
Search |
Post Question |
Groups |
Stream |
About |
Register
35933 articles. 
23 followers. 
rakefet
Shikhar
david8411
CoryPalmer