Impersonation - Invalid User Auth
- Hi everybody,
I need some advices about my impersonation problem.
Here is the code:
CrmService myCrmService = new CrmService ();
CrmAuthenticationToken token = new CrmAuthenticationToken ();
token.AuthenticationType = 0;
token.OrganizationName = <OrgName> ;
token.CallerId = new Guid (<GuidID of a systemuser>);
myCrmService.Url = <CRM Web Service Url> ;
myCrmService.CrmAuthenticationTokenValue = token;
myCrmService.Credentials = new System.Net.NetworkCredential (<username> , <password> , <domain> );//this user is a member of PrivUserGroup
//service.Credentials = System.Net.CredentialCache.DefaultCredentials; //I tried with defaut credentials also
My_customEntity testEntity = new My_customEntity ();
testEntity.My_name = "onur" ;
TargetCreateMy_customEntity targetCreate = new TargetCreateMy_customEntity ();
targetCreate.My_customEntity = testEntity;
CreateRequest request = new CreateRequest ();
request.Target = targetCreate;
CreateResponse response = (CreateResponse )myCrmService.Execute(request);
Response.Write("Created. Object ID: " + response.id);
When I try to execute this code it's throwing "Invalid User Auth" error. P.S: If I remove "token.CallerId = new Guid (<GuidID of a systemuser>);" line everything is fine.
Here is the trace code:
<!-- /* Font Definitions */ @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4; mso-font-charset:162; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:-1610611985 1107304683 0 0 159 0;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4; mso-font-charset:162; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:-1610611985 1073750139 0 0 159 0;} @font-face {font-family:Verdana; panose-1:2 11 6 4 3 5 4 4 2 4; mso-font-charset:162; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:536871559 0 0 0 415 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-unhide:no; mso-style-qformat:yes; mso-style-parent:""; margin-top:0cm; margin-right:0cm; margin-bottom:10.0pt; margin-left:0cm; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:Calibri; mso-fareast-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} .MsoChpDefault {mso-style-type:export-only; mso-default-props:yes; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:Calibri; mso-fareast-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} .MsoPapDefault {mso-style-type:export-only; margin-bottom:10.0pt; line-height:115%;} @page Section1 {size:612.0pt 792.0pt; margin:72.0pt 72.0pt 72.0pt 72.0pt; mso-header-margin:35.4pt; mso-footer-margin:35.4pt; mso-paper-source:0;} div.Section1 {page:Section1;} -->>Crm Exception: Message: Invalid user auth., ErrorCode: -2147220988
Any Suggestion ?
[2009-11-03 19:55:02.7] Process: w3wp |Organization:2bf27922-63e1-4a39-9e76-6d3c53c973f5 |Thread: 1 |Category: Platform.Sdk |User: b113ba18-b241-dd11-a565-000c29f531b1 |Level: Error | CrmExceptionHandler.Handle
at CrmExceptionHandler.Handle(Stream to, Stream from, Exception exception)
at CompositeSoapExtensionExceptionHandler.Handle(Stream to, Stream from, Exception exception)
at CrmAuthenticationSoapExtensionBase.ProcessMessage(SoapMessage message)
at SoapMessage.RunExtensions(SoapExtension[] extensions, Boolean throwOnException)
at SoapServerProtocol.WriteException(Exception e, Stream outputStream)
at WebServiceHandler.WriteException(Exception e)
at WebServiceHandler.Invoke()
at WebServiceHandler.CoreProcessRequest()
at SyncSessionlessHandler.ProcessRequest(HttpContext context)
at CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
at ApplicationStepManager.ResumeSteps(Exception error)
at HttpApplication.System.Web.IHttpAsyncHandler.BeginProcessRequest(HttpContext context, AsyncCallback cb, Object extraData)
at HttpRuntime.ProcessRequestInternal(HttpWorkerRequest wr)
at HttpRuntime.ProcessRequestNoDemand(HttpWorkerRequest wr)
at ISAPIRuntime.ProcessRequest(IntPtr ecb, Int32 iWRType)
>CrmSoapExtension detected CrmException:
System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> Microsoft.Crm.CrmException: Invalid user auth.
at Microsoft.Crm.BusinessEntities.SecurityLibrary.VerifyUser(Guid user, ExecutionContext context)
at Microsoft.Crm.BusinessEntities.ExecutionContext.SetCaller(Guid callerId, Boolean setCallerLanguage)
at Microsoft.Crm.BusinessEntities.ExecutionContext.OnBeginRequest(Guid userId, Boolean startTransaction, IsolationLevel isolationLevel, String methodName, ServiceMethodType methodType, OperationContext operationContext, String crmMethodName, CallerOriginToken originToken)
at Microsoft.Crm.BusinessEntities.ExecutionContext.OnBeginRequest(Guid userId, Boolean startTransaction, IsolationLevel isolationLevel, SoapContext soapContext, OperationContext operationContext, CallerOriginToken originToken)
at Microsoft.Crm.BusinessEntities.ExecutionContext.OnBeginRequest(Guid userId, Boolean startTransaction, SoapContext soapContext, OperationContext operationContext, CallerOriginToken originToken)
at Microsoft.Crm.Extensibility.ExternalMessageDispatcher.Execute(String messageName, Int32 primaryObjectTypeCode, Int32 secondaryObjectTypeCode, PropertyBag fields, CorrelationToken correlationToken, CallerOriginToken originToken, UserAuth userAuth, Guid callerId)
at Microsoft.Crm.Sdk.RequestBase.Process(Int32 primaryObjectTypeCode, Int32 secondaryObjectTypeCode, CorrelationToken correlationToken, CallerOriginToken originToken, UserAuth userAuth, Guid callerId)
at Microsoft.Crm.Sdk.RequestBase.Process(CorrelationToken correlationToken, CallerOriginToken originToken, UserAuth userAuth, Guid callerId)
at Microsoft.Crm.Sdk.CrmServiceInternal.Execute(RequestBase request, CorrelationToken correlationToken, CallerOriginToken originToken, UserAuth userAuth, Guid callerId)
at Microsoft.Crm.Sdk.Crm2007.CrmService.Execute(Request request)
--- End of inner exception stack trace ---
All Replies
- Well, you just don't have to define the CallerId property...
This property is used in IFD mode to retrieve the Id of the user connected
My blog : http://mscrmtools.blogspot.com You will find: Form Javascript Manager (export/import javascript from forms) ISV.Config Manager (graphical ISV.config edition - export/import) View Layout replicator (customize one view and replicate to others) And others (use tool tag on my blog) - If don't have to define CallerId, how will impersonate ?
Credentials which I mention in code is belong to admin user but I want to call Execute method with ie:Tanguy user's privileges, so I'm setting CallerId as Tanguy user's guid. whether your application is deployed inside the CRM website or outside the crm website.if it is inside CRM website.
you can do the following
CrmAuthenticationToken authToken = new CrmAuthenticationToken();
authToken.AuthenticationType = 0;
authToken.OrganizationName = ConfigurationManager.AppSettings["ORGNAME"];// Include support for impersonation.
authToken.CallerId = new Guid(ConfigurationManager.AppSettings["CRMUSER"]);//new Guid(GetSender()); // new Guid("E0FC4DAE-12E3-DD11-9FBD-0003FFA5B82B");
CrmService service = new CrmService();
service.CrmAuthenticationTokenValue = authToken;
service.UseDefaultCredentials = true;RegistryKey regkey = Registry.LocalMachine.OpenSubKey("SOFTWARE\\Microsoft\\MSCRM");
service.Url = String.Concat(regkey.GetValue("ServerUrl").ToString(), "/2007/crmservice.asmx");
//service.CorrelationTokenValue = corToken;return service;
use the default credential.
SAFI- The impersonation should be already done because you use explicit Network crendentials...
My blog : http://mscrmtools.blogspot.com You will find: Form Javascript Manager (export/import javascript from forms) ISV.Config Manager (graphical ISV.config edition - export/import) View Layout replicator (customize one view and replicate to others) And others (use tool tag on my blog) - have you got latest roll up installed?
see this ..http://www.errorhelp.com/search/details/96643/0x80040204-invalid-user-auth - I have just resolve similair kind of issue..
just make sure user (<username> as below) is part of privUserGroup
myCrmService.Credentials = new System.Net.NetworkCredential (<username> , <password> , <domain> );//this user is a member of PrivUserGroup
also make sure above user logoff and log in again in to the system otherwise user's security does not get update..
have a look at this article : http://msdn.microsoft.com/en-us/library/cc151052.aspx for more information regarding this
as per this,
Impersonation involves two different user accounts. One user account (A) is used when executing code to perform some task on behalf of another user (B). To use impersonation, user account (A) under which the impersonation code is to run must be added to the PrivUserGroup group in Active Directory. This group is created by Microsoft Dynamics CRM during installation and setup. User account A does not have to be associated with a licensed Microsoft Dynamics CRM user. However, the user who is being impersonated (B) must be a licensed Microsoft Dynamics CRM user.- Proposed As Answer byMayankP Thursday, November 12, 2009 4:36 PM
