locked
User identification issue RRS feed

  • Question

  • Hi,

    I have a WCF service hosted in the same server as the CRM server to load data into it. My problem is, when a user calls this service I´m not able to identify it in the CRM to have the owner field as the user and not as the CRMAppPool identity. I´m using anonymous authentication in the IIS. Can someone explain me how to do this?

    Thanks in advance

    Wednesday, November 25, 2015 9:01 AM

All replies

  • Hi

    It sounds as the app-pool-user is running the application and is identifying to the CRM. If you want someone else to be the owner you need to somehow identify the user and authenticate the user in CRM.

    Regards


    Rickard Norström Developer CRM-Konsulterna
    http://www.crmkonsulterna.se
    Swedish Dynamics CRM Forum: http://www.crmforum.se
    My Blog: http://rickardnorstrom.blogspot.se

    Wednesday, November 25, 2015 9:51 AM
  • Hello,

    Potential workaround is to pass identifier of user as a parameter during call of WCF service.


    Dynamics CRM MVP
    My blog

    Wednesday, November 25, 2015 9:58 AM
    Moderator
  • It depends whether you use AD or Claims authentication in CRM.

    If you use AD, then you can just enable Windows authentication in IIS for your WCF service, and use System.Net.CredentialCache.DefaultCredentials when calling the CRM web services

    If you use Claims, then you'll need to make your WCF service claims aware. You then have 2 options - you can either use the Claims data to connect to the CRM web services in the context of the user, or you can use CRM impersonation. In my view the latter is a lot easier, as you don't have to do any further ADFS configuration


    Microsoft CRM MVP - http://mscrmuk.blogspot.com/ http://www.excitation.co.uk

    Wednesday, November 25, 2015 10:00 AM
    Moderator
  • What I´m trying to do is to pass the credentials of the client calling the WCF service:

            Dim credentials As New ClientCredentials()
            credentials.Windows.ClientCredential = CredentialCache.DefaultNetworkCredentials

    And then when I create my OrganizationServiceProxy at the WCF service pass those client credentials.

    And I´m getting the following error:

    An unhandled exception of type 'System.ServiceModel.CommunicationException' occurred in mscorlib.dll

    Additional information: There was an error while trying to serialize parameter http://tempuri.org/:c. The InnerException message was 'Type 'System.IdentityModel.Tokens.KerberosSecurityTokenHandler' with data contract name 'KerberosSecurityTokenHandler:http://schemas.datacontract.org/2004/07/System.IdentityModel.Tokens' is not expected. Consider using a DataContractResolver if you are using DataContractSerializer or add any types not known statically to the list of known types - for example, by using the KnownTypeAttribute attribute or by adding them to the list of known types passed to the serializer.'.  Please see InnerException for more details.


    Which Authentification types should I enable in the IIS? Is this a good practice?

    Thanks


    Wednesday, November 25, 2015 11:14 AM