Asked by:
User identification issue

Question
-
Hi,
I have a WCF service hosted in the same server as the CRM server to load data into it. My problem is, when a user calls this service I´m not able to identify it in the CRM to have the owner field as the user and not as the CRMAppPool identity. I´m using anonymous authentication in the IIS. Can someone explain me how to do this?
Thanks in advance
Wednesday, November 25, 2015 9:01 AM
All replies
-
Hi
It sounds as the app-pool-user is running the application and is identifying to the CRM. If you want someone else to be the owner you need to somehow identify the user and authenticate the user in CRM.
Regards
Rickard Norström Developer CRM-Konsulterna
http://www.crmkonsulterna.se
Swedish Dynamics CRM Forum: http://www.crmforum.se
My Blog: http://rickardnorstrom.blogspot.seWednesday, November 25, 2015 9:51 AM -
Hello,
Potential workaround is to pass identifier of user as a parameter during call of WCF service.
Dynamics CRM MVP
My blogWednesday, November 25, 2015 9:58 AMModerator -
It depends whether you use AD or Claims authentication in CRM.
If you use AD, then you can just enable Windows authentication in IIS for your WCF service, and use System.Net.CredentialCache.DefaultCredentials when calling the CRM web services
If you use Claims, then you'll need to make your WCF service claims aware. You then have 2 options - you can either use the Claims data to connect to the CRM web services in the context of the user, or you can use CRM impersonation. In my view the latter is a lot easier, as you don't have to do any further ADFS configuration
Microsoft CRM MVP - http://mscrmuk.blogspot.com/ http://www.excitation.co.uk
Wednesday, November 25, 2015 10:00 AMModerator -
What I´m trying to do is to pass the credentials of the client calling the WCF service:
Dim credentials As New ClientCredentials()
credentials.Windows.ClientCredential = CredentialCache.DefaultNetworkCredentialsAnd then when I create my OrganizationServiceProxy at the WCF service pass those client credentials.
And I´m getting the following error:
An unhandled exception of type 'System.ServiceModel.CommunicationException' occurred in mscorlib.dll
Additional information: There was an error while trying to serialize parameter http://tempuri.org/:c. The InnerException message was 'Type 'System.IdentityModel.Tokens.KerberosSecurityTokenHandler' with data contract name 'KerberosSecurityTokenHandler:http://schemas.datacontract.org/2004/07/System.IdentityModel.Tokens' is not expected. Consider using a DataContractResolver if you are using DataContractSerializer or add any types not known statically to the list of known types - for example, by using the KnownTypeAttribute attribute or by adding them to the list of known types passed to the serializer.'. Please see InnerException for more details.
Which Authentification types should I enable in the IIS? Is this a good practice?
Thanks
Wednesday, November 25, 2015 11:14 AM