locked
Accessing CRM Web Service from web application -- create a dummy user? RRS feed

  • Question

  • Hi,

    I would like to access the CRM webservice from a custom web application, which is running on a different server. I took the CrmServiceManager class from the eservice accelerator making som changes. Started out by authenticating the user by using:

     CrmService service = new CrmService();           
     service.Url = String.Format("{0}/mscrmservices/2007/CrmService.asmx", serverUrl);           
     service.CrmAuthenticationTokenValue = GetCrmAuthenticationToken(organizationName);
     service.Credentials = CredentialCache.DefaultCredentials;

    This didn't work, so switched to:

     CrmService service = new CrmService();           
     service.Url = String.Format("{0}/mscrmservices/2007/CrmService.asmx", serverUrl);           
     service.CrmAuthenticationTokenValue = GetCrmAuthenticationToken(organizationName);
     service.Credentials = new NetworkCredential(username, password, domain);

    This worked. However I supplied the administrator user and password which I don't want to hardcode.

    The question is: creating a dummy user, say "domain\webserviceuser", and assing it to a role that has organizational access on entitis that is required. Would this user have access to the web services? Is this a good solution, or are there other ways around this?
    Monday, May 4, 2009 10:43 AM

Answers

  • Hi,

    You could create a new user in CRM and could give him appropriate Security Role ( privileges + access level) for a given entity. And than use it within your application. In this case whoever runs the application will see the same data and would have same right as the user impersonated.

    However if you want your application to run under the context of the user running the application, you would set
     service.Credentials = CredentialCache.DefaultCredentials;
    and
    following information in your web.config
    <identity impersonate='true'/>



    Regards,
    Nishant Rana


    http://nishantrana.wordpress.com
    Monday, May 4, 2009 11:29 AM
  • Hi flowjob,

    be aware that when you want to give access to crm data to external user you need a CRM Client-License or a External Connector License.

    The Microsoft Dynamics CRM 4.0 External Connector enables customers to extend Microsoft Dynamics CRM to their external users such as customers, partners, suppliers, and end users who access a copy of the server software (for which a license was acquired), through any application/graphical user interface (GUI), other than the Microsoft Dynamics CRM client.  “External Users” are users who are not either (i) your or your affiliates’ employees, or (ii) your or your affiliates’ onsite contractors or agents,   External users also does not include hosted-software service users, such as those already licensing via the Microsoft Service Provider License (SPLA).

    Best regards,
    Jürgen


    Jürgen Beck

    Dipl. Kfm./Wirtschaftsinformatik
    MVP, MCSD.NET, MCITP DBA, MCDBA, MCSE
    Microsoft Certified Business Management Solutions Professional
    Microsoft Certified CRM Developer
    Microsoft Certified Trainer

    ComBeck IT Services & Business Solutions
    Microsoft Gold Certified Partner
    Microsoft Small Business Specialist

    Developing & Supporting Business Applications from small business to big enterprises covering scores of sectors

    http://www.combeck.de
    Monday, May 4, 2009 12:56 PM
    Moderator

All replies

  • Hi,

    You could create a new user in CRM and could give him appropriate Security Role ( privileges + access level) for a given entity. And than use it within your application. In this case whoever runs the application will see the same data and would have same right as the user impersonated.

    However if you want your application to run under the context of the user running the application, you would set
     service.Credentials = CredentialCache.DefaultCredentials;
    and
    following information in your web.config
    <identity impersonate='true'/>



    Regards,
    Nishant Rana


    http://nishantrana.wordpress.com
    Monday, May 4, 2009 11:29 AM
  • Thanks for that.

    Just experimenting with this and when I'm using the CredentialCache.DefaultCredentials and impersonate=true, the application stops working. I do believe this is because it runs under an anonymous IIS account (custom), and when doing impersonation I get the Network Service account which is the account the application pool run under. So as long as I have this setup, would it be better to have a dummy account??

    The application is only accessible (unless you know the url with a valid guid...) through an iframe from an account form, and the webservice is only used to retrieve data, so I don't think "unauthorized" access to data would be a big problem.
    Monday, May 4, 2009 12:43 PM
  • Hi flowjob,

    be aware that when you want to give access to crm data to external user you need a CRM Client-License or a External Connector License.

    The Microsoft Dynamics CRM 4.0 External Connector enables customers to extend Microsoft Dynamics CRM to their external users such as customers, partners, suppliers, and end users who access a copy of the server software (for which a license was acquired), through any application/graphical user interface (GUI), other than the Microsoft Dynamics CRM client.  “External Users” are users who are not either (i) your or your affiliates’ employees, or (ii) your or your affiliates’ onsite contractors or agents,   External users also does not include hosted-software service users, such as those already licensing via the Microsoft Service Provider License (SPLA).

    Best regards,
    Jürgen


    Jürgen Beck

    Dipl. Kfm./Wirtschaftsinformatik
    MVP, MCSD.NET, MCITP DBA, MCDBA, MCSE
    Microsoft Certified Business Management Solutions Professional
    Microsoft Certified CRM Developer
    Microsoft Certified Trainer

    ComBeck IT Services & Business Solutions
    Microsoft Gold Certified Partner
    Microsoft Small Business Specialist

    Developing & Supporting Business Applications from small business to big enterprises covering scores of sectors

    http://www.combeck.de
    Monday, May 4, 2009 12:56 PM
    Moderator
  • Hi Jürgen,

    It's all for internal use.
    Monday, May 4, 2009 1:17 PM
  • Hi flowjob,

    this is ok, but remember also for internal use you need one CRM license per user which accesses your web application.

    Best regards,
    Jürgen

    Jürgen Beck

    Dipl. Kfm./Wirtschaftsinformatik
    MVP, MCSD.NET, MCITP DBA, MCDBA, MCSE
    Microsoft Certified Business Management Solutions Professional
    Microsoft Certified CRM Developer
    Microsoft Certified Trainer

    ComBeck IT Services & Business Solutions
    Microsoft Gold Certified Partner
    Microsoft Small Business Specialist

    Developing & Supporting Business Applications from small business to big enterprises covering scores of sectors

    http://www.combeck.de
    Monday, May 4, 2009 1:19 PM
    Moderator