Need to suppress Windows Security dialog when connecting to CRM WCF service from application RRS feed

  • Question

  • I am currently developing a Windows desktop application that uses the CRM WCF service as a data source. The CRM environment uses AD authentication. The problem I have is that our domain enforces a password expiration policy, so every three months each user's CRM password changes, and the one stored for the user (in encrypted form) in the application becomes invalid.

    When that happens, after logging into the application, the user is presented with a Windows Security dialog asking them to enter their network user credentials. If they do so the first time, they're asked up to a dozen more times, to authenticate a bunch of OrgServiceProxy objects in a pool. This is confusing, frustrating, and dangerous from a security mindset (don't want the user getting too comfortable entering network credentials into every dialog that asks). I want to suppress this popup, and instead have the CRM authentication immediately throw the SecurityNegotiationException I'm expecting if the credentials passed are wrong. The app will catch that and direct the user to the User Maintenance screen where they can update their credentials.

    I know it's possible to put the site in a zone with custom security settings suppressing this prompt, but Group Policy to do that is kind of heavy-handed and could have unintended consequences. I would prefer a programmatic "quick fix" for now, until we can re-architect the application's security layer to do all authentication against AD.


    Wednesday, January 14, 2015 7:04 PM