locked
CRM Custom Workflow - System.Security.SecurityException RRS feed

  • Question

  • Hi,

    I'm working on a Dynamics CRM 2011 custom workflow to enhance the standard SharePoint integration.

    The purpose of the workflow is to create a folder with a more specicif name than the standard account name, also containing the customer number. The workflow will work against SharePoint online.

    I have planned to use the SharePoint client libraries: Microsoft.SharePoint.Client, Microsoft.SharePoint.Client.Runtime, and Microsoft.SharePoint.UserProfiles. These DLL-files are included in the package with a ilmerge build event:

    COPY $(TargetDir)$(TargetName).dll temp.dll
    $(ProjectDir)ILMergeexe\ILMerge.exe /out:$(TargetDir)$(TargetName).dll temp.dll $(TargetDir)Microsoft.SharePoint.Client.dll $(TargetDir)Microsoft.SharePoint.Client.Runtime.dll $(TargetDir)Microsoft.SharePoint.Client.UserProfiles.dll  /keyfile:$(ProjectDir)versjon2.snk /targetplatform:v4,"C:\Windows\Microsoft.NET\Framework\v4.0.30319" /copyattrs 
    DEL  $(TargetDir)temp.dll

    The SharePoint code is working perfectly when I'm running it from Visual Studio, but it fails when I run it through CRM. The exception i get is a System.Security.SecurityException:

    Unhandled Exception: Microsoft.Xrm.Sdk.InvalidPluginExecutionException: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
       at System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet)
       at System.Security.CodeAccessPermission.Demand()
       at System.Net.AuthenticationManager.Register(IAuthenticationModule authenticationModule)
       at Microsoft.SharePoint.Client.SharePointOnlineAuthenticationModule.EnsureRegistered()
       at Microsoft.SharePoint.Client.SharePointOnlineCredentials..ctor(String username, SecureString password)
       at SPOnlineClient.SPFolderHelper.GenerateCredentials(String username, String password)
       at SPOnlineClient.SPFolderHelper..ctor(String siteUrl, String username, String password, String listName)
       at Skill.ITAS.SharePointFolderWF.SharePointFolderWF.CreateSharePointFolder(String folderName)
       at Skill.ITAS.SharePointFolderWF.SharePointFolderWF.HandleCreate(IOrganizationService service, IWorkflowContext context)
    The action that failed was:
    Demand
    The type of the first permission that failed was:
    System.Security.Permissions.SecurityPermission
    The Zone of the assembly that failed was:
    MyComputer

    The simple code where it fails is the first place i try to call one of the three Microsoft libraries I'm including. The call is not referring to any external connection, only creating SharePointCredentials:

     private SharePointOnlineCredentials GenerateCredentials(string username, string password)
            {
                var pwd = new System.Security.SecureString();
                foreach (char eachChar in password)
                {
                    pwd.AppendChar(eachChar);
                }
                return new SharePointOnlineCredentials(username, pwd);
    
            }

    This makes me think that the error is somehow related to access of these third party libraries. 

    I would very much appreciate any help or hints to point me in the direction of a possible solution!

    Best Regards,

    Trond


    Trond


    Tuesday, August 19, 2014 11:56 AM

Answers

  • The same issue affects both posts; the custom workflow activity is running in the sandbox, and the sandbox restricts what the code can do. In both cases the code is attempting to use some of the .Net authentication assemblies, but this is not permitted in the sandbox.

    If running Crm On-Premise, then the simple solution is to run the custom workflow activity outside of the sandbox. However, this is not possible in Crm Online. As far as I know, the only way to connect from one Online CRM Instance to another Online CRM Instance in a plugin/workflow is:

    • Create an external web service that can connect to the destination Online CRM Instance
    • Host this external web service in Azure (or a separate web server)
    • Call the web service via the azure service bus from the originating Online CRM Instance

    Microsoft CRM MVP - http://mscrmuk.blogspot.com/ http://www.excitation.co.uk

    • Marked as answer by Trond Undrum Wednesday, October 14, 2015 7:45 AM
    Wednesday, September 2, 2015 7:53 PM
    Moderator

All replies

  • I am facing similar issue when connecting  Online CRM Instance from Other Online CRM Instance using Custom workflow


    Chandrashubh

    Wednesday, September 2, 2015 9:04 AM
  • The same issue affects both posts; the custom workflow activity is running in the sandbox, and the sandbox restricts what the code can do. In both cases the code is attempting to use some of the .Net authentication assemblies, but this is not permitted in the sandbox.

    If running Crm On-Premise, then the simple solution is to run the custom workflow activity outside of the sandbox. However, this is not possible in Crm Online. As far as I know, the only way to connect from one Online CRM Instance to another Online CRM Instance in a plugin/workflow is:

    • Create an external web service that can connect to the destination Online CRM Instance
    • Host this external web service in Azure (or a separate web server)
    • Call the web service via the azure service bus from the originating Online CRM Instance

    Microsoft CRM MVP - http://mscrmuk.blogspot.com/ http://www.excitation.co.uk

    • Marked as answer by Trond Undrum Wednesday, October 14, 2015 7:45 AM
    Wednesday, September 2, 2015 7:53 PM
    Moderator