Deploy ASP.NET applicaiton for external access, get data from CRM? RRS feed

  • Question

  • Hi all:

    I have developed many ASP.NET applications that interact with CRM and run inside the LAN (i.e. from domain authenticated machines). I now need to deploy an ASP.NET web application that will allow anonymous web users to hit a portal and interact with CRM. The ASP.NET application is running on the CRM server and works fine within the domain LAN.

    When I hit the URL for the App from a non-domain machine I got a prompt for a Username and Password. When I went into IIS on the server and enabled Anonymous Access, then the app loads but I get an authentication error and none of the data loads.


    Does anyone know of a good information source on deploying such web applications and/or have any tips, gotchas, advice, etc? In the SDK I found some info about CrmImpersonate, do I need to wrap all of the code that interacts with CRM in this?


    Thanks for any and all help.





    Friday, September 11, 2009 12:46 PM


All replies

  • Hi John,

    When you expose your application to the internet your code no longer can authenticate the users against the AD and hence it will error when it tries to access MS CRM web services. (All users accessing MS CRM must belong to AD). When you want to give an anonymous user access to MS CRM you must impersonate an MS CRM user.

    To do that you can use the code below.

    CrmAuthenticationToken token = new CrmAuthenticationToken();
    token.AuthenticationType = 0; // Use Active Directory authentication.
    token.OrganizationName = "AdventureWorksCycle";

    // Use the global user ID of the system user that is to be impersonated.
    token.CallerId = new Guid("94092D6F-B367-DC11-9C93-0003FFDFCE28");

    CrmService crmService = new CrmService();
    crmService.Url = "http://localhost/MSCRMServices/2007/CrmService.asmx";
    crmService.CrmAuthenticationTokenValue = token;
    crmService.Credentials = new NetworkCredential("PrivUserName","PrivUserPassword","PrivUserDomain")

    Note that once you use this code all users who access the external website will see the same data. (because they are logging into MS CRM as the same user). You might need to put in place a login mechanism to filter the data for users based on who is logged into your external application/website.

    You will need to use an External Connector license to be able to legally do that. You can read more about the external connector license at the url below.

    The external connector license is not a piece of software. It just allows you to expose MS CRM data to external users without breaching your MS CRM license agreement with MS.


    Hassan Hussain | http://hassanhussain.wordpress.com/ | http://www.mscrmvirtualusergroup.com/
    • Proposed as answer by Hassan Hussain Friday, September 11, 2009 1:11 PM
    Friday, September 11, 2009 1:10 PM
  • Hi:

    Thanks for your reply but unfortuantely that did not work. Now the app gets an authorization error even within the LAN....

    Saturday, September 12, 2009 12:40 PM
  • Hi John,

    I trust you replaced the lines of code below with actual valus for your MS CRM installation?

    token.OrganizationName = "ORGANIZATIONNAME";
    token.CallerId = new Guid("94092D6F-B367-DC11-9C93-0003FFDFCE28"); //ID OF AN MS CRM USER
    crmService.Url = "http://localhost/MSCRMServices/2007/CrmService.asmx"; //REPLACED LOCALHOST WITH THE NAME OF THE CRM SERVER WITH THE CORRECT PORT NUMBER.
    crmService.Credentials = new NetworkCredential("PrivUserName","PrivUserPassword","PrivUserDomain") //REPLACED USERNAME, PASSWORD AND DOMAIN VALUES.

    If you haven't please replace and test your code again. If you did then please debug your code and post the error message you are getting.


    Hassan Hussain | http://hassanhussain.wordpress.com/ | http://www.mscrmvirtualusergroup.com/
    Sunday, September 13, 2009 10:19 AM
  • Hi:

    yes I did, here is the exception:

    Login SOAP exception:
      Invalid user auth.
      System.Web.Services.Protocols.SoapException: Server was unable to process request.
       at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
       at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
       at ApiCrmSdk.CrmService.RetrieveMultiple(QueryBase query) in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\api\0bbd5583\e1eec40\App_WebReferences.vsugctv7.2.cs:line 343
       at rfp.cmdLoginImageButton_Click(Object sender, ImageClickEventArgs e) in http://server/api/ApiPortal.aspx.cs:line 151

    The user ID I am testing with in the code is a valid CRM user...
    Sunday, September 13, 2009 1:43 PM
  • Ok. Please also ensure that the user (you are trying to impersonate) is in the PrivUserGroup in Active Directory. That should fix this problem.


    Hassan Hussain | http://hassanhussain.wordpress.com/ | http://www.mscrmvirtualusergroup.com/
    • Marked as answer by Jim Glass Jr Monday, September 14, 2009 3:52 PM
    Sunday, September 13, 2009 5:25 PM
  • Hi Hassan:

    Thanks again for your notes, that seemed to do it! I need to run some more tests but so far seems OK...

    Monday, September 14, 2009 7:20 PM