locked
How to retrieve data from CRM RRS feed

  • Question

  • Hi,

    I have configured CRM on-premise installation with claim based authentication. I am using ADFS 2.0 as STS service.

    I have received SAML token for CRM on-premises installation using ADFS.

    I have used the following code to get the response from "Organization Service".

    HttpWebRequest req = (HttpWebRequest)HttpWebRequest.Create("https://server/XRMServices/2011/OrganizationData.svc/LeadSet");
    req.Method = "GET";
    req.ContentType = "application/xml";
    req.Headers["Authorization"] = samlToken;
    IAsyncResult token = req.BeginGetResponse(new AsyncCallback(GetStatusesCallBack), req);

    but the web response came as "Unauthorized". In fact it sends login page where as expected result is "LeadSet". It seems it is not recognizing SAMl token sent on "Authorization" header.

    Please help.

    Thursday, March 3, 2011 2:51 PM

Answers

  • Hi All,

    I have changed my authorization header

    string

     

    Token_64Base = Convert.ToBase64String(System.Text.Encoding.ASCII.GetBytes(samltoken));

    req.Headers[

    "Authorization"] = "Negotiate " + Token_64Base;

    Yes this time server recognize it as authorization header but it returns "401"(Unauthorized) error.

    So, Is there any way of encoding mechanism which will tell CRM server that the authorization header is valid.

    Do folks have any other idea to share?

     

    Thanks & Regards,

    Surojit

    Wednesday, March 9, 2011 2:12 PM

All replies

  • Please display how you are initializing samlToken?

    I am guessing it might be a cause of your issue.


    Jamie Miley
    Thursday, March 3, 2011 3:15 PM
    Moderator
  • Hi Jamie,

    This is following code sample I have used to retrieve SAML token.

     

    public static string GetSamlClaim(string samlVersion, string tokenRequestUri)

    {

     

    WSTrustChannelFactory trustChannelFactory =

     

    new WSTrustChannelFactory(new KerberosWSTrustBinding(SecurityMode.TransportWithMessageCredential),

     

    new EndpointAddress(new Uri("https://server/adfs/services/trust/13/kerberosmixed")));

     

    trustChannelFactory.Credentials.UserName.UserName =

    @"domain\username";

    trustChannelFactory.Credentials.UserName.Password =

    "passwd";

    trustChannelFactory.TrustVersion =

    TrustVersion.WSTrust13;

     

    try

    {

     

    RequestSecurityToken rst =

     

    new RequestSecurityToken(WSTrust13Constants.RequestTypes.Issue, WSTrust13Constants.KeyTypes.Bearer);

     

    Uri appliesTo = new Uri(tokenRequestUri);

     

    UriBuilder builder = new UriBuilder(appliesTo);

    rst.AppliesTo =

    new EndpointAddress(builder.Uri);

     

    switch (samlVersion)

    {

     

    case "SAML1.1":

    rst.TokenType = Microsoft.IdentityModel.Tokens.

    SecurityTokenTypes.Saml11TokenProfile11;

     

    break;

     

    case "SAML2.0":

    rst.TokenType = Microsoft.IdentityModel.Tokens.

    SecurityTokenTypes.Saml2TokenProfile11;

     

    break;

     

     

    default:

     

    throw new ArgumentException("Passed unsupported value", "samlVersion");

    }

     

    WSTrustChannel channel = (WSTrustChannel)trustChannelFactory.CreateChannel();

     

    GenericXmlSecurityToken token = channel.Issue(rst) as GenericXmlSecurityToken;

     

    string tokenString = token.TokenXml.OuterXml;

     

    return tokenString;

    }

     

    catch (Exception ex)

    {

     

     

    }

     

    finally

    {

    trustChannelFactory.Close();

    }

     

    return "";

    }

    Please advise.

    Friday, March 4, 2011 6:12 AM
  • I have an idea.

     You have an empty catch block from your try catch.  I would see if you have an exception occurring in your code.


    Jamie Miley
    Friday, March 4, 2011 6:27 PM
    Moderator
  • Hi Jamie, I have checked my "Catch" block. I didn't find any error while issuing SAML token for CRM 2011. Please help I am totally clueless why CRM 2011 is not working.
    Monday, March 7, 2011 9:09 AM
  • Hi Sam,

    Please try to connect directly to the web services (https://server/adfs/services/trust/13/kerberosmixed) through browser with the help of username and password.

    Or you can use soap-ui.

    I think the issue is with the username and password only and not with the process.

    Regards,
    Joshi

     

     

     

     

     


    Joshi
    Monday, March 7, 2011 9:54 AM
  • Hi Joshi,

    Thanks for your co-operation. It seemed that there is no problem with "username" & "password". But I have checked the "Event Viewer" log.

    Error log as follows

    =================================================================================

    Log Name: Application Source: ASP.NET 4.0.30319.0 Date: 3/8/2011 3:40:28 PM Event ID: 1309 Task Category: Web Event Level: Warning Keywords: Classic User: N/A Computer: Win-2k8-64-MCoE.mobcoe.com Description: Event code: 3005 Event message: An unhandled exception has occurred. Event time: 3/8/2011 3:40:28 PM Event time (UTC): 3/8/2011 10:10:28 AM Event ID: a0365d9d5e91453db60e8338acee5538 Event sequence: 74 Event occurrence: 13 Event detail code: 0 Application information: Application domain: /LM/W3SVC/2/ROOT-1-129439528676676858 Trust level: Full Application Virtual Path: / Application Path: C:\Program Files\Microsoft Dynamics CRM\CRMWeb\ Machine name: WIN-2K8-64-MCOE Process information: Process ID: 4804 Process name: w3wp.exe Account name: NT AUTHORITY\NETWORK SERVICE Exception information: Exception type: ArgumentException Exception message: ID0013: The value must be an absolute URI. Parameter name: value at Microsoft.IdentityModel.Protocols.WSFederation.WSFederationMessage.SetUriParameter(String parameter, String value) at Microsoft.Crm.Authentication.Claims.CrmFederatedAuthenticationModule.SendToIdentityProvider(RedirectLocation redirectLocation) at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) Request information: Request URL: https://servername/XRMServices/2011/OrganizationData.svc/LeadSet Request path: /XRMServices/2011/OrganizationData.svc/LeadSet User host address: 127.0.0.1 User: Is authenticated: False Authentication Type: Thread account name: NT AUTHORITY\NETWORK SERVICE Thread information: Thread ID: 37 Thread account name: NT AUTHORITY\NETWORK SERVICE Is impersonating: True Stack trace: at Microsoft.IdentityModel.Protocols.WSFederation.WSFederationMessage.SetUriParameter(String parameter, String value) at Microsoft.Crm.Authentication.Claims.CrmFederatedAuthenticationModule.SendToIdentityProvider(RedirectLocation redirectLocation) at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) Custom event details: Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="ASP.NET 4.0.30319.0" /> <EventID Qualifiers="32768">1309</EventID> <Level>3</Level> <Task>3</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2011-03-08T10:10:28.000Z" /> <EventRecordID>8735</EventRecordID> <Channel>Application</Channel> <Computer>Win-2k8-64-MCoE.mobcoe.com</Computer> <Security /> </System> <EventData> <Data>3005</Data> <Data>An unhandled exception has occurred.</Data> <Data>3/8/2011 3:40:28 PM</Data> <Data>3/8/2011 10:10:28 AM</Data> <Data>a0365d9d5e91453db60e8338acee5538</Data> <Data>74</Data> <Data>13</Data> <Data>0</Data> <Data>/LM/W3SVC/2/ROOT-1-129439528676676858</Data> <Data>Full</Data> <Data>/</Data> <Data>C:\Program Files\Microsoft Dynamics CRM\CRMWeb\</Data> <Data>WIN-2K8-64-MCOE</Data> <Data> </Data> <Data>4804</Data> <Data>w3wp.exe</Data> <Data>NT AUTHORITY\NETWORK SERVICE</Data> <Data>ArgumentException</Data> <Data>ID0013: The value must be an absolute URI. Parameter name: value at Microsoft.IdentityModel.Protocols.WSFederation.WSFederationMessage.SetUriParameter(String parameter, String value) at Microsoft.Crm.Authentication.Claims.CrmFederatedAuthenticationModule.SendToIdentityProvider(RedirectLocation redirectLocation) at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) </Data> <Data>https://servername/XRMServices/2011/OrganizationData.svc/LeadSet</Data> <Data>/XRMServices/2011/OrganizationData.svc/LeadSet</Data> <Data>127.0.0.1</Data> <Data> </Data> <Data>False</Data> <Data> </Data> <Data>NT AUTHORITY\NETWORK SERVICE</Data> <Data>37</Data> <Data>NT AUTHORITY\NETWORK SERVICE</Data> <Data>True</Data> <Data> at Microsoft.IdentityModel.Protocols.WSFederation.WSFederationMessage.SetUriParameter(String parameter, String value) at Microsoft.Crm.Authentication.Claims.CrmFederatedAuthenticationModule.SendToIdentityProvider(RedirectLocation redirectLocation) at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) </Data> </EventData> </Event> ====================================================================================

    Thanks & Regards,

    Surojit

    Tuesday, March 8, 2011 10:43 AM
  • Hi All,

    I have changed my authorization header

    string

     

    Token_64Base = Convert.ToBase64String(System.Text.Encoding.ASCII.GetBytes(samltoken));

    req.Headers[

    "Authorization"] = "Negotiate " + Token_64Base;

    Yes this time server recognize it as authorization header but it returns "401"(Unauthorized) error.

    So, Is there any way of encoding mechanism which will tell CRM server that the authorization header is valid.

    Do folks have any other idea to share?

     

    Thanks & Regards,

    Surojit

    Wednesday, March 9, 2011 2:12 PM
  • Did you ever get this issue resolved?  If so, How?

    Jamie Miley
    Check out my about.me profile!
    http://mileyja.blogspot.com
    Linked-In Profile
    Follow Me on Twitter!

    Wednesday, May 2, 2012 1:26 PM
    Moderator