Call localhost endpoints on IFD deployment RRS feed

  • Question

  • We have a loadbalanced deployment with 3 front end servers. While processing async plugins we make calls out to other organizations on the same deployment, but the IFD url is load balanced (https://orgname.domain.com) thus causing a hit out to the loadbalancer and back (unnecessary). I would like to be able to make a call directly to the server the process is running on (http://localhost/orgname) however I run into a few issues:

    1) When initializing the service the server redirects from http -> https so the resulting url is https://localhost/orgname, not a huge problem, except...

    2) Causes invalid server certificate...

    easy enough to get around

    ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) =>
    	var request = sender as HttpWebRequest;
    	return (request != null && (request.Host == "localhost" || request.Host == "")) || sslPolicyErrors == SslPolicyErrors.None;

    3) This is the show stopper, I receive an exception saying it cannot authenticate:

    System.InvalidOperationException: The user authentication failed! 
       at Microsoft.Xrm.Sdk.ClientExceptionHelper.Assert(Boolean condition, String message) 
       at Microsoft.Xrm.Sdk.Client.ServiceProxy`1.AuthenticateCore() 
       at Microsoft.Xrm.Sdk.Client.ServiceProxy`1.ValidateAuthentication() 
       at Microsoft.Xrm.Sdk.Client.ServiceContextInitializer`1.Initialize(ServiceProxy`1 proxy) 
       at Microsoft.Xrm.Sdk.Client.OrganizationServiceContextInitializer..ctor(OrganizationServiceProxy proxy) 
       at Microsoft.Xrm.Sdk.Client.OrganizationServiceProxy.ExecuteCore(OrganizationRequest request) 

    So I can get around 1 and 2... anyone have any suggestions for #3?

    One alternative is to resolve the local machine name and fqdn and use that, but I'd still like to see why I'm getting the Unable to authenticate. Below is the code to generate the service:

    public IOrganizationService LocalHostOrganizationService(string orgUrlName, TimeSpan timeout, bool enableProxyTypes = true)
    	var organizationUri = new Uri(string.Format(OrganizationServiceUrl(AuthenticationProviderType.ActiveDirectory), orgUrlName, "localhost"));
    	var creds = new ClientCredentials();
    	creds.Windows.ClientCredential = new NetworkCredential();
    	creds.Windows.ClientCredential.UserName = _auth.Domain + "\\" + _auth.UserName;
    	creds.Windows.ClientCredential.Password = _auth.Password;
    	var serviceProxy = new OrganizationServiceProxy(organizationUri, null, creds, null);
    	if (enableProxyTypes)
    		serviceProxy.ServiceConfiguration.CurrentServiceEndpoint.Behaviors.Add(new ProxyTypesBehavior());
    	serviceProxy.Timeout = timeout;
    	return serviceProxy;
    private string OrganizationServiceUrl(AuthenticationProviderType authType)
    	var url = (_auth.UseSSL ? "https" : "http");
    	switch (authType)
    		case (AuthenticationProviderType.ActiveDirectory):
    			url += "://{1}/{0}/XRMServices/2011/Organization.svc";
    			url += "://{0}.{1}/XRMServices/2011/Organization.svc";
    	return url;

    Thank you in advance for your help. If you think you may be able to help with any of my unanswered threads please look at them here

    Wednesday, September 4, 2013 9:58 PM