locked
Exceptions trying to retrieve a list of CRM organizations RRS feed

  • Question

  • Hi! I'm trying to retrieve a list of the CRM orgs existing in a CRM server. I can accomplish that JUST in the CRM server AND logging as a deployment admin with this code.

    System.Net.ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };
    DeploymentServiceClient serviceClient = Microsoft.Xrm.Sdk.Deployment.Proxy.ProxyClientHelper.CreateClient(new Uri("https://myServer:443/XRMDeployment/2011/Deployment.svc"));
    var organizations = serviceClient.RetrieveAll(DeploymentEntityType.Organization);

    The problem comes when I try to add Credentials to the service as:

    serviceClient.ClientCredentials.Windows.ClientCredential = new System.Net.NetworkCredential();
                    serviceClient.ClientCredentials.Windows.ClientCredential.UserName = "DOMAIN\user";
                    serviceClient.ClientCredentials.Windows.ClientCredential.Password = "pass";
                    serviceClient.ClientCredentials.Windows.ClientCredential.Domain = "domain.local";

    it always throw me: 

    SOAP security negotiation with 'https://myServer/XRMDeployment/2011/Deployment.svc' for target 'https://myServer/XRMDeployment/2011/Deployment.svc' failed.

    So, next I tried is add the UPN in web.config.

      <servicePrincipalName>
        <system.serviceModel>
          <client>
            <endpoint>
              <identity>
                <userPrincipalName value="domain\user" />
              </identity>
            </endpoint>
          </client>
        </system.serviceModel>
        </servicePrincipalName>

    But now I get this exception:

    The type initializer for 'System.Net.ServicePointManager'

    Which I can't find much information about.

    1. If I want my app to be used externally from the CRM server, how can I add the credentials to the service?




    Monday, May 27, 2013 3:54 PM

Answers

  • After getting all possible exceptions and errors, my problem was an incorrect Discovery Uri, now I have set up it like:

    https://dev.'domain'.com/XRMServices/2011/Discovery.svc

    As is in any CRM org, that worked without any delegate for accept SSL connections and any extra configuration in web.config.

    Thanks for you replies!

    Wednesday, May 29, 2013 11:44 AM

All replies

  • Hi,

         It is best to refer to SDK for that. Here is the example for one of the same:

    http://msdn.microsoft.com/en-us/library/gg328180.aspx

       There is a class in SDK under amplecode\cs\helpercode called crmservicehelpers.cs. This is a great starting point for that.


    Hope this helps.
     
    -----------------------------------------------------------------------
     Minal Dahiya
     
    If this post answers your question, please click "Mark As Answer" on the post and "Vote as Helpful"

    • Proposed as answer by Minal Dahiya Tuesday, May 28, 2013 3:21 AM
    Tuesday, May 28, 2013 3:21 AM
  • Hi Minal, thank you for the answer but I already have checked that link, but what is not clear there is how to set up the credentials.
    Tuesday, May 28, 2013 9:22 AM
  • Is the CRM server configured to use Claims authentication, or AD ?

    In the meantime, you shouldn't specify the domain in both the UserName and Domain properties. Try:

    serviceClient.ClientCredentials.Windows.ClientCredential.UserName = "user";
                    serviceClient.ClientCredentials.Windows.ClientCredential.Password = "pass";
                    serviceClient.ClientCredentials.Windows.ClientCredential.Domain = "domain.local";


    Microsoft CRM MVP - http://mscrmuk.blogspot.com/ http://www.excitation.co.uk

    Tuesday, May 28, 2013 10:08 AM
    Moderator
  • Hi David! thank you! the system uses claims authentication. I tried also like you say, but I got this error:

    - The caller was not authenticated by the service
    - The request for security token could not be satisfied because authentication failed

    And when I add the domain to the user

    serviceClient.ClientCredentials.Windows.ClientCredential.UserName = "domain\user";
    serviceClient.ClientCredentials.Windows.ClientCredential.Password = "pass";
    serviceClient.ClientCredentials.Windows.ClientCredential.Domain = "domain.local";
    At least I get the exception:
    SOAP security negotiation with '' failed
    Tuesday, May 28, 2013 10:25 AM
  • Hi,

         For ClientCredential.UserName put only username. Do not put any domain there.

    Minal

    Tuesday, May 28, 2013 10:37 AM
  • Yes, I did and I get the first two exceptions. thanks
    Tuesday, May 28, 2013 10:39 AM
  • Please change the code to following

    ClientCredentials creds = new ClientCredentials();
                    //  Credentials
                      creds.Windows.ClientCredential = new  System.Net.NetworkCredential(userName, password, domain);
                      OrganizationServiceProxy service = new OrganizationServiceProxy(new  Uri(orgURL), null, creds, null);

    Minal

    Tuesday, May 28, 2013 10:46 AM
  • With Claims authentication you should use a ClientCredentials instance, rather than a Windows.ClientCredential

    The code should be something like:

    serviceClient.ClientCredentials = new ClientCredentials();
                    serviceClient.ClientCredentials.UserName.UserName = "DOMAIN\user";
                    serviceClient.ClientCredentials.UserName.Password = "pass";


    Microsoft CRM MVP - http://mscrmuk.blogspot.com/ http://www.excitation.co.uk

    Tuesday, May 28, 2013 10:50 AM
    Moderator
  • Thank you for let me know David! 

    If I set up the credentials like you said, I get an 'Access is denied' message.

    My complete code is:

    System.Net.ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };
    
    DeploymentServiceClient serviceClient = Microsoft.Xrm.Sdk.Deployment.Proxy.ProxyClientHelper.CreateClient(new Uri("https://myServer:443/XRMDeployment/2011/Deployment.svc"));
                    
    serviceClient.ClientCredentials.UserName.UserName = "user";
    serviceClient.ClientCredentials.UserName.Password = "pass";
    
    var organizations = 
    serviceClient.RetrieveAll(DeploymentEntityType.Organization);
    Tuesday, May 28, 2013 11:48 AM
  • The way I've addressed similar requirements previously is to start from the SDK helper code (specifically the ServerConnection class), and extend the code to pass usernames and passwords, rather than reading them from the Console

    Microsoft CRM MVP - http://mscrmuk.blogspot.com/ http://www.excitation.co.uk

    Tuesday, May 28, 2013 2:52 PM
    Moderator
  • Enabling the System.Service.Model trace, I have seen this error:

    Security processor was unable to find a security header in the message. This might be because the message is an unsecured fault or because there is a binding mismatch between the communicating parties. This can occur if the service is configured for security and the client is not using security

    From what I have read, I trying now to make the request and response match, because the server im calling is on premise and the cert will be always sure.

    But now I.m not lucky with the tries like:

    System.Net.ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };

    Neither in web.config

    <security
        authenticationMode="UserNameOverTransport"
        enableUnsecuredResponse="true"
        includeTimestamp="false">
      </security>

    Any help with this? Thanks!

    Wednesday, May 29, 2013 10:10 AM
  • After getting all possible exceptions and errors, my problem was an incorrect Discovery Uri, now I have set up it like:

    https://dev.'domain'.com/XRMServices/2011/Discovery.svc

    As is in any CRM org, that worked without any delegate for accept SSL connections and any extra configuration in web.config.

    Thanks for you replies!

    Wednesday, May 29, 2013 11:44 AM