Microsoft Dynamics CRM 2013 SDK is not refreshing the security token RRS feed

  • Question

  • Greetings,

    We are developing application which is interacting with different versions and deployments of MS Dynamics CRM.
    For one of these CRMs we get this error message:
    System.ServiceModel.Security.MessageSecurityException: An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail. ---> System.ServiceModel.FaultException: ID3242: The security token could not be authenticated or authorized.

    Details for this CRM: Dynamics CRM 2015, On-Premise deployment with ADFS and IFD. The CRM and our app are on different servers.
    It is happening when our application has established connection and the same connection is used more than 60 minutes. I found that the default lifetime for security token is again 60 minutes.

    For every interaction with the CRM after this period we are getting the above error.

    More info for the Dynamics SDK in our app:
    For authentication we are using some of the helper classes in Microsoft Dynamics CRM 2013 SDK - SDK\SampleCode\CS\HelperCode\
    Also Microsoft Dynamics CRM 2013 SDK core assemblies -version 6.1.1

    What I can see from the code is that if the token is going to expire the next 15 or less minutes, it will be refreshed (re-authenticate):

    public void RenewTokenIfRequired()
        if (null != this._proxy.SecurityTokenResponse &&
            DateTime.UtcNow.AddMinutes(15) >= this._proxy.SecurityTokenResponse.Response.Lifetime.Expires)
            catch (CommunicationException)
                if (null == this._proxy.SecurityTokenResponse ||
                    DateTime.UtcNow >= this._proxy.SecurityTokenResponse.Response.Lifetime.Expires)
                // Ignore the exception 

    We are using the same code from CrmServiceHelpers.cs with no modifications.
    I tried to force the token refresh by setting AddMinutes(15) to 60 minutes, but the expiration time has not changed.
    I can provide a piece of the source code which is used by us to establish connection with Dynamics CRM.

    I really will appreciate some advices how at least to force security token refresh.

    Please let me know if you need more specific information.


    Thursday, April 14, 2016 9:19 AM

All replies

  • It seems that your Auto logout timeout is of 60 minutes.

    Which means, even when you login into your CRM through Web Browser, it`ll log you out after 60 minutes. This is the very reason, after every 60 minutes you get an error in your application.

    This can be solved by increasing the Auto logout timeout interval. This needs to be done on the ADFS server.

    1. Open PowerShell.

    2. If you are on ADFS 2.0, then use the below command or else skip to point 3.
    Add-PSSnapin Microsoft.Adfs.Powershell

    3. Then check the current TimeOut interval.
    Get-ADFSRelyingPartyTrust -Name:"Relying Party"

    4. Now, set the TimeOut interval as much you want to.
    Set-ADFSRelyingPartyTrust -TargetName "Relying Party" -TokenLifetime 480

    5. You can again check the new TimeOut Interval.
    Get-ADFSRelyingPartyTrust -Name:"Relying Party"

    480 in the point 4 is in minutes which means 8 hours.
    Relying Party example “auth.crm.com”



    Dynamics CRM MVP | Inogic | http://inogic.blogspot.com| news at inogic dot com

    If this post answers your question, please click "Mark As Answer" on the post and "Mark as Helpful"

    Friday, April 22, 2016 6:34 AM