CRM 4.0 Authentication and IFD RRS feed

  • Question


    Hi All


    Wondering if anyone can shed any light on a problem we have with CRM 4.0


    We have implented CRM 4.0 with HMC 4.0 for multi-tenancy, although I'm sure that bit at the moment is irrelivant.


    1. I don't seem to be able to get the web form login for CRM, it just prompts for a username/password via the usual windows login box


    2. As soon as I use the IFD tool and switch IFD on, the publishing of the site (external via ISA 2006 or internally) goes and I'm unable to log on at all.


    Is there some config to choose what type of login/authentication CRM 4.0 uses? or any detailed info links where I can get a bit more info?



    Wednesday, August 20, 2008 7:44 AM


All replies

  • Have you used Tools>Check DNS? What did it say? Remember to create the DNS record.

    What you should see is the blue page asking for your username and password and not the basic Windows authentication.
    Thursday, August 21, 2008 6:31 AM
  • Thanks for the reply.


    We have multiple organisations created but the check dns option doesn't complain about the one organisation I'm trying to troubleshoot (the other are test at the moment and I haven't setup DNS for those yet so it does show it cannot resolve them).


    Internally and externally I can access the published website (via ISA 2006), but I don't get any nice blue form page asking for a login, just the basic authentication type windows user name and password window. As soon as I activate the IFD + On Premise setting in the tool this all stops working... despite what I believe are the correct IP and domain values.





    Thursday, August 21, 2008 9:59 AM
  • I almost had the same problem as you have. If you have, you might want to check if the domain you have, say: orgname.company.com is linked with your external IP.
    Friday, August 22, 2008 9:10 AM
  • Justin and others,


    I'd recommend looking at the new deployment guide for Hosted CRM 4.0 in an HMC environment at http://www.microsoft.com/downloads/details.aspx?FamilyID=e47b0f2a-5d94-4bd3-9a14-d6318ee4c7cd&DisplayLang=en


    Specifically, look at the guidance (steps) in the deployment guide around the IFD site configuration.  You need two network segments for this and to configure the IFD address and subnet appropriately for each.


    Let me know if you need more help..



    Friday, September 12, 2008 12:13 AM
  • Make sure that when you specify the ad and external domain, you don't include the prefix--just domain.com (whatever the domain is--don't enter anything like crm.domain.com).


    Here is a great post about conquering some of the challenges of IFD in ISA.




    Friday, September 12, 2008 2:37 AM
  • Hi,


    This might be a bit late but I just solved this problem for our organization and thought I´d share it with you. We also had the double login issue and we got rid of the first login (Windows login box) by disabling Windows integrated authentication on the CRM site in IIS.

    After this we only have to log in via the CRM website. I don´t have any answer for you second question though...



    Thursday, October 30, 2008 11:18 AM
  • Hi All,

    I am facing issues related to development specific to IFD. We have an On-premise implementation working fine for MSCRM 4.0. Now we trying to set up IFD for the system.


    All the DNS mapping have been done successfully and the organizations are resolved via DNS server.


    1) The issue is with authentication for IFD. I am using CrmImpersonator class and

    ExtractCrmAuthenticationToken method. A CrmService object is created but its CrmTicket value is a null string.

    So when i actually use the service object it says 401 unauthorised error.

    The context object used is System.Web.HttpContext.Current. (The application is a 3 tier architecture and all this is being done in BusinessTier).


    My Code is:-


    using (new Microsoft.Crm.Sdk.CrmImpersonator())



    Microsoft.Crm.Sdk.CrmAuthenticationToken token = Microsoft.Crm.Sdk.CrmAuthenticationToken.ExtractCrmAuthenticationToken(System.Web.HttpContext.Current, strOrgName);

    token.OrganizationName = orgname;
    token.AuthenticationType = 0;
    objService.CrmAuthenticationTokenValue = token;

    objService.Credentials = CredentialCache.DefaultCredentials;

    objService.Url = MyServiceUrl;   // http://org.domainStick out tongueort/MSCrmServices/2007/CrmService.asmx


    // testing service object

    account newTest = new account();

    newTest.name = "Test Account";

    newTest.ownerid = new Owner();

    newTest.ownerid.type = EntityName.systemuser.ToString();

    newTest.ownerid.Value = token .CallerId;

    Guid accId = objService.Create(newTest);




    Can anyone please point out to where the problem could be.


    2) Also, I am able to access this organization both internally as well as externally and SignIn page opens. After this signIn if i access some record in teh organization, it prompts me for the windows integrated username and password again. I am not sure what settings make this happen.





    Wednesday, January 28, 2009 3:50 AM
  • Hi,


    I am facing a similar problem too..

    I am trying to create a crm service object in an IFD environment .

    I get the error "UserId not found for the current user on the context".

    The code I have been using to create CRM service is as below:


    using (new CrmImpersonator())


    CrmAuthenticationToken token;

    string orgname = "Test";

    string crmurl = ConfigurationManager.AppSettings["CrmServiceUrl"].ToString();

    token = CrmAuthenticationToken.ExtractCrmAuthenticationToken(Context, orgname);


    token.OrganizationName = orgname;

    token.AuthenticationType = 0;

    //Create the Service

    CrmService service = new CrmService();

    service.Credentials = System.Net.CredentialCache.DefaultCredentials;

    service.CrmAuthenticationTokenValue = token;

    service.Url = crmurl;

    account account = new account();

    account.name = "Account : " + DateTime.Now.TimeOfDay.ToString();


    account.ownerid = new Owner("systemuser", token.CallerId);





    In my custom web application's running under ISV I have removed httpmodules by adding following line s in web.config
    <remove name="CrmAuthentication"/>
    <remove name="MapOrg"/>

     As httpmodule is cleared the logged in user's information becomes unavailable in the context due to which the above  code fails giving the error  "UserId not found for the current user on the context".

    If I dont clear the httpmodules cRM the custom web pages do not work.


     Thanks In Advance


    Tuesday, May 25, 2010 7:13 PM