CRM 2011 - Claims Based Authentication

All replies

• 

  

  1

  Sign in to vote

  Nothing would be stopping you from writing a claims-based interface for outside authentication into the  CRM as an outside WCF application that interfaces with CRM via the CRM web service.  Here is a link to the SDK: http://www.microsoft.com/download/en/details.aspx?id=24004

  The download page for the implementation guide also has a guide for using claims based auth with CRM: http://www.microsoft.com/download/en/details.aspx?id=3621

  This is usually in the context of an IFD (Internet Facing Deployment).

  ---

  Jamie Miley
  Check out my about.me profile!
  http://mileyja.blogspot.com
  Linked-In Profile
  Follow Me on Twitter!

  Friday, September 23, 2011 4:33 PM

  Moderator
• 

  

  0

  Sign in to vote

  Have the SDk.  Had hoped there would be a sample but there isn't.

  Surely someone has done this.

  The more I look the more questions I have.

  Ideally there would be a walthrough or case study showing how to write a class that interfaces with a custon SQL user store; how that is installed on the server; how to configure CRM and, further, how to add an extra field to the login form.

  I get the feeling that I need to build a custom login web site that produces a token and then I have to point CRM at it.

  Monday, September 26, 2011 2:29 PM
• 

  

  1

  Sign in to vote

  Well, to write a wcf claims-based provider that you would use for a proxy it would be no different than any other WCF claims-based scenario.  Here is an example: http://msdn.microsoft.com/en-us/library/ms730908.aspx

  In CRM, claims-based auth is used for IFD(Internet Facing Deployment) by default.  Here is a good tutorial for that scenario. http://www.interactivewebs.com/blog/index.php/server-tips/microsoft-crm-2011-how-to-configure-ifd-hosted-setup/

  ---

  Jamie Miley
  Check out my about.me profile!
  http://mileyja.blogspot.com
  Linked-In Profile
  Follow Me on Twitter!

  • Proposed as answer by Jim Glass Jr Monday, September 26, 2011 4:52 PM
  • Marked as answer by Gordon Johnston Tuesday, March 6, 2012 9:04 AM

  Monday, September 26, 2011 4:51 PM

  Moderator
• 

  

  0

  Sign in to vote

  Did this answer your question?

  ---

  Jamie Miley
  Check out my about.me profile!
  http://mileyja.blogspot.com
  Linked-In Profile
  Follow Me on Twitter!

  Monday, March 5, 2012 10:05 PM

  Moderator
• 

  

  0

  Sign in to vote

  Not quite sure as we decided to do things differently in the end.

  Seems strange that Microsoft would make it more difficult to write a provider for this kind of work. They have turned an easy stroll into a mountain climb!!

  Thanks for the help. I'll just avoid this kind of work from now on. It's too unpleasant and the documentation is non-existent or illegible.

  
  

  
  

  • Edited by Gordon Johnston Tuesday, March 6, 2012 9:09 AM

  Tuesday, March 6, 2012 9:08 AM
• 

  

  0

  Sign in to vote

  ADFS should basically be ADFS though.  Is it really harder in CRM than writing any other claims-based provider?  I am not saying it's not.  I haven't tried myself, just am curious as to what you found?  If you are referring to IFD being harder, I totally agree.  I think they should allow the previous way of doing it along with the new way myself.  With ADFS (the new way) it does provide a way to have any type of mechanism though (smartcards, LDAP, etc....).  The old way only did a translation between forms auth and internal AD.

  ---

  Jamie Miley
  Check out my about.me profile!
  http://mileyja.blogspot.com
  Linked-In Profile
  Follow Me on Twitter!

  Tuesday, March 6, 2012 2:27 PM

  Moderator