locked
Portal Authentication and Login RRS feed

  • Question

  • When trying to access any authentication method such as Live ID, or Google, etc. The error message is displayed:

    We're sorry, but something went wrong.


    I have followed all the documentation for the setup of the Customer Portal as best is possible. Working around the inaccurate, and sometimes woeful, documentation.

    Problem 1: https://live.azure.com no longer exists. This problem has not been addressed on this forum properly. The site to configure the http://live.azure.com settings is now located at https://manage.windowsazure.com. I managed to get the settings from here for the web.config  <add name="Live" connectionString="Application Id=00000000nnnnnnnn; Secret=n..."/>

    Problem 2: Deployment is no longer possible using the method described in the documentation. I have deployed via Visual Studio 10. The project settings are 

    • Display the Windows Azure Debugging environment Dialog: True
    • Service Configuration: Cloud
    • Start Windows Azure storage emulator: False

     The deployment is successful and everything is running correctly in production mode.

    My relevant web.config sections are set-up as follows:

    <add name="Xrm" connectionString="ServiceUri=https://n.api.crm4.dynamics.com/XRMServices/2011/Organization.svc; UserName=n@n.com; Password=n; DeviceID=nnnn; DevicePassword='n!y;';"/>
    
    
    <add name="Live" connectionString="Application Id=00000000n; Secret=n"/>
    
    
    	<appSettings>
    		<add key="FederationMetadataLocation" value="https://n.accesscontrol.windows.net/FederationMetadata/2007-06/FederationMetadata.xml"/>
    	</appSettings>
    
    <microsoft.identityModel>
    		<service>
    			<audienceUris>
    				<add value="http://n2.cloudapp.net/"/>
    			</audienceUris>
    			<federatedAuthentication>
    				<wsFederation passiveRedirectEnabled="false" issuer="https://n.accesscontrol.windows.net/v2/wsfederation" realm="http://n2.cloudapp.net/" requireHttps="true"/>
    				<cookieHandler requireSsl="false"/>
    			</federatedAuthentication>
    			<issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
    				<trustedIssuers>
    					<add thumbprint="n..." name="https://n.accesscontrol.windows.net/v2/wsfederation"/>
    				</trustedIssuers>
    			</issuerNameRegistry>
    		</service>

    I know the CRM server is communicating with the Portal because the registration process using Invitation Code, Password Question, and Password Answer displays as would be expected.

    Any information would be appreciated.


    Thursday, October 4, 2012 3:28 PM

Answers

  • It seems like this was a generic error for what could have been a multitude of problems. I installed the Customer Portal my own hosted IIS server and used Windows Server 'Event Viewer' and check "Windows Logs > Application" to check for errors.

    My problem lay in the Authentication settings of the web.config file. Specifically I failed to add in the web.config:

    <certificateValidation certificateValidationMode="None"/>

    Within the web.config section referenced below. This setting was documented in the associated documentation "Portal Configuration Guide - Windows Azure ACS Authentication.doc"

    <configSections>

    <section name="microsoft.identityModel" type="Microsoft.IdentityModel.Configuration.MicrosoftIdentityModelSection, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>

    </configSections>

    <appSettings>

    <add key="FederationMetadataLocation" value="[WS-Federation Metadata]s"/>

    </appSettings>

    <microsoft.identityModel>

    <service>

    <audienceUris>

    <add value="[Realm URI]"/>

    </audienceUris>

    <federatedAuthentication>

    <wsFederation passiveRedirectEnabled="false" issuer="https://[Service Namespace].accesscontrol.windows.net/v2/wsfederation" realm="[Realm URI]

    requireHttps="true"/>

    <cookieHandler requireSsl="false"/>

    </federatedAuthentication>

    <issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">

    <trustedIssuers>

    <add thumbprint="[Thumbprint]" name="https://[Service Namespace].accesscontrol.windows.net/v2/wsfederation"/>

    </trustedIssuers>

    </issuerNameRegistry>

    <certificateValidation certificateValidationMode="None"/>

    </service>

    </microsoft.identityModel>

    </configuration>

    <input id="9905766d-87cb-4008-bfc0-c0072618003a_attachments" type="hidden" />
    • Marked as answer by mtsaisl Thursday, October 25, 2012 4:45 PM
    Thursday, October 25, 2012 4:44 PM

All replies

  • It seems like this was a generic error for what could have been a multitude of problems. I installed the Customer Portal my own hosted IIS server and used Windows Server 'Event Viewer' and check "Windows Logs > Application" to check for errors.

    My problem lay in the Authentication settings of the web.config file. Specifically I failed to add in the web.config:

    <certificateValidation certificateValidationMode="None"/>

    Within the web.config section referenced below. This setting was documented in the associated documentation "Portal Configuration Guide - Windows Azure ACS Authentication.doc"

    <configSections>

    <section name="microsoft.identityModel" type="Microsoft.IdentityModel.Configuration.MicrosoftIdentityModelSection, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>

    </configSections>

    <appSettings>

    <add key="FederationMetadataLocation" value="[WS-Federation Metadata]s"/>

    </appSettings>

    <microsoft.identityModel>

    <service>

    <audienceUris>

    <add value="[Realm URI]"/>

    </audienceUris>

    <federatedAuthentication>

    <wsFederation passiveRedirectEnabled="false" issuer="https://[Service Namespace].accesscontrol.windows.net/v2/wsfederation" realm="[Realm URI]

    requireHttps="true"/>

    <cookieHandler requireSsl="false"/>

    </federatedAuthentication>

    <issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">

    <trustedIssuers>

    <add thumbprint="[Thumbprint]" name="https://[Service Namespace].accesscontrol.windows.net/v2/wsfederation"/>

    </trustedIssuers>

    </issuerNameRegistry>

    <certificateValidation certificateValidationMode="None"/>

    </service>

    </microsoft.identityModel>

    </configuration>

    <input id="9905766d-87cb-4008-bfc0-c0072618003a_attachments" type="hidden" />
    • Marked as answer by mtsaisl Thursday, October 25, 2012 4:45 PM
    Thursday, October 25, 2012 4:44 PM
  • Hi mtsaisl!

    You write: "I managed to get the settings from here for the web.config  <add name="Live" connectionString="Application Id=00000000nnnnnnnn; Secret=n..."/>"

    Can you explain how exactly?

    Best regards

    Monday, November 12, 2012 9:39 AM
  • Check: https://manage.dev.live.com/Applications/Index to create a App ID and Secret.

    Not sure if this helpt for Azure ACS

    Friday, November 30, 2012 2:00 AM