locked
Authentication from web application RRS feed

  • Question

  • Hi All,

    I've just started to use CRM 2011 and I'm trying to create simple external facing web app that has login page and once user(users in AD) logins in displays some information relevant to them.  I'm unsure on how to carry out the authentication on login page, would I implement the IOrganizationService class and authenticate user or are there any CRM helper classes that can be used?

    Or can I use same logic as IFD login page?

    Any feedback appreciated.

    Thanks

    Tuesday, April 28, 2015 2:27 PM

Answers

  • As the web users also users in Crm ?

    If so, it is likely that you'll want to pass their user information through the calls to the IOrganizationService. There are 2 options:

    1. Use AD authentication for your web app and Crm. You can use AD impersonation (using DefaultCredentials), though if the web app is on a different server from Crm, then you'll need AD delegation
    2. Use claims authentication. For this to work you'll need to setup trusts for your web app in ADFS

    Of these, no.1 is probably simpler, mostly because I don't think there's much documentation on no.2

    If the web users are not Crm users, then you may as well use the same account for all Crm access, then you'll need your own logic to determine what information is relevant to the user, depending on where that information is stored


    Microsoft CRM MVP - http://mscrmuk.blogspot.com/ http://www.excitation.co.uk

    • Marked as answer by MKeshv Wednesday, April 29, 2015 8:18 AM
    Tuesday, April 28, 2015 6:10 PM
    Moderator

All replies

  • As the web users also users in Crm ?

    If so, it is likely that you'll want to pass their user information through the calls to the IOrganizationService. There are 2 options:

    1. Use AD authentication for your web app and Crm. You can use AD impersonation (using DefaultCredentials), though if the web app is on a different server from Crm, then you'll need AD delegation
    2. Use claims authentication. For this to work you'll need to setup trusts for your web app in ADFS

    Of these, no.1 is probably simpler, mostly because I don't think there's much documentation on no.2

    If the web users are not Crm users, then you may as well use the same account for all Crm access, then you'll need your own logic to determine what information is relevant to the user, depending on where that information is stored


    Microsoft CRM MVP - http://mscrmuk.blogspot.com/ http://www.excitation.co.uk

    • Marked as answer by MKeshv Wednesday, April 29, 2015 8:18 AM
    Tuesday, April 28, 2015 6:10 PM
    Moderator
  • Thanks for your response DavidJennaway, your answer has helped point me in the right direction.

    The web users will also be CRM Users and the application will probably be on CRM server and if not thanks to your answer I'll know what to do.

    Regarding option 1 after user enters credentials, would AD authentication be carried out first and if successful then would we pass the user info to CRM services?

    Wednesday, April 29, 2015 8:18 AM