locked
Caller was not authenticated by the service error - CRM 2011 Deployment wcf service method call over SSL? RRS feed

  • Question

  • I am trying to utilize CRM 2011 deployment service for CRM 2011 management in a custom made vb.net application. P*lease do not tell me that i should deployment manager for my operations as i have to develop this custom application tailored to teh specific requirements for my organization.*

    Everything works fine when i use http but when i try to connect call a method of deployment service using SSL (HTTPS is enabled at the server)

    Here is my relevant client configurtion for HTTPS/SSL only.

     

    <binding name="CustomBinding_IDeploymentServiceHttps">
          <security defaultAlgorithmSuite="Default" authenticationMode="SspiNegotiatedOverTransport"
                        requireDerivedKeys="false" securityHeaderLayout="Strict" includeTimestamp="true"
                        keyEntropyMode="CombinedEntropy" protectTokens="false" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
                        requireSecurityContextCancellation="true">
            <localClientSettings cacheCookies="true" detectReplays="false"
                replayCacheSize="900000" maxClockSkew="00:05:00" maxCookieCachingTime="Infinite"
                replayWindow="00:05:00" sessionKeyRenewalInterval="10:00:00"
                sessionKeyRolloverInterval="00:05:00" reconnectTransportOnFailure="true"
                timestampValidityDuration="00:05:00" cookieRenewalThresholdPercentage="60" />
            <localServiceSettings detectReplays="false" issuedCookieLifetime="10:00:00"
                maxStatefulNegotiations="128" replayCacheSize="900000" maxClockSkew="00:05:00"
                negotiationTimeout="00:01:00" replayWindow="00:05:00" inactivityTimeout="00:02:00"
                sessionKeyRenewalInterval="15:00:00" sessionKeyRolloverInterval="00:05:00"
                reconnectTransportOnFailure="true" maxPendingSessions="128"
                maxCachedCookies="1000" timestampValidityDuration="00:05:00" />
            <secureConversationBootstrap />
          </security>
          <textMessageEncoding maxReadPoolSize="64" maxWritePoolSize="16"
              messageVersion="Default" writeEncoding="utf-8">
            <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                maxBytesPerRead="4096" maxNameTableCharCount="16384" />
          </textMessageEncoding>
          <httpsTransport manualAddressing="false" maxBufferPoolSize="524288"
              maxReceivedMessageSize="65536" allowCookies="false" authenticationScheme="Anonymous"
              bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
              keepAliveEnabled="true" maxBufferSize="65536" proxyAuthenticationScheme="Anonymous"
              realm="" transferMode="Buffered" unsafeConnectionNtlmAuthentication="false"
              useDefaultWebProxy="true" requireClientCertificate="false" />
        </binding>
    
    
    and

     

     

    <client>
      <!-- Deployment Service Endpoints HTTP,HTTPS-->
      <endpoint address="http://10.40.30.20:5555/XRMDeployment/2011/Deployment.svc"
        binding="customBinding" bindingConfiguration="CustomBinding_IDeploymentService"
        contract="CRM2011DeploymentSvc.IDeploymentService" name="CustomBinding_IDeploymentService">
        <identity>
          <userPrincipalName value="LAB2010\administrator" />
        </identity>
      </endpoint>
      <endpoint address="https://www.mydomain.com/XRMDeployment/2011/Deployment.svc"
                binding="customBinding" bindingConfiguration="CustomBinding_IDeploymentServiceHttps"
                contract="CRM2011DeploymentSvc.IDeploymentService" name="CustomBinding_IDeploymentServiceHttps" />
    </client>
    
    

     


    I am using the following code in my asp.net application

     

    Dim DomainCredentials As New NetworkCredential(ADUserName, ADPassword, DomainNETBIOS)
     If CRMDeploymentServiceURl.Trim().ToLower().StartsWith("https://") Then
                _CrmDeployService = New DepSvc.DeploymentServiceClient("CustomBinding_IDeploymentServiceHttps")
            Else
                _CrmDeployService = New DepSvc.DeploymentServiceClient("CustomBinding_IDeploymentService")
            End If
            _CrmDeployService.ClientCredentials.Windows.ClientCredential = DomainCredentials
            _CrmDeployService.Endpoint.Address = New EndpointAddress(New Uri(CRMDeploymentServiceURl))
            _CrmDeployService.Endpoint.Binding.CloseTimeout = New TimeSpan(0, 30, 0)
            _CrmDeployService.Endpoint.Binding.OpenTimeout = New TimeSpan(0, 30, 0)
            _CrmDeployService.Endpoint.Binding.ReceiveTimeout = New TimeSpan(0, 30, 0)
            _CrmDeployService.Endpoint.Binding.SendTimeout = New TimeSpan(0, 30, 0)
    
    

     

    The above code is used just for initialization of the service which works fine and does not give any error. Later on when i call a method using _CrmDeployService object , everything works fine over http but not over https/SSL

    Please tell what can i do to communicate to the HTTPS secured Deployment service without using any client certificate. (SSL certificate from DigiCert is already installed on the server and crm 2011 deployment webservice can be browsed over SSL in any web browser. What other certificate do i need and why?)

    Also IIS settings have been done as needed. WCf service is browesable over SSL/https via web browser.) I have tried anonymous authentication as well as authentication via a domain user at the server and handled the same in code as well.

    Is there any configuration change that i need to make? Is this a WCF specific issue. I have tried solutions posted on stackoverflow as well as over msdn but to no avail. I cannot change the server's web.config and i must not use a client certificate but i can use any credentials required for authentication and i must achieve it over SSL. Please help. Thanks

     


    ~~ A man's dreams are an index to his Greatness ~~


    • Edited by timematcher Monday, September 19, 2011 5:06 AM
    Monday, September 19, 2011 4:57 AM