locked
SecurityException when calling custom WebService from CRM Plugin RRS feed

  • Question

  • Hi,

    I've problems connecting my CRM 2011 plugin to a custom WebService (NAV WebService in my case, runs on other server as CRM). I get following exception:

    Unexpected exception from plug-in (Execute):

    System.Security.SecurityException: Request for the permission of type "System.Security.Permissions.EnvironmentPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089".

    WebService is added to my project as Web Reference. My code is quite simple:

     var ws = new CrmServices();
     ws.UseDefaultCredentials = true;
    
     entity["ad_custno"] = ws.GetNextContactNo(); 

    Assembly is registered in SandBox Isolation Mode and stored in database.

    Plugin is registered on Update Message, Pre-operation and runs in calling user's context.

    When I run same code from within a console application, everything works fine - my WebService is accessible.

    I tried already to add a user in NAV, under which my MSCRSandbox service runs - no luck.

    MSDN says EnvironmentPermission Class controls access to system and user environment variables. Strange, what for does CRM need environment variables?

    Thursday, March 1, 2012 8:04 AM

Answers

All replies

  • Are you getting this error only when you trying to access this webservice from sandbox plugin ?? if yes, which port is used in your custom webservice?

    Mahain : Check My Blog
    Follow me on Twitter
    Make sure to "Vote as Helpful" and "Mark As Answer",if you get answer of your question.

    Thursday, March 1, 2012 8:14 AM
    Moderator
  • Are you getting this error only when you trying to access this webservice from sandbox plugin ?? if yes, which port is used in your custom webservice?

    it's port 7057, here my Url: http://-navserver-:7057/DynamicsNAV/WS/-Company-/Codeunit/CrmServices.

    I tried to hardcode my WS Url and Credentials, and it works now

     ws.Url = @"http://-navserver-:7057/DynamicsNAV/WS/-Company-/Codeunit/CrmServices";
     ws.UseDefaultCredentials = false;
     ws.Credentials = new NetworkCredential("user@domain", "pass");

    but this is not a good solution I think.

    I found this article. It's about WinForms but points a problem when accessing UserName property under local intranet (we're running CRM and NAV in local intranet)

    Thursday, March 1, 2012 8:32 AM
  • The use of DefaultCredentials requires the EnvironmentPermission code access permission - see http://msdn.microsoft.com/en-us/library/system.net.credentialcache.defaultcredentials.aspx

    If you register the plugin to run in the sandbox, then you don't get the EnvironmentPermission code access permission, so I see two possible options:

    1. Don't run the plugin in the sandbox
    2. Pass credentials by explicitly creating a NetworkCredential. A reasonable way to secure these credentials would be to read them from the Secure Configuration string that can be specified when registering the plugin

    Microsoft CRM MVP - http://mscrmuk.blogspot.com  http://www.excitation.co.uk


    Thursday, March 1, 2012 10:37 AM
    Moderator