locked
Web Service Authentication Claims Based or Kerberos (NTLM) RRS feed

  • Question

  • Dear Community,

    i have a question if i configure Claims Based Authentication on my Dynamics Crm 2011 OnPremise Installation does the Authemtication method also change for the Webservices?

    Right now my Middleware (Java) is connection to CRM with a Kerberos Connfiguration in the Connector File but when i switch the Authentication Method to Claims Based in CRM the Connector doesnt work anymore, which makes me believe that if i change th e Authentication Method for the CRM (Users) the Webservice is also affected, can someone confirm that.

    Regards, Thomas

    Friday, November 29, 2013 9:07 AM

All replies

  • You must have both ends with the same protocol. if you switch CRM to claims, whatever try to access it from another AD needs to use claims. Same Kerberos, both ends need Kerberos.

    Is your CRM running IFD also? You could change your Java to connect using IFD. it implies on coding but I had people using PHP to access CRM though the internet


    I Hope I could help. If I have answered please mark as 'Answer'. If was just helpful, please vote. Thanks and happy coding! Bruno Lucas, http://dynamicday.wordpress.com/


    • Edited by SH_2017 Saturday, November 30, 2013 12:51 AM
    Saturday, November 30, 2013 12:17 AM
  • Hello,

    When you configure IFD authentication changes as well. I now nothing about Java development but following articles demonstrate diffirences between authentication against AD and IFD:

    AD:

    ClientCredentials credentials = new ClientCredentials();
    credentials.Windows.ClientCredential = new NetworkCredential("UserName", "Password", "Domain");
    
    IOrganizationService service = new OrganizationServiceProxy(new Uri("http://crmserver/organization/XrmServices/2011/Organization.svc"), null, credentials, null);
    

    IFD:

    ClientCredentials credentials = new ClientCredentials();
    credentials.Windows.ClientCredential = System.Net.CredentialCache.DefaultNetworkCredentials;
    credentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;
    credentials.UserName.UserName = "UserName";
    credentials.UserName.Password = "UserPassword";
    
    IOrganizationService service = new OrganizationServiceProxy(new Uri("https://organization.contoso.com/XrmServices/2011/Organization.svc"), null, credentials, null);
    


    Dynamics CRM MVP/ Technical Evangelist at SlickData LLC
    My blog

    Saturday, November 30, 2013 4:08 AM
    Moderator
  • The IFD goes though the WEB, the AD sdk require the two parts to be on the same AD

    you need to check which approach is easier/cheaper

    move both to Claims

    or set CRM to Claims/IFD and upgrade the Java code to do something like this:

    http://blogs.msdn.com/b/dynamics-coe/archive/2013/09/21/integrating-microsoft-dynamics-crm-2011-online-with-java-and-other-non-net-clients.aspx

    This way the java part will access it though SOAP 

     


    I Hope I could help. If I have answered please mark as 'Answer'. If was just helpful, please vote. Thanks and happy coding! Bruno Lucas, http://dynamicday.wordpress.com/

    Saturday, November 30, 2013 5:38 AM