locked
MS CRM - Opening forms without providing the user-id / password RRS feed

  • Question

  • Hi all,

    I'm pretty new to MS-CRM and have been trying to pop open various forms.

    Everytime I open a form (for eg., http://<server name>/SFA/accts/edit.aspx?id=<object id> ) on IE via code, I'm asked to enter my user-id and password before I can use that form.
    Is there some way in which I can, maybe, "pre-authenticate" a URL, so that a user doesn't have to keep entering his/her id and password everytime he/she tries to open a form.

    Thanks in advance
    Thursday, September 18, 2008 2:33 PM

Answers

  • Hey Star,

    The default behaviour of I.E is such that it should authenticate correctly if the user has been authenticated to the same domain in which the MSCRM server is installed. At times if you access the server via an ip address or if the server is in a trusted domain you will need to modify I.E to include this site in the list on intranet sites, but usually this is a problem with the infrastracture where MSCRM has been installed. For example you don't want to have to modify I.E's settings everytime a new person joins the company. Some of these values may also be dependant on the group policy implemented at the DC.

    Anyway, if you have not authenticated to a domain as a user you will at some point need to authenticate. This is usually the first time you log into the web site. With AD this is done when you initially log into the domain, however my machine sits outside the domain. Even so as I have a user in AD with exactly the same name and password as what I use to log into Vista with, it actually accepts it. Usually however you have to specify the domain + account name.

    Cheers,

    Karlo
    Tuesday, September 23, 2008 5:45 PM

All replies

  • Check your Internet Explorer Setings to see if you have selected "Ask for password everytime<blah>" option.Uncheck it, if true.

    Thursday, September 18, 2008 4:05 PM
  • Add your crm website to the list of trusted web sites or local intranet. Go to internet options, security tab, select trusted web sites or local intranet, click custom level. Go to the bottom of the page and select "Automatic logon only in intranet zone" or "Automatic logon with current name and password".

     

    Otherwise, you can still add your username and password in the manage password feature in the control panel (if the website is in internet or different domain that your current account)

     

    Hope it helps

     

    Thursday, September 18, 2008 7:54 PM
  • Hi Moumst,

    I tried what you had outlined in your post. However it does not work.

    To put things in a different way, I want to open pages from code the way, for eg., Salesforce allows you to. It does that using the https protocol. So you don't have to type in your user-id and password when you try to open up pages.

    I have been looking for documentation that would allow me to do the same in MS CRM. However I have not been able to come across any.

    (Everybody talks of the URLs in the format :
    http://<server name>/SFA/accts/edit.aspx ... which would then require my login id and password to open that page eventually. )

    It would be great if you could point me in the right direction.

    Thanks in advance !!!
    Friday, September 19, 2008 7:11 AM
  • Hi,

    When you to connect to MSCRM it tries to authenticate your credentials through AD. If this fails, it prompts you for your username and password. For example if you do not belong to a domain yet you're browsing to MSCRM then this message will pop up at least once.

    I would stear clear of the HTTPS protocol, this is used mainly for securing the channel from which the user is connection and entirely unneccesary in MSCRM (if the user is logged on to the domain). Additionally this requires you to use basic authentication in IIS which would in deed require a user to provide their username/password.

    Ensure the web application you are trying to access MSCRM from is running under the current user's credentials. (I.E. Use integrated authentication in IIS and set identity 'impersonate = true' in your web.config file.).

    A good way to test which user is currently logged on to your web application is to display their domain\accountname in your web application.

    Let me know if you need more help.

    Karlo
    Friday, September 19, 2008 6:49 PM
  • the way you do it is to add the site to the intranet sites (not trusted INTERNET sites) if you are on the network (Not IFD).  Then go to the security tab of IE Internet options--click custom security level.  Scroll down on the list to the bottom---you will see an option for automatic login only in intranet zone--check it. then close all browser windows.

    Saturday, September 20, 2008 8:35 PM
    Moderator
  • Hi Karlo/Joel,

    Thanks for inputs. What I am aiming at is to open the forms through a desktop application by launching an IE process. Would the same hold for desktop applications too ? ( If you are on AD, then no user-id / password is asked. But if you're not then your credentials would have to be input every time ?)

    Thanks in advance !!!
    Monday, September 22, 2008 6:53 AM
  • Yes, it would, The person who was running the application would need to be an AD member and have a user account in CRM.  If you have IE set to auto logon in Intranet zone, and you have the CRM URL in the IE zone, it will auto logon.

    Monday, September 22, 2008 10:35 AM
    Moderator
  • Hi StarSailor,

    If you open I.E in a browser it will default to using the person's I.E credentials. You could also access MSCRM through the web services from a windows/web application in which case you have the option of connecting either via the current users default credentials (A.D) or you could impersonate a user (Admin) in situations where you may require elevated credentials for normal users (e.g querying the MSCRM metadata).

    What ended up being your problem btw?

    Cheers,

    Karlo
    Monday, September 22, 2008 11:04 AM
  • Hi Karlo,

    I am just trying to open up the various forms present in MSCRM (for editing, viewing etc) through a windows application. I am using the web services to query MSCRM. I just wanted to do away with the task of inputting the user-id and password every time I open one of the forms.

    As I am given to understand, I'd have to be a member of the same AD. Could you please explain the other part "
    or you could impersonate a user (Admin) in situations where you may require elevated credentials for normal users (e.g querying the MSCRM metadata)." ? Would this elevated credentials also help me open up the forms without having to type in the user-id / password if I'm not a member of the AD ? If yes, could you kindly point me to some documentation available to do this ?

    Thanks in advance !!!
    Monday, September 22, 2008 11:19 AM
  • Hi Star,

    Part of the benefit of using A.D is that it takes care of automating logging in for a person logged into A.D. As mentioned already in this post, you can 'trust' other domains, but you would need to be logged into a trusted domain.

    You could potentially impersonate another user through .NET code and then open the I.E Browser (search 'impersonation C#'), but this is highly theoretical and probably a bad solution in either case.

    Is there any specific reason the person using this application will not already a member of the domain in which your MSCRM is residing?
    Monday, September 22, 2008 11:58 AM
  • I just want to get rid of having to type in the user-id / password everytime I try to open any form in MS CRM.
    Monday, September 22, 2008 1:30 PM
  • Hi Star.

    You should not be experiencing that problem if you are logged into the domain where MSCRM resides. Can you confirm:
    1. AD is installed?
    2. You are logged into the domain in which MSCRM has been installed?

    As you are from my understanding not connecting through a web application, you can ignore having to set up your IIS web site with integrated security. Basically if you browse to MSCRM from your browser (I.E.) it should not ask you to have to provide your authentication details. Is this the case?




    Monday, September 22, 2008 1:54 PM
  •  

    Hi Karlo,

     

    To answer your questions :

     

    1. Yes, AD is installed.

    2. Yes, I'm in the same domain as the MS CRM server.

     

    (Just switched to a machine that had these)


    However, I still had to add my the CRM URL to the sites listed in the Intranet zone and switch on the option for automatic login.


    I was also wondering what would happen if the Windows user is not a part of the AD but the machine as such is on the same domain as the CRM. Would this lead to the CRM asking me for the user - id / password ?

     

    Thanks again !!!

    Tuesday, September 23, 2008 6:32 AM
  • Hey Star,

    The default behaviour of I.E is such that it should authenticate correctly if the user has been authenticated to the same domain in which the MSCRM server is installed. At times if you access the server via an ip address or if the server is in a trusted domain you will need to modify I.E to include this site in the list on intranet sites, but usually this is a problem with the infrastracture where MSCRM has been installed. For example you don't want to have to modify I.E's settings everytime a new person joins the company. Some of these values may also be dependant on the group policy implemented at the DC.

    Anyway, if you have not authenticated to a domain as a user you will at some point need to authenticate. This is usually the first time you log into the web site. With AD this is done when you initially log into the domain, however my machine sits outside the domain. Even so as I have a user in AD with exactly the same name and password as what I use to log into Vista with, it actually accepts it. Usually however you have to specify the domain + account name.

    Cheers,

    Karlo
    Tuesday, September 23, 2008 5:45 PM