CRM 4: Asp.net website authentication with IFD to connect to CRM 4

All replies

• 

  

  1

  Sign in to vote

  Hi there,

  let me rephrase to make sure I understand the problem. 

  Client A and Client B reside in the different domains and CRM resides in the domain of Client A. Client B is having a problem accessing CRM via IFD because domain name is different from CRM domain.

  • Do you have trust set up between the domains?
  • Can Client B access CRM on premises, i.e. without IFD?

  --

  ---

  George Doubinski, MVP http://crm.georged.id.au

  Friday, December 3, 2010 3:36 AM

  Moderator
• 

  

  1

  Sign in to vote

  Further to George's questions, can I clarify if you have just the one CRM deployment, or several ?

  Note that, impersonation using IFD authentication only works if the web page the user accesses is within the CRM web site, which doesn't seem to be how you describe it in 'all the clients will use the same website to connect to the CRM which will be somewhere around the world'

  ---

  Microsoft CRM MVP - http://mscrmuk.blogspot.com  http://www.excitation.co.uk

  Friday, December 3, 2010 10:00 AM

  Moderator
• 

  

  0

  Sign in to vote

  Hi, Many thanks for the response. Actually, i am new to CRM so doesnt know much about it and may be i am confusing you. Can you please let me know the following things: 1) If I implement IFD authentication from the code, do I have to do any settings in the CRM? 2) Is it possible to do IFD authentication from code without impersonation? What i have understood from you reply is that if I will use 'crmimpersonator' in the code then the application must reside in the CRM website as it will execute in the CRM context. 3)Does the method " CrmAuthenticationToken.ExtractCrmAuthenticationToken(HttpContext.Current, "Organization_name")" implements the IFD through the code or we have use some other methods for the IFD implemention? 4) Does the IFD authentication means that this type of authentication authenticates the users from the Active directory only? 5) If we are doing IFD implementation from the code do we have to provide the password of the user as well or just the 'domain\username'? About my previous question let me clarify my statements: Client A lives in England, Client B lives in America and the CRM Server is in Canada. Client A uses a system in England which has the domain PC1. Client B username will be PC2\James Client B uses a system in America which has the domain PC2.Client B username will be PC1\Andy CRM server in Canada has the domain CRMDC. The users in the CRM are created with the domain CRMDC\Peter, CRMDC\Paul.

  Friday, December 3, 2010 10:40 AM
• 

  

  1

  Sign in to vote

  Thanks for the clarification. This post should answer some of your questions, but here are some additional answers (using your numbering)

  2) You have to either use impersonation, or you'd have to prompt the user for their username and password and reauthenticate them
  4) The user is authenticated against their AD account. Broadly, CRM will have prompted the user for their AD account and password; if these are valid, CRM will retain the CRM systemuserid (a Guid) of that user, which you can access from the return value of ExtractCrmAuthenticationToken

  ---

  Microsoft CRM MVP - http://mscrmuk.blogspot.com  http://www.excitation.co.uk

  • Proposed as answer by George DoubinskiMVP, Moderator Tuesday, December 7, 2010 1:03 AM
  • Marked as answer by Jim Glass Jr Tuesday, December 7, 2010 8:20 PM

  Friday, December 3, 2010 1:36 PM

  Moderator
• 

  

  1

  Sign in to vote

  Just to add to David's answers: in IFD scenario users are prompted to login using a form so their domains and computer names are irrelevant and not used anywhere. They can use internet cafe, for all we care.

  -- 

  ---

  George Doubinski, MVP http://crm.georged.id.au

  Tuesday, December 7, 2010 1:05 AM

  Moderator