locked
Custom Portal -authentication and authorization against MS CRM RRS feed

  • Question

  • Hi,

    I need to develop a custom web portal (for insurance agents) who can perform create/read activities on lead,contact entities in MS CRM 2011.  This is requried to save the CAL cost (per user) as number of agents will be large.Hence using a custom application with external connectos license works out as a cost effective solution .

    The users are non AD users and hence I intend to develop a custom authentication mechanism on the portal to authenticate the users.(SQL authentication ).These users will not be using the MS CRM UI and will perform these activities only through the custom portal.

    How can the users be authenticated and authorised within CRM system to perform the Create/Update activities on certain entities ? Will claims based mechanism work  here ?Please suggest. 

    Friday, October 12, 2012 1:00 PM

All replies

  • Hi,

    if I understand your requirement correctly, you want to connect all the agents to Dynamics CRM over a single Dynamics CRM user account (one license). Is that right?

    Since you are connecting all the users using the one license, I don't think there is a native CRM way to configure authorization, since all user rights are handled by one Dynamics CRM user account.

    This means that you would probably have to handle authorization logic yourself in your application. You can use claims based authentication in your application to help you with authorization, but this authorization will not be connected to CRM authorization.

    Hope I understood your question right.

    Greetings,

    Pavlos


    Please mark this reply as an answer and vote it as helpful if it helps you find a resolution to your problem.

    Saturday, October 13, 2012 7:21 AM
  • Thanks for your reply.I do not want to map all my agents into one single CRM user account as this will affect the auditing and also the views for my agents. I do not want the agents to view the leads created by other agents .I also  want to limit their access to only create ,update (only the records created by self ) and read . With claims based authentication , I can authenticate the users (with out an AD) in MS CRM. But for the authorization piece, is custom authorization (in the portal application) the only way? Can I not add users to CRM user group from a custom authentication store used in claims based authentication ?  In this case, I plan to use a SQL store as custom STS for claims based authentication. Please suggest.

    Monday, October 15, 2012 5:05 AM
  • Hi,

    i came across this thread while looking for some more info. It seems like you won't be able to use the standard MSCRM authorization mechnisms with external connector licenses, so you would have to implement the authorization logic in your own application.

    Greetings,

    Pavlos


    Please mark this reply as an answer and vote it as helpful if it helps you find a resolution to your problem.
    View my latest gallery contribution here.
    Visit my blog here.

    Monday, October 15, 2012 8:52 AM