是否可以在没有 SDK 的情况下调用 Dynamics CRM 2011 后期绑定 WCF 组织服务 - 直接自定义绑定?
我正在尝试实现一个纯 WCF 场景,我想在不依赖 SDK 帮助程序类的情况下调用 Dynamics CRM WCF 服务。基本上,我想仅使用 .net 框架的本机 WCF 支持来针对 Dynamics CRM 2011 实施联合身份验证。
我这样做的原因是我想稍后将此场景移植到 BizTalk。
我已经使用 SvcUtil 成功生成了代理类,但部分策略和安全断言与配置架构不兼容。 SvcUtil 建议从代码构建绑定,这正是我正在尝试做的。
生成的代码在这里:
private static void CallWcf()
{
OrganizationServiceClient client = null;
try
{
// Login Live.com Issuer Binding
var wsHttpBinding = new WSHttpBinding();
wsHttpBinding.Security = new WSHttpSecurity();
wsHttpBinding.Security.Mode = SecurityMode.Transport;
// Endpoint Binding Elements
var securityElement = new TransportSecurityBindingElement();
securityElement.DefaultAlgorithmSuite = SecurityAlgorithmSuite.TripleDes;
securityElement.IncludeTimestamp = true;
securityElement.KeyEntropyMode = SecurityKeyEntropyMode.CombinedEntropy;
securityElement.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;
securityElement.SecurityHeaderLayout = SecurityHeaderLayout.Strict;
var securityTokenParameters = new IssuedSecurityTokenParameters();
securityTokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;
securityTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.Internal;
securityTokenParameters.RequireDerivedKeys = false;
securityTokenParameters.TokenType = null;
securityTokenParameters.KeyType = SecurityKeyType.SymmetricKey;
securityTokenParameters.KeySize = 192;
securityTokenParameters.IssuerAddress = new EndpointAddress("https://login.live.com/extSTS.srf");
securityTokenParameters.IssuerMetadataAddress = null;
securityTokenParameters.DefaultMessageSecurityVersion = null;
securityTokenParameters.IssuerBinding = wsHttpBinding;
securityElement.EndpointSupportingTokenParameters.Signed.Add(securityTokenParameters);
var textMessageEncodingElement = new TextMessageEncodingBindingElement();
textMessageEncodingElement.MaxReadPoolSize = 64;
textMessageEncodingElement.MaxWritePoolSize = 16;
textMessageEncodingElement.MessageVersion = MessageVersion.Default;
textMessageEncodingElement.WriteEncoding = System.Text.Encoding.UTF8;
textMessageEncodingElement.ReaderQuotas.MaxStringContentLength = 8192;
textMessageEncodingElement.ReaderQuotas.MaxArrayLength = 16384;
textMessageEncodingElement.ReaderQuotas.MaxBytesPerRead = 4096;
textMessageEncodingElement.ReaderQuotas.MaxNameTableCharCount = 16384;
var httpsTransportElement = new HttpsTransportBindingElement();
httpsTransportElement.ManualAddressing = false;
httpsTransportElement.AuthenticationScheme = System.Net.AuthenticationSchemes.Anonymous;
CustomBinding binding = new CustomBinding();
binding.Elements.Add(securityElement);
binding.Elements.Add(textMessageEncodingElement);
binding.Elements.Add(httpsTransportElement);
client = new OrganizationServiceClient(binding, new EndpointAddress(EndpointUri));
client.ClientCredentials.UserName.UserName = Username;
client.ClientCredentials.UserName.Password = Password;
client.Open();
var columnSet = new schemas.microsoft.com.xrm._2011.Contracts.ColumnSet();
var identifier = new Guid("fbf8240e-2c85-e011-ad55-1cc1de0878eb");
columnSet.Columns = new string[] { "name" };
var entity = client.Retrieve("account", identifier, columnSet);
}
finally
{
if (client != null)
client.Close();
}
}
我是联合身份验证的新手,并且很难弄清楚许多可用绑定之间的潜在差异,因此我将不胜感激在这方面的任何帮助。
I'm trying to implement a pure WCF scenario where I want to call Dynamics CRM WCF service without relying on the SDK helper classes. Basically, I would like to implement federated authentication against Dynamics CRM 2011 using only native WCF support from the .net framework.
The reason I'm doing this is that I would like to port this scenario later-on to BizTalk.
I've successfully generated proxy classes with SvcUtil, but the part of the policies and security assertions are not compatible with the configuration schema. SvcUtil suggests to build the binding from code instead, which is what I'm trying to do.
The resulting code is here:
private static void CallWcf()
{
OrganizationServiceClient client = null;
try
{
// Login Live.com Issuer Binding
var wsHttpBinding = new WSHttpBinding();
wsHttpBinding.Security = new WSHttpSecurity();
wsHttpBinding.Security.Mode = SecurityMode.Transport;
// Endpoint Binding Elements
var securityElement = new TransportSecurityBindingElement();
securityElement.DefaultAlgorithmSuite = SecurityAlgorithmSuite.TripleDes;
securityElement.IncludeTimestamp = true;
securityElement.KeyEntropyMode = SecurityKeyEntropyMode.CombinedEntropy;
securityElement.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;
securityElement.SecurityHeaderLayout = SecurityHeaderLayout.Strict;
var securityTokenParameters = new IssuedSecurityTokenParameters();
securityTokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;
securityTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.Internal;
securityTokenParameters.RequireDerivedKeys = false;
securityTokenParameters.TokenType = null;
securityTokenParameters.KeyType = SecurityKeyType.SymmetricKey;
securityTokenParameters.KeySize = 192;
securityTokenParameters.IssuerAddress = new EndpointAddress("https://login.live.com/extSTS.srf");
securityTokenParameters.IssuerMetadataAddress = null;
securityTokenParameters.DefaultMessageSecurityVersion = null;
securityTokenParameters.IssuerBinding = wsHttpBinding;
securityElement.EndpointSupportingTokenParameters.Signed.Add(securityTokenParameters);
var textMessageEncodingElement = new TextMessageEncodingBindingElement();
textMessageEncodingElement.MaxReadPoolSize = 64;
textMessageEncodingElement.MaxWritePoolSize = 16;
textMessageEncodingElement.MessageVersion = MessageVersion.Default;
textMessageEncodingElement.WriteEncoding = System.Text.Encoding.UTF8;
textMessageEncodingElement.ReaderQuotas.MaxStringContentLength = 8192;
textMessageEncodingElement.ReaderQuotas.MaxArrayLength = 16384;
textMessageEncodingElement.ReaderQuotas.MaxBytesPerRead = 4096;
textMessageEncodingElement.ReaderQuotas.MaxNameTableCharCount = 16384;
var httpsTransportElement = new HttpsTransportBindingElement();
httpsTransportElement.ManualAddressing = false;
httpsTransportElement.AuthenticationScheme = System.Net.AuthenticationSchemes.Anonymous;
CustomBinding binding = new CustomBinding();
binding.Elements.Add(securityElement);
binding.Elements.Add(textMessageEncodingElement);
binding.Elements.Add(httpsTransportElement);
client = new OrganizationServiceClient(binding, new EndpointAddress(EndpointUri));
client.ClientCredentials.UserName.UserName = Username;
client.ClientCredentials.UserName.Password = Password;
client.Open();
var columnSet = new schemas.microsoft.com.xrm._2011.Contracts.ColumnSet();
var identifier = new Guid("fbf8240e-2c85-e011-ad55-1cc1de0878eb");
columnSet.Columns = new string[] { "name" };
var entity = client.Retrieve("account", identifier, columnSet);
}
finally
{
if (client != null)
client.Close();
}
}
I'm new to federated authentication and am having a hard time figuring out the potential differences between the many available bindings, so I would be grateful for any help in this regard.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
这可能是可能的,但非常复杂。我们有一个使用 Dynamics 的项目,该项目已迁移到 ADFS,并且需要在刷新令牌方面添加大量额外代码(代码形式为 SDK 中的 autorefreshsecuritytoken.cs、deviceidmanager.cs 和 toolserviceproxies.cs),并且仍然使用 SDK 来完成所有操作。
请记住,您还需要在操作系统中安装 windows.identification,这是要复制的另一项功能。
最后,您始终可以使用 JustDecompile 或类似工具来查看 SDK 正在做什么。
It is probably possible, but hugely complicated. We had a project using Dynamics which moved to ADFS, and required adding lots of extra code around refreshing tokens (code form autorefreshsecuritytoken.cs, deviceidmanager.cs and toolserviceproxies.cs from the SDK) and that was still using the SDK for everything.
Bare in mind you also need windows.identification installed in the OS which is another load of functionality to copy.
In the end you can always just use JustDecompile or similar to see what the SDK is doing.