Microsoft CRM 2011 本地跨域身份验证失败
我在一个域上安装了 CRM 2011,并在另一个域上拥有一台 Web 服务器(服务器 2008),该 Web 服务器托管一个 MVC 3 网站,该网站尝试访问 CRM 服务器上发布的服务。
我正在使用通过运行 CrmSvcUtil 创建的早期绑定实体类。
我的问题是,当我尝试使用 Web 服务器上的代码中的服务时,我收到“由于身份验证失败,无法满足对安全令牌的请求”异常。
如果我的 CRM 安装在本地,实际上是否可以从单独域上的另一台计算机进行连接,而无需将 CRM 安装为 IFD?
我正在使用凭据来调用服务...
public override bool ValidateUser(string username, string password)
{
var credentials = SecurityHelper.BuildClientCredentials(_crmUsername, _crmPassword, _domain);
using (_serviceProxy = new OrganizationServiceProxy(new Uri(_organisationUri), null, credentials, null))
{
if (!string.IsNullOrEmpty(username) && !string.IsNullOrEmpty(password))
{
_serviceProxy.EnableProxyTypes();
using (var orgContext = new XrmServiceContext(_serviceProxy))
{......
以及我的帮助程序类来创建凭据...
public class SecurityHelper
{
public static ClientCredentials BuildClientCredentials(string username, string password, string domain)
{
var credentials = new ClientCredentials();
credentials.Windows.ClientCredential = new System.Net.NetworkCredential(username, password, domain);
credentials.UserName.UserName = username;
credentials.UserName.Password = password;
return credentials;
}
}
就应用程序池而言,因为 Web 服务器位于不同的域中,我可以从 CRM 框中应用用户帐户吗?
I have a CRM 2011 on premise installation on one domain and have a web server (server 2008) on a seperate domain with the web server hosting an MVC 3 website that is trying to access the services published on the CRM server.
I am using an early bound entity class created by running CrmSvcUtil.
My problem is when I try and use the services from code on the web server I receive a "The request for security token could not be satisfied because authentication failed" exception.
If my CRM install is on premise is it actually possible to connect from another machine on a seperate domain without CRM being installed as IFD?
I am using credentials to call the services...
public override bool ValidateUser(string username, string password)
{
var credentials = SecurityHelper.BuildClientCredentials(_crmUsername, _crmPassword, _domain);
using (_serviceProxy = new OrganizationServiceProxy(new Uri(_organisationUri), null, credentials, null))
{
if (!string.IsNullOrEmpty(username) && !string.IsNullOrEmpty(password))
{
_serviceProxy.EnableProxyTypes();
using (var orgContext = new XrmServiceContext(_serviceProxy))
{......
And my helper class to create the credentials.....
public class SecurityHelper
{
public static ClientCredentials BuildClientCredentials(string username, string password, string domain)
{
var credentials = new ClientCredentials();
credentials.Windows.ClientCredential = new System.Net.NetworkCredential(username, password, domain);
credentials.UserName.UserName = username;
credentials.UserName.Password = password;
return credentials;
}
}
In terms of the application pool as the web server is on a different domain can I apply a user account from the CRM box?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
是的,您应该能够做到这一点。运行 MVC 站点的应用程序池的用户是 CRM 中的用户吗?或者您是否提供了 CRM 调用的凭据?
Yes, you should be able to do this. Is the user running the app pool of your MVC site a user in CRM? Or are you providing credentials for the calls to CRM?
我们一直遇到完全相同的问题。如果我们通过代理创建服务,它根本不起作用。
但是,如果您在 localContext 内传递 IOrganizationService 引用并使用它而不是代理方法,则可以使其发挥作用。
Afaik,创建代理的目的是当您在应用程序外部连接到 CRM 时。当在插件中时,微软会为您提供 CRUD 所需的所有对象引用。
(有没有人能够在插件内创建服务代理并实际使其工作???)
We've been having the exact same issue. If we create a service via proxy it simply doesn't work.
However, you can get this to work if you pass in the IOrganizationService reference inside the localContext and use that instead of the proxy approach.
Afaik, the intent of the proxy creation is when you connect to CRM outside the application. When inside a plugin, microsoft gives you all the object references required to crud.
(Has anyone been able to create a service proxy inside a plugin and actually have it work????)