Personalized Community is here!
Quickly customize your community to find the content you seek.
Microsoft Customer Co-creation
Help impact how the tools and services you rely on are developed. Microsoft Customer Co-creation connects you directly with our engineers so you can provide feedback before a single line of code is written. Interested? Learn more at Microsoft Customer Co-creation
2021 Release Wave 2Discover the latest updates and new features releasing from October 2021 through March 2022.
2021 release wave 2 plan
The FastTrack program is designed to help you accelerate your Dynamics 365 deployment with confidence.
FastTrack Community | FastTrack Program | Finance and Operations TechTalks | Customer Engagement TechTalks | Upcoming TechTalks | All TechTalks
Deprecation of WS-Trust authentication and OrganizationServiceProxy spells the end of Adxstudio Portals with online instances if you were somehow still using it. xRM Portals Community Edition using username/password authentication with online instances of Dynamics 365 will also be dead in the water but xRM Portals does support Server-to-Server (S2S) auth. But I doubt anyone is actually using S2S in xRM Portals.
Ever since xRM Portals Community Edition was announced, the lifespan was always limited as the reliance of portals on a key library Microsoft.Xrm.Client was no longer being maintained and something in the online architecture would eventually change that caused that library to no longer function. There was a major bump in the road when Access Control Service (ACS) was deprecated and removed, another authentication mechanism. Now we face WS-Trust authentication being deprecated and being removed, and this time Microsoft is not going to come to the rescue with a patch of some sort.
If you trace down how the portals makes its connection to an environment within Microsoft.Xrm.Client you will find this core reliance on a method called ToOrganizationServiceProxy which returns an OrganizationServiceProxy. Adxstudio Portals used it, as does xRM Portals. So that effectively kills Adxstudio Portals if you still somehow were using it with an online instance. xRM Portals also uses this when you are using username and password authentication as the connection.
Somewhat hidden or and undocumented, but visible if you go through the portals code is Server-to-Server authentication which constructs an OrganizationWebProxyClient. You are saved…maybe. Looking at CrmOnlineOrganizationService class within the Adxstudio.Xrm library you can find this comment // check if S2S connection is enabled. If you dig into it further it expects a bunch of settings from an adxstudio.xrm section in the web.config that will give it a client id and certificate thumbprint allowing it to get an authorization token and then construct an OrganizationWebProxyClient as the IOrganizationService that is then used.
// check if S2S connection is enabled
Problem is 99.9% (perhaps even 100%) of implementations of xRM Portals probably are using username and password (if you are using S2S with xRM Portals please post in the comments) as the documentation and the setup wizard very much take you through a username and password flow.
So is this the end of xRM Portals Community Edition come April 2022 when existing and new instances have WS-Trust removed? It probably is.
The xRM Portals Community Edition has served a good purpose and if it makes it to April 2022 then that would be quiet a bit longer than I had expected.
Note this is online only type of issue, on premise with xRM Portals Community Edition should continue to function, but keep in mind online changes will likely trickle down to on premise at some point as well.
Business Applications communities