web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / Dynamics CRM 2013 - Ig...
Microsoft Dynamics CRM (Archived)

Dynamics CRM 2013 - IgnoreTokenCheck for INVALID_WRPC_TOKEN warning

(0) ShareShare
ReportReport
Posted on by RaviM 675

Hello All,

Recently we have upgraded from CRM 4 version to CRM 2013 for one of our client (On premise version). I was just checking event viewer on application server and found one warning which saying "INVALID_WRPC_TOKEN". I googled on this and found following forum in which they are saying to set "IgnoreTokenCheck" in registry.

https://social.microsoft.com/Forums/en-US/4b30b899-fbdb-4c9e-807e-f442858412b2/ignoretokencheck?forum=crm

For us, this is happening only in "Activities/Attachment/download.aspx" page. This is CRM's in built page opening when we try to download email attachments. I don't see any issues in downloading attachments though warning is there in event viewer.

Following are my questions:

1) Why this warning logged in event viewer although I am able to download attachment without any issue?

2) Why this is happening only on download.aspx page?

3) If I will set IgnoreTokenCheck in registry, what will be security impact due to this?

4) Is there any other way to fix this warning without setting IgnoreTokenCheck in registry?

Thanks in advance.

*This post is locked for comments

I have the same question (0)
  • purwar purwar Profile Picture
    purwar purwar 2,836 on at

    Can u share warning message ? because CRM expects additional parameters on the query string that contain a Token and INVALID_WRPC_TOKEN related to this parameter.

  • Suggested answer
    purwar purwar Profile Picture
    purwar purwar 2,836 on at

    The fundamental problem is that CRM now expects additional parameters on the query string that contain a Token, and there is no way for us to generate that token. There's a significant question about why this change was made, but I'll leave that for another time.

    In the meantime, there is a workaround, providing you have access to the registry. It is possible to disable the token checks via a registry change. To do this, create a DWORD registry key named IgnoreTokenCheck under HKLM\SOFTWARE\Microsoft\MSCRM" and set the value to 1, then recycle the CrmAppPool application pool for the change to take effect. I've not checked the behaviour in detail, but I expect this registry change will disable the token check for all CRM operations, and not just the attachment download. If I find more I'll post it here.

    There's an argument as to whether this opens a security hole, as tokens are designed to stop one-click attacks, so you need to consider the implications. My personal view is that, although I normally err on the paranoid side when discussing application security, I think the risks of disabling token checking are minimal.

  • RaviM Profile Picture
    RaviM 675 on at

    Exception information:

       Exception type: CrmException

       Exception message: INVALID_WRPC_TOKEN

      at Microsoft.Crm.Application.Security.WrpcContext.ValidateTokenState()

      at Microsoft.Crm.Application.Security.WrpcContext.ValidateToken()

      at Microsoft.Crm.Application.Controls.AppPage.ValidateWrpcContext()

      at Microsoft.Crm.Application.Controls.AppPage.OnInit(EventArgs e)

      at System.Web.UI.Control.InitRecursive(Control namingContainer)

      at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

    Request information:

       Request URL: server/.../download.aspx;AttachmentId=0c079b44-e3f2-e411-80e5-00155d815046&CRMWRPCToken=M7aaduxqEeSA5PAd2Lccb5ncDwPQ/5EsTcwB4ZuNrQJj+q7MhV9GKHrsFxO5MJJL&CRMWRPCTokenTimeStamp=635664930669084067

       Request path: /Activities/Attachment/download.aspx

       User host address:

       User:

       Is authenticated: True

       Authentication Type: Negotiate

       Thread account name:

    Thread information:

       Thread ID: 52

       Thread account name:     Is impersonating: False

       Stack trace:    at Microsoft.Crm.Application.Security.WrpcContext.ValidateTokenState()

      at Microsoft.Crm.Application.Security.WrpcContext.ValidateToken()

      at Microsoft.Crm.Application.Controls.AppPage.ValidateWrpcContext()

      at Microsoft.Crm.Application.Controls.AppPage.OnInit(EventArgs e)

      at System.Web.UI.Control.InitRecursive(Control namingContainer)

      at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

  • Community Member Profile Picture
    Community Member on at

    Hi RaviM,

    Can you try browsing and accessing the same page from within the IIS and check to see if you get the same error message?

    The issue might be from the IIS itself.

    Vijay Mani | Microsoft Dynamics CRM Support engineer

  • RaviM Profile Picture
    RaviM 675 on at

    Hello,

    I have tried to browse Attachment.aspx page from IIS. Getting same warning/error.

     

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
SA-08121319-0 Profile Picture

SA-08121319-0 4

#1
Calum MacFarlane Profile Picture

Calum MacFarlane 4

#3
Alex Fun Wei Jie Profile Picture

Alex Fun Wei Jie 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans