You’re offline. This is a read only version of the page.
To all,
I would like to know if Dynamics CRM 365 Online is supported via Plugin consuming an External WCF with ADFS Token Authentication. The issue is the use of the ADFS Certificate that is imported via Code. We have created a method that works on the Local network, but when we publish it in Dynamics CRM Online, the following problem occurs: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version = 4.0.0.0, Culture = neutral, PublicKeyToken = B77a5c561934e089 'failed.
Sample Code RequestToken
ServicePointManager.ServerCertificateValidationCallback =
((sender, certificate, chain, sslPolicyErrors) => true);
var rst = new RequestSecurityToken(RequestTypes.Issue);
rst.AppliesTo = new EndpointReference("https://RelyingParty/*");
rst.KeyType = KeyTypes.Bearer;
var binding = new WS2007HttpBinding();
binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
binding.Security.Mode = SecurityMode.TransportWithMessageCredential;
binding.Security.Message.AlgorithmSuite = SecurityAlgorithmSuite.Default;
binding.Security.Message.EstablishSecurityContext = false;
using (var trustChannelFactory = new WSTrustChannelFactory(binding,
new EndpointAddress("urlendpoint/STSService.svc")))
{
// Set the service credentials and disable certificate validation to work with sample certificates
trustChannelFactory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
trustChannelFactory.Credentials.ServiceCertificate.DefaultCertificate = GetServiceCertificate();
trustChannelFactory.Credentials.UserName.UserName = userName;
trustChannelFactory.Credentials.UserName.Password = userPassword;
var channel = (WSTrustChannel)trustChannelFactory.CreateChannel();
try
{
_authToken = channel.Issue(rst);
}
catch (MessageSecurityException ex)
{
channel.Abort();
throw new SecurityTokenException(ex.InnerException.Message, ex);
}
UserIdenity = CreateUserIdentityFromSecurityToken(_authToken);
private ClaimsPrincipal CreateUserIdentityFromSecurityToken(SecurityToken token)
{
var genericToken = token as GenericXmlSecurityToken;
var handlers =
FederatedAuthentication.FederationConfiguration.IdentityConfiguration
.SecurityTokenHandlerCollectionManager.SecurityTokenHandlerCollections.First();
var cToken = handlers.ReadToken(new XmlTextReader(new StringReader(genericToken.TokenXml.OuterXml)));
var identity = handlers.ValidateToken(cToken).First();
var userIdenity = new ClaimsPrincipal(identity);
return userIdenity;
}
Request WCF
using (var serviceApi = new ServiceApiFactory(_authController.GeToken()))
{
var binding = new WS2007FederationHttpBinding();
binding.Security = new WSFederationHttpSecurity()
{
Mode = WSFederationHttpSecurityMode.TransportWithMessageCredential,
Message = new FederatedMessageSecurityOverHttp()
{
EstablishSecurityContext = false,
NegotiateServiceCredential = false,
IssuedKeyType = SecurityKeyType.SymmetricKey
}
};
var client = serviceApi.GetService<IDataService>(binding, STSR);
try
{
var response = client.GetData("USD", "", "WEBSERVICE", null, null, null, "CRM");
XmlSerializer xsSubmit = new XmlSerializer(response.GetType());
var xml = "";
using(var sww = new System.IO.StringWriter())
{
using(XmlWriter writer = XmlWriter.Create(sww))
{
xsSubmit.Serialize(writer, response);
xml = sww.ToString();
}
}
}
Best Reguards,
Alex Varrese
*This post is locked for comments
I have the same question (0)
Sandbox plugins can only execute in partial trust mode https://msdn.microsoft.com/en-us/library/gg334752.aspx . All plugins in CRM Online(Dynamics 365 Online) have to be registered in the sandbox. Some of the code you posted requires full trust. I know for a fact that System.IO.StringWriter requires full trust
There might be others classes/methods in your code that also requires full trust. I can't find a definitive list, in general you should be able to make HTTP calls, but some of the other calls might be considered full trust. The only way to find the others is remove some code test, remove some more test, rinse, repeat.
#1
Community Member
2
#2
Christoph Pock
1
Share
Report
All responses (
Answers (
