Microsoft Dynamics CRM (Archived)

CRM Dynamics online IP and plugin

(0) Share

Report

Posted on by Yuval Rashelbach

Hello,

We use crm dynamics online, and right it's accessible through any IP address

I wanted to ask if there is a way to limit this to only one certain public IP address

Another question

Does the CRM outlook plugin demand that my mail account would be on an exchange server?

Can't it work with other postfix/mail servers with IMAP/POP accounts?

Thank you.

*This post is locked for comments

I have the same question (0)

All responses (10)

Answers (0)

Mohammad Atif on at

Like (0)

Report

Probably you are already logged in into your system with a Windows live account which you are using for the Dynamics CRM Online, that is why you are not getting Login page, otherwise you will get a Login page where you will give your login information before login into the Dynamics CRM online org. So what is the requirement here for limiting this to only one certain public IP address?

Thanks,

Was this reply helpful? Yes No
Yuval Rashelbach 80 on at

Like (0)

Report

Because I have no such desire that my company employees be able to access the Dynamics CRM Online from home, But only from the office environment.

Was this reply helpful? Yes No
Yuval R. on at

Like (0)

Report

I wonder why this post is posted here now. The original question was submitted about a year ago.

We have already implemented above requirement (limit users access CRM Online to specific IP).

Implementation used small JavaScript code that was added as a Web Resource. The code verifies

the user's IP. If not eligible - the page is re-directed to google.com.

Was this reply helpful? Yes No
Yuval Rashelbach 80 on at

Like (0)

Report

This is posted here, because this solution is absurd, it's absurd that for something technical such as this,

there is a need to perform some Implementations of some code someone have to write.

That's why i'm not asking only CRM wise, but maybe from the server side, or something behind the scenes that maybe Microsoft can offer.

It's a basic thing that exist in almost any hosted/clouded solution out there.

Hence my referring to Microsoft for answers.

Was this reply helpful? Yes No
Community Member on at

Like (0)

Report

Is there any resource that can actually answer this question. We have the same concern of wanting to limit users to originate from our specific ip addresses.

Was this reply helpful? Yes No
Faisal Khanzada 5 on at

Like (1)

Report

would you be able to provide me the link to the above said solution please?

Was this reply helpful? Yes No
Shalabh Gupta 91 on at

Like (0)

Report

Please refer the following KB which describes valid CRM Online IP Ranges.

support.microsoft.com/.../2728473

The implementation requested above can be done outside CRM using group policies within your organization to make these IP ranges accessible based on whether an employee is accessing it inside or outside company's network.

Hope this helps.

Was this reply helpful? Yes No
carlf 20 on at

Like (1)

Report

I know this is an old topic but there is still not a great answer/solution.

Shalabah, either I'm not understanding the solution that you gave or you have misunderstood the problem we are trying to solve. What you are referring to is fixing and restricting the connection to the CRM Servers from a given network, but that doesn't allow me to keep people from accessing our CRM Online Server from another network (since I have no control there). (Unless I'm totally misunderstanding that post, and if so could you provide more details on how to set that up?)

What we want to do is restrict so that ONLY users at our office IP address can log into our CRM Online account. If an IP address outside of the allowed range tries to log in, they get blocked. I know one option is ADFS but that would require us to purchase and setup a server in our office which we don't need or want to do.

@Yuval R., you mentioned that you have created a JavaScript that does allow for IP address filtering. Where would I be able to get it?

If there are any new/other options available for filtering Login access via IP Address I would really appreciate it!

Was this reply helpful? Yes No
Yuval R. on at

Like (0)

Report

Try adding the following code to main Dynamics CRM home pages. In order to invoke the code automatically, add a button to the home page ribbon and attach the code as an 'Enable Rule' to that button.

Note: the following JavaScript code was verified on CRM 2011. It needs to be updated for later CRM versions (CRM 2013/2015/2016).

// ---- constants ---------

var ONLINE_URL = "https://organization.crm4.dynamics.com/XRMServices/2011/Organization.svc/web"
var ONLINE = "organization.crm4.dynamics.com";

var EMPTY_STRING = "";

verifyUser();

function verifyUser()
{

var url = _getServerUrl();
var online_env = (url == ONLINE_URL); //
var deployment = online_env ? "Online" : "On-Premise";

var OFFICE_ADDRESS = "<your office IP address>"; // i.e. "182.79.45.43";

var SYSTEM_ADMINISTRATOR = "System Administrator";
var SALES_MANAGER = "Sales Manager";
var NO_WORK_FROM_HOME = "No Work From Home";

// get user role
var admin = userRole(SYSTEM_ADMINISTRATOR);
var sales_mgr = userRole(SALES_MANAGER);
var noworkfromhome = userRole(NO_WORK_FROM_HOME);

// abort if not NO_WORK_FROM_HOME
if (!noworkfromhome)
return;

// ----------------------------------------
// safty
if (admin)
return;
// ----------------------------------------

// if not permitted - check ip
var ip = myIP();

// ignore if no ip
if (ip == null || ip == false)
return;

if (ip != OFFICE_ADDRESS)
{
parent.window.location = "http://www.google.com/";
alert("You are not allowed to use Microsoft Dynamics CRM from this location.");
}
} // verifyUser

function myIP()
{
var url = _getServerUrl();

if (window.XMLHttpRequest)
xmlhttp = new XMLHttpRequest();
else
xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
try
{
if (online_env)
xmlhttp.open("GET", "https://<ssl service which returns user ip address>", false); // online
else
xmlhttp.open("GET", "http://api.hostip.info/get_html.php", false); // on-premise

xmlhttp.send();

hostipInfo = xmlhttp.responseText.split("\n");

if (online_env)
{
var hostIpAddress = hostipInfo.toString();
hostIpAddress = hostIpAddress.replace(/^\s+|\s+$/g, '');
return hostIpAddress;
}
else if (hostipInfo.length > 0)
{
for (i = 0; hostipInfo.length >= i; i++)
{
ipAddress = hostipInfo[i].split(":");

if (ipAddress[0] == "IP")
{
ipAddress[1] = ipAddress[1].replace(/^\s+|\s+$/g, '');
return ipAddress[1];
}
} // for
}

}
catch (e)
{
var error_message = e.message.replace(/^\s+|\s+$/g, '');
alert(error_message);

if (error_message == "Access is denied.")
{
alert("Your browser settings do not allow identifying your location.\n\n" +
"Use Tools\\Windows Options 'Security' tab.\n\n" +
"1. Verify your default security is 'Trusted Sites'\n\n" +
"2. Click the 'Custom Level' button to change\n" +
" the following settings:\n" +
" - Set 'Access data sources across domains' to 'Enabled'.");

return true;
}
}
return false;
} // verifyUser

function userRole(roleId)
{
var debug = false;
var id = roleId
if (debug) alert("Role Id '" + id + "'");

var currentUserRoles = Xrm.Page.context.getUserRoles();

for (var i = 0; i < currentUserRoles.length; i++)
{
var userRole = currentUserRoles[i];

if (GuidsAreEqual(userRole, id))
{
return true;
} //if

} //for

return false;

} // userRole

function GuidsAreEqual(guid1, guid2)
{
var isEqual = false;

if (guid1 == null || guid2 == null)
{
isEqual = false;
}
else
{
isEqual = guid1.replace(/[{}]/g, EMPTY_STRING).toLowerCase() == guid2.replace(/[{}]/g, EMPTY_STRING).toLowerCase();
}

return isEqual;

} // GuidsAreEqual

function _getServerUrl()
{
///<summary>
/// Returns the URL for the SOAP endpoint using the context information available in the form
/// or HTML Web resource.
///</summary>
var OrgServicePath = "/XRMServices/2011/Organization.svc/web";
var serverUrl = "";

if (typeof GetGlobalContext == "function")
{
var context = GetGlobalContext();
serverUrl = context.getServerUrl();
}
else
{
if (typeof Xrm.Page.context == "object")
{
serverUrl = Xrm.Page.context.getServerUrl();
}
else
{ throw new Error("Unable to access the server URL"); }
}

if (serverUrl.match(/\/$/))
{
serverUrl = serverUrl.substring(0, serverUrl.length - 1);
}
return serverUrl + OrgServicePath;
} // _getServerUrl

Was this reply helpful? Yes No
carlf 20 on at

Like (0)

Report

Thank you Yuval! I really appreciate the feedback!

We'll give this a try and if it works we'll let everyone know since I'm sure there are lots of others who have been looking for this solution.

Was this reply helpful? Yes No