web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / Creating a web site th...
Microsoft Dynamics CRM (Archived)

Creating a web site that will interact with DynamicsCRM

(0) ShareShare
ReportReport
Posted on by Community Member

Hello everybody,

Seems like this question was asked a lot but I didn't really find a complete answer so I'm reformulating it.

I'm working on DynamicsCRM 2016 on-premises installed on a Windows server 2016 and configured to use Active Directory.

Actually, we have to create a website (HTML+JS) where users can create accounts and buy products. We want to link the website users with DynamicsCRM Contacts and products have to be retrieved from CRM. If a user is created in website, a contact should be created in CRM. If a product is purchased on website, a sale should be added in CRM.

What's the best way (security is a must for us, performance too) to link website with CRM?

  • Should I connect directly to CRM Web Api, or
  • Should I create a middleware using CRM SDK and this middleware url is the one I will call in my web site?

For example, If a user signs up in website,  should I add a contact in CRM using webAPI by calling it directly or I should prepare a web services using CRM SDK and Call it?

Or may be there is a different common approche :) ?

Many thanks for your help,

Cheers

*This post is locked for comments

I have the same question (0)
  • Suggested answer
    Mahendar Pal Profile Picture
    Mahendar Pal 45,095 on at

    Hi,

    As you are using CRM on-premise you can't directly connect to CRM webservice because it is not exposed to extranet, so you have it either:

    1. Setup IFD, which will expose your CRM in extranet and then you can consume CRM webservice in your website to create record into CRM.

    2. You can develop a middleware webservice whic you can host on your internal server and can open port to consume it in your website.

    It depends on your resource which one you want to implement for example for IFD you need to setup ADFS and need to implement claim based authentication, here is the link for more information about setting up IFD: technet.microsoft.com/.../gg188602.aspx;MSPPError=-2147217396

    Hope it will help.

    Thanks

  • Suggested answer
    Aric Levin - MVP Profile Picture
    Aric Levin - MVP 30,190 Moderator on at

    Hi,

    Since you are On-Prem, I have two possible suggestions:

    The first is that you put your web site on the DMZ zone, and it can access the CRM web services or web api directly.

    If you have the manpower, I would develop your own api/web service that resides in the middle between your web site and CRM, and only expose the services that you need from CRM, so as to prevent attacks directly on the CRM server.

    My personal recommendation, and what I have done in the past is always the second option, whether using CRM On-Prem or Online.

    Hope this helps.

  • Community Member Profile Picture
    Community Member on at

    Hi HIMBAP, Aric,

    Many thanks for your prompt answers. Seems like your validating my thoughts. Option 2 seems to be more secure and more flexible, it would isolate my CRM from the "wild" :).

    Any other suggestions from the community? Any best practices for such a situation?

    Cheers ,

  • David Jennaway Profile Picture
    David Jennaway 14,065 on at

    I'd also go for the middleware web service option. A couple of extra thoughts around security:

    • If the calling web site is hosted elsewhere, you'll need some means to restrict access to the web service. A simple starting point is IP restrictions, but you may well want to build something on top of this
    • The calling web site will essentially make the same call on behalf of each website user (probably contact in CRM). I'd normally split the web service methods into 2:
      • Generic ones, where the results are the same for all users - e.g. get a list of products
      • User-specific, where the results or processing is specific to the website user - e.g. view or update contact details. For user-specific methods, I'd always require a user Id parameter in the call, and ensure the web service layer restricts the operations - i.e. I wouldn't rely on the website doing this

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
SA-08121319-0 Profile Picture

SA-08121319-0 4

#1
Calum MacFarlane Profile Picture

Calum MacFarlane 4

#3
Alex Fun Wei Jie Profile Picture

Alex Fun Wei Jie 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans