You’re offline. This is a read only version of the page.
65
Hello,
We have an ASP.NET MVC 4 application that runs inside an iframe in MS CRM 2013. The web application uses the MS CRM web services (Organization web service) to retrieve and save data. To do so, it needs to authenticate. For on-premises we are using windows authentication and impersonate with the currently logged user in MS CRM (user id is passed to the iframe URL). It works like a charm.
Our application should work under MS CRM 2013 Online too, so we are looking for an authentication approach. What we want to avoid is storing any username/password credentials for authenticating against Organization web service and go for a single sign on approach. Why do we want to avoid storing credentials? A single instance of the application will be used for multiple MS CRM organizations and users. This means that we need to store the credentials of an account for each organization in our DB. And even before that we need to ask our users to create such an account and save it using the configuration page. It is not impossible but I do not see it as a good user experience and it is not secure enough.
So we are looking at two approaches:
OAuth - more of a non-dot-net approach. Suppose we've obtained the token, can we still use the SDK classes for the OrganizationService (we have complex criteria defined, etc) and authenticate using the bearer token or remain with parsing XML?
Azure AD SSO - .NET approach, nice and clean BUT can it be used to authenticate against the OrganizationService? I'm looking at the following article: [http://blogs.msdn.com/b/devkeydet/archive/2013/02/19/calling-crm-from-asp-net-using-impersonation-to-actonbehalfof-the-logged-in-user.aspx][1]. Great article but the user retrieved by SSO is used only for impersonation, not for authentication and I've already dealt with impersonation. Can I authenticate since I am already authenticated after the SSO.
Thanks in advance!
Enoch
*This post is locked for comments
I have the same question (0)
Hi Enoch ,
Did you get any reply on this . I am also have similar requirement.
Please share what approach you have implemented.
Share
Report
All responses (
Answers (
