使用Windows凭据在CRM 2011中实例化OrganizationServiceProxy [英] Using Windows Credentials to instantiate OrganizationServiceProxy in CRM 2011
问题描述
是否有人尝试使用Windows凭据在CRM 2011(内部部署)中创建OrganizationServiceProxy实例?我有一个使用
Has anybody tried to use the Windows credentials to create an instance of OrganizationServiceProxy in CRM 2011 (On-Premise) ? I have a WCF service that uses
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows"/>
</security>
并且我能够确认用户已通过身份验证(OperationContext.Current.ServiceSecurityContext.WindowsIdentity.IsAuthenticated ),但我不知道如何生成/传递ClientCredentials以创建CRM服务的实例。这是从Silverlight应用程序调用的,该应用程序不存在于CRM的IFrame中。
and I am able to confirm that the user is authenticated (OperationContext.Current.ServiceSecurityContext.WindowsIdentity.IsAuthenticated) but I don't know how to generate/pass the ClientCredentials to create an instance of the CRM service. This is called from a Silverlight application that does not live in an IFrame inside CRM.
谢谢。
推荐答案
使用单独的用户帐户登录 OrganizationServiceProxy 所需的内容。
您将无法检索Windows凭据以传递给代理进行身份验证。
What you need to use separate user account to log into the OrganizationServiceProxy.
You wont be able retrieve the windows credentials to pass to the proxy for authentication.
您使用的用户需要 prvActOnBehalfOfAnotherUser 特权。
The user that you do use needs prvActOnBehalfOfAnotherUser privilege associated with it.
完成此操作后,您就可以成功登录并检索有效的OrganizationServiceProxy,作为其使用者,您需要做的事情每当您在服务上调用操作时,该服务即指定CallerId。您应该使用 Xrm.Page.context.getUserId 从xrm模型中检索此令牌。看到。 http://msdn.microsoft.com/en-us/library/gg334511.aspx 。
Once this is done and you can successfullly login and retrieve a valid OrganizationServiceProxy, what you need to do as a consumer of the service is specify the CallerId whenever you are calling operations on it. This token you should retrieve from the xrm model using Xrm.Page.context.getUserId. See. http://msdn.microsoft.com/en-us/library/gg334511.aspx.
然后从silverlight中使用 System.Windows.Browser.ScriptObject 桥执行客户端javascript来检索登录到crm的当前用户的用户ID。
最好在应用程序引导时执行此操作,并将值保存到applicationdata变量中,以便可以从silverlight应用程序中全局访问它。
Then from silverlight you would use the System.Windows.Browser.ScriptObject bridge to execute client side javascript to retrieve the userid of current user logged into crm.
Preferably do this at application bootstrap time and save the value into an applicationdata variable so so can access it globally from within your silverlight app.
例如。客户端脚本。
function CrmContext() {
}
var context = null;
with (window.parent) {
context = Xrm.Page.context;}
CrmContext.prototype.ReadUserId = function () {
var userId = context.getUserId();
return userId;
}
一旦您拥有用户令牌,便使用该值设置Proxy CallerId
Once you have the user token set the Proxy CallerId with this value
例如。
private OrganizationServiceProxy Proxy { get; set; }
public Guid Create(CreateEntity request)
{
if (request == null || request.UserId == Guid.Empty || request.Entity == null)
{
throw new InvalidMessageException("Invalid reqest message. Please provide compulsory criteria");
}
var result = Guid.Empty;
try
{
if (Proxy != null)
{
Proxy.CallerId = request.UserId;
using (Proxy)
{
result = Proxy.Create(request.Entity);
}
}
}
catch (FaultException<OrganizationServiceFault> e)
{
Log.Error(e.Message);
throw new IntegrationException(e.Message);
}
return result;
}
解决这个问题的方法是创建一个封装crm的crm适配器代理并向包含用户令牌的服务接口发送请求对象。
The approach ive taken to solve this was to create a crm adapter encapsulating the crm proxy and sending request object to service interface that includes the user token.
public OrganizationServiceAdapter(ICrmConfigurationContext crmConfigurationConext)
{
try
{
Proxy = new OrganizationServiceProxy(
crmConfigurationConext.OrganizationServiceConfiguration,
crmConfigurationConext.Credentials);
}
catch (Exception e)
{
//// TODO: Add local proxy pattern implementation for failover
Proxy = null;
Log.Error(e.Message);
throw new IntegrationException(ExceptionMessages.CouldNotLoginToOrganizationService());
}
}
这篇关于使用Windows凭据在CRM 2011中实例化OrganizationServiceProxy的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
