Dynamics CRM-呼叫者未通过服务验证 [英] Dynamics CRM - Caller not authenticated to service
问题描述
我在Web服务器A上有一个MVC4 Web应用程序,该Web应用程序使用Web Server B上的OrganizationServiceProxy来使用Dynamics CRM Web服务。MVC4应用程序已设置为启用ASP .NET模拟和Windows身份验证。当我呼叫WhoAmI时,我得到一个错误:
I have an MVC4 Web Application on Web Server A that is consuming the Dynamics CRM Web Service using the OrganizationServiceProxy, which is on Web Server B. The MVC4 application is setup with ASP .NET Impersonation and Windows Authentication enabled. When I call the WhoAmI I get an error:
'呼叫者未通过该服务进行身份验证。'
'The caller was not authenticated by the service.'
现在,如果我将MVC4应用程序移动到具有与Web服务器A上相同的身份验证的Web服务器B(与CRM相同),它将毫无例外地调用WhoAmI。
Now if I move the MVC4 Application to Web Server B (same as CRM) with the same Authentication as it had on Web Server A it calls WhoAmI without an exception.
这是用于连接到服务器的代码。
Here is the code being used to connect to the server.
string serviceURL = ConfigurationManager.AppSettings["CRMROOTURL"].ToString() + "XRMServices/2011/Organization.svc";
this.CRMService = GetCRMService(serviceURL);
private OrganizationServiceProxy GetCRMService(string serviceURL)
{
ClientCredentials credentials = new ClientCredentials();
credentials.Windows.ClientCredential = CredentialCache.DefaultNetworkCredentials;
OrganizationServiceProxy client
= new OrganizationServiceProxy(new Uri(serviceURL), null, credentials, null);
return client;
}
这是IIS网站上身份验证的屏幕截图。
Here is a screenshot of the authentication on the IIS Web Site.
每个正确的答案,我只是想提供一些帮助其他人的摘要。
Per the correct answer I just wanted to provide some snippets to help anyone else.
string loggedUser = System.Security.Principal.WindowsIdentity.GetCurrent().Name;
ClientCredentials credentials = new ClientCredentials();
credentials.Windows.ClientCredential = new NetworkCredential(username, password, domain);
OrganizationServiceProxy client
= new OrganizationServiceProxy(new Uri(serviceURL), null, credentials, null);
client.ClientCredentials.Windows.ClientCredential = credentials.Windows.ClientCredential;
// -- Retrieve the user.
QueryExpression expression = new QueryExpression
{
EntityName = "systemuser",
ColumnSet = new ColumnSet("systemuserid")
};
expression.Criteria.AddCondition("domainname", ConditionOperator.Equal, loggedUser);
EntityCollection ec = client.RetrieveMultiple(expression);
if (ec.Entities.Count > 0)
{
// -- Impersonate the logged in user.
client.CallerId = ec.Entities[0].Id;
}
谢谢!
推荐答案
除非您明确声明否则(并且没有任何代码来查看如何创建OrganizationServiceProxy),前提是OrganizationServiceProxies将使用(服务帐户的)当前AD帐户,而不是用户的特定帐户帐户)以连接到CRM。我猜想您在服务器A上运行的应用程序池不是CRM用户,而服务器B上的应用程序池是CRM用户。如果是这样,请将服务器A的用户更改为与服务器B的用户,或者将服务器A的用户更改为CRM中的用户。
Unless you explicitly state otherwise (and without any code to see how you are creating your OrganizationServiceProxy), on premise OrganizationServiceProxies will use the current AD account (of the service account, not the user's specific account) to connect to CRM. I'm guessing that the App pool you're running on Server A isn't a CRM user, and the one on Server B is. If so, either change Server A's user to be the same user as Server B, or make the Server A's user a user in CRM.
您正在使用默认的网络凭据连接到CRM。这意味着无论您使用什么IIS身份验证,都将以应用程序池用户帐户连接到CRM。只要App Pool用户是CRM用户,它就可以工作,但可能不是您想要的。
You're using the default network credentials to connect to CRM. This mean that no matter what IIS authentication you are using, you will connect to CRM as the App Pool User Account. This works as long as the App Pool user is a CRM user, but is probably not what you want.
您可以使用此方法手动设置网络凭据:
You can set the network credential manually using this method:
creds.Windows.ClientCredential = new System.Net.NetworkCredential("UserId", "Password", "DomainName");
然后获取ASP.Net用户的域名并使用模拟连接到CRM,以确保所有该个人的安全性已正确应用。
Then get the ASP.Net User's domain name and use impersonation to connect to CRM to ensure that all of the security for that individual is correctly applied.
这篇关于Dynamics CRM-呼叫者未通过服务验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
