3

I'm connecting successfully to on-premise server using the organization service by this code.

using (OrganizationServiceProxy proxy = new OrganizationServiceProxy(
  Organization, 
  HomeRealm, 
  CredentialsForClient, 
  CredentialsForDevice)) { ... }

Organization is our server plus the suffix OrgName/XRMServices/2011/Organization.svc. CredentialsForClient is my log-in (or my live ID when going for on-line). HomeRealm and CredentialsForDevice are set to null.

This appears to work perfectly for on-premise version but when I go on-line, I get an error. I can create the proxy variable but when I attempt to execute the code below, the exception tells me that I can't have a null value as an end point. This is hardly telling me anything, due to my ignorance.

EntityCollection entityCollection = proxy.RetrieveMultiple(fetchExpression);

Of course I'm using a different Organization when going on-line. I copied the string from the settings of our on-line version of CRM Dynamics (just as I did for the on-premise version). How can I tackle this problem?

3 Answers3

3

You might want to download the latest version of the SDK and look at the example: Simplified Connection to Microsoft Dynamics CRM. Connection strings differ between on premise and online.

[<add name="Server=CRM Online, organization=YourOrg, user=YourUserName"
         connectionString="Url=https://YourOrg.crm.dynamics.com; Username=YourUserName@YourOrg.onmicrosoft.com; Password=YourPassword"/>][2]
James Wood
  • 17,286
  • 4
  • 46
  • 89
Jason Lattimer
  • 2,858
  • 15
  • 14
  • I'm not sure I quite follow. It looks like the `name` consists of the server, organization and user, while the `connectionString` is composed of the url, username and password... Some of the details will are mentioned in both the attributes - is it supposed to like that? –  Sep 20 '12 at 14:31
  • Also, is that a connections string for the on-line or the on-premise version? Please note that I'm very new to this and vastly confused. I've also found a [link](http://social.microsoft.com/Forums/en/crmdevelopment/thread/2fb9b0d1-e56d-40da-868e-6afc54e34deb) describing how to obtain credentials for the device but I still get error about unsecured or wrongly secured connection. –  Sep 20 '12 at 14:33
  • I think Jason is suggesting you use a helper library produced by Microsoft to help with building a connection, I've added a link to his post. – James Wood Sep 20 '12 at 19:19
  • +1 for suggesting the simplified connection to Microsoft Dynamics CRM! – Todd Richardson Sep 28 '12 at 18:19
3

Have you seen this sample, it shows how to Authenticate Users with Microsoft Dynamics CRM Web Services without any helper code for all types of connection, on-premise, on-line.

James Wood
  • 17,286
  • 4
  • 46
  • 89
1

When connecting to an online version, you have to give device credentials as well as user credentials. Just the way it is (Windows live authentication scheme and all.)

Edit

After some bit of research, I still have not found official documentation as to why this is. Generally, on the MSDN forums it is accepted that this is to associate give a device identity to windows live. Maybe this is so Microsoft can track what workstations are using CRM? Maybe it enables them to enhance security at some point by restricting which machine identities may connect to CRM using certain accounts. Maybe all/none of the above.

Speculation aside, in my experience, I have not been able to execute a successful query without device credentials authenticated against the CRM (i.e. through the OrganizationServiceProxy constructor or the Authentication process used by the IServiceManagment implementations.)

Below, you will find some older code that I was using to do this. I now recommend using the connection string as mentioned by @Jason Lattimer. If you need to handle more parallelism, look into using IServiceManagement<IOrganizationService>. 

    var reader = new AppSettingsReader();

    //instatantiate credential class and populate values
    var cc = new ClientCredentials();
    cc.UserName.UserName = reader.GetValue("WLID", typeof(string)).ToString();
    cc.UserName.Password = reader.GetValue("WLPS", typeof(string)).ToString();

    //repeat for device credentials
    var deviceCredentials = new ClientCredentials();
    deviceCredentials.UserName.UserName = reader.GetValue("deviceWLID", typeof(string)).ToString();
    deviceCredentials.UserName.Password = reader.GetValue("deviceWLPS", typeof(string)).ToString();


    //create a uri for the organization service location
#if DEBUG
    var orgServiceUri = new Uri(reader.GetValue("CrmNonProductionUri", typeof(string)).ToString());
#else
    Uri orgServiceUri = new Uri(reader.GetValue("CrmProductionUri", typeof(string)).ToString());
#endif
    OrganizationServiceProxy retval = new OrganizationServiceProxy(orgServiceUri, null, cc, deviceCredentials);
    retval.EnableProxyTypes();

So, in the end, I just use a config file to store the various values needed to construct my credentials and uri (for both environments.)

Todd Richardson
  • 1,119
  • 1
  • 11
  • 22
  • Still, it begs two questions. Why do we need to authenticate the device, what problem does that solve? And, also, I've managed to authenticate on-line **without** writing anything to the disc. I only send in a bunch of randomized characters to the server and it gives me brand new credentials. What's the point of that if I can get my credentials on the fly anyway? It feels a bit like asking somebody to pick a code and then, immediately, ask for it. It's obvious he/she know it! –  Sep 28 '12 at 23:25
  • 1
    Its purely conjecture at this point because I cannot find supporting documentation, but I believe it has to do with device identification that is a part of the windows live id schema. When you access a windows live account from a different computer, it is at least aware of the device making access. I would imagine that you can setup security for trusted devices on a windows live account. Again, just conjecture. In my experience, when using windows live for authentication (or with CRM Online), I've always had to send credentials for the device in order to execute queries. – Todd Richardson Oct 01 '12 at 11:52
  • I did find this: http://social.microsoft.com/Forums/sv-SE/crm/thread/3736d77c-74d2-4bf6-8258-ba2410ffe8ad It indicates that the (CRM?) SDK is in agreement. When authenticating against windows live, the account should (must?) match the device which is being used to access that account. – Todd Richardson Oct 01 '12 at 17:17
  • Cool. Great digging! It was an annoyance to "just do it that way". I **strongly** prefer to know *why* things are done in a certain way. (That's a great method of discovering redundancies and superfluity, by the way.) –  Oct 03 '12 at 13:40