0

I am trying to utilize CRM 2011 deployment service for CRM 2011 management in a custom made vb.net application. Please do not tell me that i should use deployment manager for my operations as i have to develop this custom application tailored to the specific requirements for my organization.

Everything works fine when i use http but when i try to connect call a method of deployment service using SSL (HTTPS is enabled at the server)

Here is my relevant client configurtion for HTTPS/SSL only

<binding name="CustomBinding_IDeploymentServiceHttps">
      <security defaultAlgorithmSuite="Default" authenticationMode="SspiNegotiatedOverTransport"
                    requireDerivedKeys="false" securityHeaderLayout="Strict" includeTimestamp="true"
                    keyEntropyMode="CombinedEntropy" protectTokens="false" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
                    requireSecurityContextCancellation="true">
        <localClientSettings cacheCookies="true" detectReplays="false"
            replayCacheSize="900000" maxClockSkew="00:05:00" maxCookieCachingTime="Infinite"
            replayWindow="00:05:00" sessionKeyRenewalInterval="10:00:00"
            sessionKeyRolloverInterval="00:05:00" reconnectTransportOnFailure="true"
            timestampValidityDuration="00:05:00" cookieRenewalThresholdPercentage="60" />
        <localServiceSettings detectReplays="false" issuedCookieLifetime="10:00:00"
            maxStatefulNegotiations="128" replayCacheSize="900000" maxClockSkew="00:05:00"
            negotiationTimeout="00:01:00" replayWindow="00:05:00" inactivityTimeout="00:02:00"
            sessionKeyRenewalInterval="15:00:00" sessionKeyRolloverInterval="00:05:00"
            reconnectTransportOnFailure="true" maxPendingSessions="128"
            maxCachedCookies="1000" timestampValidityDuration="00:05:00" />
        <secureConversationBootstrap />
      </security>
      <textMessageEncoding maxReadPoolSize="64" maxWritePoolSize="16"
          messageVersion="Default" writeEncoding="utf-8">
        <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
            maxBytesPerRead="4096" maxNameTableCharCount="16384" />
      </textMessageEncoding>
      <httpsTransport manualAddressing="false" maxBufferPoolSize="524288"
          maxReceivedMessageSize="65536" allowCookies="false" authenticationScheme="Anonymous"
          bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
          keepAliveEnabled="true" maxBufferSize="65536" proxyAuthenticationScheme="Anonymous"
          realm="" transferMode="Buffered" unsafeConnectionNtlmAuthentication="false"
          useDefaultWebProxy="true" requireClientCertificate="false" />
    </binding>

and

 <client>
  <!-- Deployment Service Endpoints HTTP,HTTPS-->
  <endpoint address="http://10.40.30.20:5555/XRMDeployment/2011/Deployment.svc"
    binding="customBinding" bindingConfiguration="CustomBinding_IDeploymentService"
    contract="CRM2011DeploymentSvc.IDeploymentService" name="CustomBinding_IDeploymentService">
    <identity>
      <userPrincipalName value="LAB2010\administrator" />
    </identity>
  </endpoint>
  <endpoint address="https://www.mydomain.com/XRMDeployment/2011/Deployment.svc"
            binding="customBinding" bindingConfiguration="CustomBinding_IDeploymentServiceHttps"
            contract="CRM2011DeploymentSvc.IDeploymentService" name="CustomBinding_IDeploymentServiceHttps" />
</client>

I am using the following code in my asp.net application

Dim DomainCredentials As New NetworkCredential(ADUserName, ADPassword, DomainNETBIOS)
 If CRMDeploymentServiceURl.Trim().ToLower().StartsWith("https://") Then
            _CrmDeployService = New DepSvc.DeploymentServiceClient("CustomBinding_IDeploymentServiceHttps")
        Else
            _CrmDeployService = New DepSvc.DeploymentServiceClient("CustomBinding_IDeploymentService")
        End If
        _CrmDeployService.ClientCredentials.Windows.ClientCredential = DomainCredentials
        _CrmDeployService.Endpoint.Address = New EndpointAddress(New Uri(CRMDeploymentServiceURl))
        _CrmDeployService.Endpoint.Binding.CloseTimeout = New TimeSpan(0, 30, 0)
        _CrmDeployService.Endpoint.Binding.OpenTimeout = New TimeSpan(0, 30, 0)
        _CrmDeployService.Endpoint.Binding.ReceiveTimeout = New TimeSpan(0, 30, 0)
        _CrmDeployService.Endpoint.Binding.SendTimeout = New TimeSpan(0, 30, 0)

The above code is used just for initialization of the service. Later on when i call a method using _CrmDeployService object , everything works fine over http but not over https

Please tell what can i do to communicate to the HTTPS secured Deployment service without using any client certificate. (SSL certificate from DigiCert is already installed on the server and website can be browsed over SSL in any web browser. What other certificate do i need and why?)

Also IIS settings have been done as needed. WCf service is browesable over SSL/https via web browser.) I have tried anonymous authentication as well as authentication via a domain user at the server and handled the same in code as well.

Is there any configuration change that i need to make? Is this a WCF specific issue?. I have tried solutions posted on stackoverflow as well as over msdn but to no avail. I cannot change the server's web.config and i must not use a client certificate but i can use any credentials required for authentication and i must achieve it over SSL. Please help. Thanks

Community
  • 1
  • 1
Steve Johnson
  • 3,054
  • 7
  • 46
  • 71

1 Answers1

-1

SSL means it will gonna need the certificate. First check by making any example app to check if the WCF is working with ssl or not , because only then it can be assured that the CRM servers is the problem (it is looking for certificate) or worse you failed earlier by the WCF before reaching that point . If WCF is failing you then you have to create a temporary certificate for it .There are plenty help code at the internet here is one to get you started.

http://msdn.microsoft.com/en-us/library/ff648498.aspx

and in your application, use the following binding (play around with the different transport/message security modes if you like):

<basicHttpBinding>
<binding name="basicHttp">
<security mode="TransportWithMessageCredential" >
<transport/>
<message clientCredentialType=”UserName”/>
</security>
</binding>
</basicHttpBinding>

also you have to configure iis. You have to enable https in iis and also assign the certificate i think it is in Directory Security | Server Certificate.

and if it is a silverlight application then it will need some more extra development. Happy coding Machpanel:)

Raja Fawad
  • 737
  • 6
  • 9
  • SSL certificate is already installed on the server. What other certificate do i need? Also IIS settings have been done as needed. WCF is browesable over SSL/htps via web browser. – Steve Johnson Sep 15 '11 at 09:59