Hi all,
I am trying to understand whether or not it is possible use Active Directory authentication against an On-Premise instance (that has ADFS enabled) with the CRM 2011 SDK?
In the following
MSDN Article, it states that:
"For an on-premises or an Internet-facing deployment (IFD) installation of Microsoft Dynamics CRM 2011, the client proxy classes use claims-based authentication if an STS server is available. Otherwise, Active Directory authentication is used."
I've been using these classes fine so far (along with code from the CrmServiceHelpersnippet), but when ADSF/Claims-based is enabled on the server, the example code always uses Claims-Based authentication.
This makes sense (and seems to be recommended), but the problem we have is that when using this authentication method, you have to specify the Username/Password/Domain - e.g. you can't pass the cached credentials of the currently logged-in user (happy to be corrected on this!). The reason I want to do it this way is so that in our Desktop Application, we don't want all our users to have to specify their login details.
I've been having a stab at using these cached details (below), but when I try this I get the following error:
"The user authentication failed!"
try
{
OrganizationServiceProxy serviceProxy;
ClientCredentials clientCredentials = new ClientCredentials();
clientCredentials.Windows.ClientCredential = System.Net.CredentialCache.DefaultNetworkCredentials;
//clientCredentials.UserName.UserName = "admin";
//clientCredentials.UserName.Password = "pass";
Uri OrganizationUri = new Uri("https://MyServer:555/MyOrgName/XRMServices/2011/Organization.svc");
//Uri HomeRealmUri = new Uri("https://MyServer:555/XRMServices/2011/Discovery.svc");
using (serviceProxy = new OrganizationServiceProxy(OrganizationUri, null, clientCredentials, null))
{
serviceProxy.ServiceConfiguration.CurrentServiceEndpoint.Behaviors.Add(new ProxyTypesBehavior());
IOrganizationService service = (IOrganizationService)serviceProxy;
// Now make an SDK call with the organization service proxy.
// Display information about the logged on user.
Guid userid = ((WhoAmIResponse)service.Execute(
new WhoAmIRequest())).UserId;
Entity systemUser = service.Retrieve("systemuser", userid,
new ColumnSet(new string[] { "firstname", "lastname" }));
Console.WriteLine("Logged on user is {0} {1}.",
systemUser["firstname"], systemUser["lastname"]);
}
}
catch (Exception ex)
{
Console.WriteLine(ex);
}Has anyone managed to do this? (authenticating via Active Directory, NOT via Claims-Based)
Is it even possible?
Am also hoping that, if this can be achieved, that it would negate the pre-requisite for the Windows Identity Foundation to be installed as (as far as I can tell), this is only needed if you're doing Claims-based Authentication??
Many thanks to anyone who can point me in the right direction! :o)