Tag Cloud

CRM 2011 (161) CRM 4.0 (144) C# (116) JScript (109) Plugin (92) Registry (90) Techpedia (77) PyS60 (68) WScript (43) Plugin Message (31) Exploit (27) ShellCode (26) FAQ (22) JavaScript (21) Killer Codes (21) Hax (18) VB 6.0 (17) Commands (16) VBScript (16) Quotes (15) Turbo C++ (13) WMI (13) Security (11) 1337 (10) Tutorials (10) Asp.Net (9) Safe Boot (9) Python (8) Interview Questions (6) video (6) Ajax (5) VC++ (5) WebService (5) Workflow (5) Bat (4) Dorks (4) Sql Server (4) Aptitude (3) Picklist (3) Tweak (3) WCF (3) regex (3) Config (2) LINQ (2) PHP (2) Shell (2) Silverlight (2) TSql (2) flowchart (2) serialize (2) ASHX (1) CRM 4.0 Videos (1) Debug (1) FetchXml (1) GAC (1) General (1) Generics (1) HttpWebRequest (1) InputParameters (1) Lookup (1) Offline Plug-ins (1) OutputParameters (1) Plug-in Constructor (1) Protocol (1) RIA (1) Sharepoint (1) Walkthrough (1) Web.config (1) design patterns (1) generic (1) iframe (1) secure config (1) unsecure config (1) url (1)

Pages

Wednesday, February 20, 2013

Impersonation in Plug-ins

Impersonation is used to execute business logic (code) on behalf of a Microsoft Dynamics CRM system user to provide a desired feature or service for that user. Microsoft Dynamics CRM obtains the pre-entity and post-entity images that are passed to plug-ins in the execution context on behalf of the impersonated system user. Any business logic executed within a plug-in, including Web service method calls, is governed by the security privileges of the impersonated user.

Plug-ins execute under the security account, which is specified on the Identity tab of the CRMAppPool Properties dialog box. The dialog box can be accessed by right-clicking the CRMAppPool application pool in Internet Information Services (IIS) Manager and then clicking Properties in the shortcut menu. By default,CRMAppPool uses the Network Service account identity. If the CRMAppPool identity is changed to a system account other than Network Service, the new identity account must be added to the PrivUserGroup group in Active Directory.

The two methods that can be employed to impersonate a user are discussed in the next two topics.

Impersonation during plug-in registration

One method to impersonate a system user within a plug-in is by specifying the impersonated user during plug-in registration. When registering a plug-in, if theimpersonatinguserid field of the sdkmessageprocessingstep or SdkMessageProcessingStepRegistration class instance is set to a specific Microsoft Dynamics CRM system user, Web service calls made by the plug-in execute on behalf of the impersonated user. If the impersonatinguserid field is set to a value of null orGuid.Empty during plug-in registration, the calling/logged on user or the standard "system" user is the impersonated user.

Whether the calling/logged on user or "system" user is used for impersonation is dependent on the request being processed by the pipeline and is beyond the scope of the SDK documentation. For more information about the "system" user, refer to the next topic.

Impersonation during plug-in execution

Impersonation that was defined during plug-in registration can be altered in a plug-in at run time. Even if impersonation was not defined at plug-in registration, plug-in code can still use impersonation. The following discussion identifies the key properties and methods that play a role in impersonation when making Web service method calls in a plug-in.

The platform passes the impersonated user ID to a plug-in at run time through the IPluginExecutionContext.UserId property. The UserId property can have one of three different values as shown in the table below.

UserId Value
Condition

Initiating user

or

"system" user

The impersonatinguserid property of the sdkmessageprocessingstep or SdkMessageProcessingStepRegistration class instance is set to null orGuid.Empty at plug-in registration.

Impersonated user
The impersonatinguserid property is set to a valid system user ID at plug-in registration.

"system" user
The current pipeline was executed by the platform, not in direct response to a Web service method call.

If you specify an impersonated user during plug-in registration, you should set up the Web service proxy in the plug-in by passing a value of true to theCreateCrmService method or the CreateMetadataService method. Passing a value of true indicates to use the ID in the IPluginExecutionContext.UserId property as the impersonated user. The following code example shows how to do this.

Example

[C#] ICrmService service = context.CreateCrmService(true);

This is equivalent to the following code:

Example

[C#] ICrmService service = context.CreateCrmService(context.UserId);

To ignore any impersonating user set during plug-in registration, use the following code.

Example

[C#] ICrmService service = context.CreateCrmService(false);

When a value of false is passed to the CreateCrmService method or the CreateMetadataService method, the platform uses the built-in "system" account to execute Web service method calls made by your plug-in code. The "system" account is a high privilege user account with some restrictions. For example, the "system" account cannot create a task activity.

The InitiatingUserId property of IPluginExecutionContext contains the ID of the system user that called the Web service method that ultimately caused the plug-in to execute. The following code shows how to create a Web service proxy to make Web method calls on behalf of the initiating user.

Example

[C#] ICrmService service = context.CreateCrmService(context.InitiatingUserId);

If the impersonatinguserid property is set during plug-in registration, this line of code effectively ignores that setting for any Web method calls to the Web service.

For plug-ins executing offline, any entities created by the plug-in are owned by the logged on user. Impersonation in plug-ins is not supported while in offline mode.

Note   When you register a plug-in by using the plug-in registration sample tools that are provided with the SDK, Web service methods invoked by the plug-in always execute under the account of the calling or logged on user. The tools do not offer impersonation as a supported feature. For more information about the tool sample code, see Sample Code.

Hide show and select tabs in CRM 4.0

How to hide, show and select tabs in CRM 4.0 If you already worked with Microsoft Dyamics CRM 4.0, you know that almost everything you do with JavaScript is considered a "hack" because you manipulate the DOM of the pages by yourself. Because of this I decided to give you some help with differents helper methods I developped at my day job. I'm currently working on a big development project involving CRM.

Hide a tab in CRM 4.0

 
/* Jscript: Hide a tab in CRM 4.0 */




function HideTab(tabNumber)
{
var tab = document.getElementById("tab" + (tabNumber - 1).toString() + "Tab");
tab.style.display = "none";
}

Show a tab in CRM 4.0

 
/* Jscript: Show a tab in CRM 4.0 */
function ShowTab(tabNumber)
{
var tab = document.getElementById("tab" + (tabNumber - 1).toString() + "Tab");
tab.style.display = "";
}

Select a tab in CRM 4.0

 
/* Jscript: Select a tab in CRM 4.0 */
function SelectTab(tabNumber)
{
var tab = document.getElementById("tab" + (tabNumber - 1).toString() + "Tab");
tab.click();
}

CRM 4.0 Videos with John-ODonnell

: Installation

: Report Wizard

: Data Migration Manager

: Workflow and Processes

: Advanced Find

: Import Data Wizard

: Duplicate Detection

: Security

: Multicurrency

: Multi-Tenancy

Using CrmDiscoveryService

Type Value Description
AD 0 Specifies Active Directory authentication.
Passport 1 Specifies Windows Live ID authentication.
Spla 2 Specifies Internet-Facing Deployment authentication

1. Active Directory authentication.Sample code
 

try{

String username = "domain\\user";
String password = "password";
String authType = "AD";
String OrganizationName = "orgName";
String hostBame = "http://xxx.xxx.x.xxx";
String CrmDiscoveryURL = hostBame + "/MSCRMServices/2007/"+ authType + "/CrmDiscoveryService.asmx";


CrmDiscoveryURL = CrmDiscoveryURL.toLowerCase();

CrmDiscoveryServiceLocator discoveryServiceLoc = new CrmDiscoveryServiceLocator();
discoveryServiceLoc.setCrmDiscoveryServiceSoapEndpointAddress(CrmDiscoveryURL);
CrmDiscoveryService discoveryService = (CrmDiscoveryService) discoveryServiceLoc;
CrmDiscoveryServiceSoapStub discoveryServiceSoap = (CrmDiscoveryServiceSoapStub) discoveryService.getCrmDiscoveryServiceSoap();


discoveryServiceSoap.setUsername(username);
discoveryServiceSoap.setPassword(password);

RetrieveOrganizationsRequest orgRequest = new RetrieveOrganizationsRequest();
orgRequest.setUserId(username);
orgRequest.setPassword(password);
RetrieveOrganizationsResponse orgResp = (RetrieveOrganizationsResponse) discoveryServiceSoap.execute(orgRequest);

OrganizationDetail orgInfo = null;
com.microsoft.schemas.crm._2007.CrmDiscoveryService.ArrayOfOrganizationDetail arrayOfDetail= orgResp.getOrganizationDetails();
OrganizationDetail[] orgdetails = arrayOfDetail.getOrganizationDetail();


for (int i = 0; i < orgdetails.length; i++) {


System.out.println("orgdetails[i].getOrganizationName() = "+ orgdetails[i].getOrganizationName());
if (orgdetails[i].getOrganizationName().equalsIgnoreCase(OrganizationName)) {

orgInfo = orgdetails[i];
break;
}
}

int AD = 0;
CrmAuthenticationToken token = new CrmAuthenticationToken();
token.setAuthenticationType(AD);
token.setOrganizationName(OrganizationName);


String CrmServiceUrl = orgInfo.getCrmServiceUrl();




CrmServiceSoapStub adminBinding = (CrmServiceSoapStub) new CrmServiceLocator().getCrmServiceSoap(new URL(CrmServiceUrl));

adminBinding.setHeader("http://schemas.microsoft.com/crm/2007/WebServices","CrmAuthenticationToken", token);

adminBinding.setUsername(username);
adminBinding.setPassword(password);

WhoAmIRequest whoRequest = new WhoAmIRequest();
WhoAmIResponse whoResp = (WhoAmIResponse) adminBinding.execute(whoRequest);

String UserId = whoResp.getUserId();

System.out.println("userid = "+ UserId);

}catch(Exception e){
e.printStackTrace();
}





2. Passport Authentication
Sample code
 
String authType = "Passport";
CrmDiscoveryServiceLocator discoveryServiceLoc = new CrmDiscoveryServiceLocator();
discoveryServiceLoc.setCrmDiscoveryServiceSoapEndpointAddress("http://" + hostName + "/MSCRMServices/2007/" + authType + "/CrmDiscoveryService.asmx");

CrmDiscoveryService discoveryService = (CrmDiscoveryService) discoveryServiceLoc;
CrmDiscoveryServiceSoapStub discoveryServiceSoap = (CrmDiscoveryServiceSoapStub) discoveryService.getCrmDiscoveryServiceSoap();

// Retrieve Policy Request
RetrievePolicyRequest policyRequest = new RetrievePolicyRequest();
RetrievePolicyResponse policyResponse = (RetrievePolicyResponse) discoveryServiceSoap.execute(policyRequest);

String passportTicket = getPassportTicket(policyResponse.getPolicy(),userName, password);

RetrieveCrmTicketRequest crmTicketRequest = new RetrieveCrmTicketRequest();
crmTicketRequest.setOrganizationName(organization);
crmTicketRequest.setPassportTicket(passportTicket);
crmTicketResponse = (RetrieveCrmTicketResponse) discoveryServiceSoap.execute(crmTicketRequest);

if (crmTicketResponse != null) {

CrmAuthenticationToken token = new CrmAuthenticationToken();
int PASSPORT = 1;
token.setAuthenticationType(PASSPORT);
token.setCallerId("00000000-0000-0000-0000-000000000000");
token.setOrganizationName(crmTicketResponse.getOrganizationDetail().getOrganizationName());
token.setCrmTicket(crmTicketResponse.getCrmTicket());
String crmServiceUrl = crmTicketResponse.getOrganizationDetail().getCrmServiceUrl();// we can store it in db w.r.t user,pass,org and retrieve
CrmServiceSoapStub crmServiceSoapStub = (CrmServiceSoapStub) new CrmServiceLocator().getCrmServiceSoap(new URL(crmServiceUrl));


crmServiceSoapStub.setHeader("http://schemas.microsoft.com/crm/2007/WebServices","CrmAuthenticationToken", token);

WhoAmIRequest whoRequest = new WhoAmIRequest();
whoRequest.setOptionalParameters(new OptionalParameter[] {});

WhoAmIResponse whoResp = (WhoAmIResponse) crmServiceSoapStub.execute(whoRequest);
System.out.println("----------getUserId()----------------->"+ whoResp.getOrganizationId());
}

private String getPassportTicket(String policy, String userName, String password) {

String ticket= null;


try{

String passportDomain = "crm.dynamics.com";//partner
String environment = "Production";
ticket = new MSLogonManager().logon(userName, password, passportDomain, policy, environment);
System.out.println("ticket = "+ticket);

}catch(Exception e){

e.printStackTrace();
}
return ticket;
}







3. IFD Authentication




String hostBame = "https://xx.xxxx.xxx";
String OrganizationName = "orgName";
String username = "usernam";
String password = "password";

String CrmDiscoveryURL = hostBame+"/mscrmservices/2007/spla/crmdiscoveryservice.asmx";

CrmDiscoveryServiceLocator discoveryServiceLoc = new CrmDiscoveryServiceLocator();
discoveryServiceLoc.setCrmDiscoveryServiceSoapEndpointAddress(CrmDiscoveryURL);
CrmDiscoveryService discoveryService = (CrmDiscoveryService) discoveryServiceLoc;
CrmDiscoveryServiceSoapStub discoveryServiceSoap = (CrmDiscoveryServiceSoapStub) discoveryService.getCrmDiscoveryServiceSoap();

discoveryServiceSoap.setUsername(username);
discoveryServiceSoap.setPassword(password);

RetrieveOrganizationsRequest orgRequest = new RetrieveOrganizationsRequest();
orgRequest.setUserId(username);
orgRequest.setPassword(password);
RetrieveOrganizationsResponse orgResp = (RetrieveOrganizationsResponse) discoveryServiceSoap.execute(orgRequest);

OrganizationDetail orgInfo = null;
com.microsoft.schemas.crm._2007.CrmDiscoveryService.ArrayOfOrganizationDetail arrayOfDetail = orgResp.getOrganizationDetails();
OrganizationDetail[] orgdetails = arrayOfDetail.getOrganizationDetail();


for (int i = 0; i < orgdetails.length; i++) {

System.out.println(" getIFDBindingToCrm orgdetails[i].getOrganizationName() "+ orgdetails[i].getOrganizationName());

if (orgdetails[i].getOrganizationName().equalsIgnoreCase(OrganizationName)) {

orgInfo = orgdetails[i];
break;
}
}

RetrieveCrmTicketRequest crmTicketRequest = new RetrieveCrmTicketRequest();
crmTicketRequest.setOrganizationName(OrganizationName);//orgInfo.getOrganizationName());
crmTicketRequest.setUserId(username);
crmTicketRequest.setPassword(password);
RetrieveCrmTicketResponse crmTicketResponse = (RetrieveCrmTicketResponse) discoveryServiceSoap.execute(crmTicketRequest);

if (crmTicketResponse != null) {//

int IFD = 2;
CrmAuthenticationToken token = new CrmAuthenticationToken();
token.setAuthenticationType(IFD);
token.setOrganizationName(orgInfo.getOrganizationName());
token.setCrmTicket(crmTicketResponse.getCrmTicket());

String CrmServiceUrl = orgInfo.getCrmServiceUrl();
System.out.println("CrmServiceUrl-" + CrmServiceUrl);

CrmServiceSoapStub adminBinding = (CrmServiceSoapStub) new CrmServiceLocator().getCrmServiceSoap(new URL(CrmServiceUrl));

adminBinding.setHeader("http://schemas.microsoft.com/crm/2007/WebServices","CrmAuthenticationToken", token);

adminBinding.setUsername(username);
adminBinding.setPassword(password);

WhoAmIRequest whoRequest = new WhoAmIRequest();
WhoAmIResponse whoResp = (WhoAmIResponse) adminBinding.execute(whoRequest);
String UserId = whoResp.getUserId();

System.out.println("UserId="+UserId);
}