Thursday, May 24, 2012
double hop authentication resolution
The dreaded doublehop authentication issue was recently a thorn in my side no one was able to answer. Finally I have come to the answer. For anyone out there having this issue, there are only a few steps you need to follow to get you website to call your wcf with the logged on users authentication. I am not sure that all of the steps below are needed, but if it works I am willing to do them all. I have highlighted the key components of each that I believe together resolve this issue.
On the wcf method (not the interface declaration)
<OperationBehavior(impersonation:=ImpersonationOption.Allowed)>
Add a Behavior attribute to the WCF Project config (this can either be added directly to config or added via wcf configuration utility
<behaviors>
<serviceBehaviors>
<behavior name="customBehaviorName">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceAuthorization principalPermissionMode="UseWindowsGroups" impersonateCallerForAllOperations="true" />
</behavior>
</serviceBehaviors>
</behaviors>
In the website add the service reference to the WCF service
set up the serviceclient
Dim client As New ServiceReference1.Service1Client()
client.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Delegation
client.ChannelFactory.Credentials.Windows.ClientCredential = System.Net.CredentialCache.DefaultNetworkCredentials
client.methodWithPassThroughAuthentication()
As a note, at the IIS level I also have Windows Authentication and ASP.NET Impersonatation enabled on the Website , and Anonymous Authentication and Windows Authentication enabled for the WCF service.
thanks to Peter T for providing the link that finally led me to figure this one out.
http://blogs.msdn.com/b/securitytools/archive/2009/11/04/double-hop-windows-authentication-with-iis-hosted-wcf-service.aspx
Bind enum to dropdownlist
Public Function GetListItemsFromEnum(enumType As Type) As ListItemCollection
'container to be returned
Dim items As New ListItemCollection()
'break down the enumerator items into key/value pairs
Dim names As String() = [Enum].GetNames(enumType)
Dim values As Array = [Enum].GetValues(enumType)
'piece together the key/pairs into the listitem collection
For i As Integer = 0 To names.Length - 1
items.Add(New ListItem(names(i).ToString, CInt(values(i)).ToString))
Next
'return it
Return items
End Function
Public Sub Page_Load(sender as object, e as eventargs) handles Me.Load
ddl.DataSource = GetListItemsFromEnum(GetType(EnumerationName))
ddl.DataTextField = "text"
ddl.DataValueField = "value"
ddl.DataBind()
End Sub
code thanks to http://forums.asp.net/t/1269514.aspx/1
Tuesday, March 27, 2012
Setting up Exchange OWA in Outlook
Having a test environment is a great thing. Having a test environment which is an exact virtual copy of production is a wonderful thing. However, as a developer connected to that test environment it is hard to keep up with meeting requests, emails, etc when outlook must be viewed through Exchange OWA.
After reaching my limit of sending emails and not having them go to their intended recipients (having been caught in the test environment exchange), and consulting our resident Network guru, here is the answer:
Add a host file record for the ip of the owa url.
for: https://12.123.12.123/exchange / https://webmail.domain.com/
add 12.123.12.123 webmail.domain.com
Next flushdns
Open cmd prompt and type ipconfig -flushdns
Then we begin adding the outlook account
Open control panel
Click Mail
Show Profiles
Add
Name the profile whaterver you want.
Ok
Manually configure server settings or additional server types
Next
Microsoft Exchange or compatible service
Next
More Settings
Click the Security tab
Check Always prompt for logon credentials
Click the Connection tab
check Connect to Microsoft Exchange using HTTP
then click on the Exchange Proxy Settings
type webmail.domain.com (this is the key. The url here needs to match the url on the owa certificate)
check the On fast networks, connect using HTTP first, then connect using TCP/IP
click ok
type the fqdn of the exchange server (i.e. server.domain.com)
type your email and check names.
If everything went successfully you should be able to finish as you would normally. Click next and if you want this to be the default profile be sure to set it on the mail profiles window.
Hope this helps someone else out there as I know I banged my head over this one for a while.
After reaching my limit of sending emails and not having them go to their intended recipients (having been caught in the test environment exchange), and consulting our resident Network guru, here is the answer:
Add a host file record for the ip of the owa url.
for: https://12.123.12.123/exchange / https://webmail.domain.com/
add 12.123.12.123 webmail.domain.com
Next flushdns
Open cmd prompt and type ipconfig -flushdns
Then we begin adding the outlook account
Open control panel
Click Mail
Show Profiles
Add
Name the profile whaterver you want.
Ok
Manually configure server settings or additional server types
Next
Microsoft Exchange or compatible service
Next
More Settings
Click the Security tab
Check Always prompt for logon credentials
Click the Connection tab
check Connect to Microsoft Exchange using HTTP
then click on the Exchange Proxy Settings
type webmail.domain.com (this is the key. The url here needs to match the url on the owa certificate)
check the On fast networks, connect using HTTP first, then connect using TCP/IP
click ok
type the fqdn of the exchange server (i.e. server.domain.com)
type your email and check names.
If everything went successfully you should be able to finish as you would normally. Click next and if you want this to be the default profile be sure to set it on the mail profiles window.
Hope this helps someone else out there as I know I banged my head over this one for a while.
Friday, March 16, 2012
Take that popup!
Ever been to a website that puts an annoying popup right over the link that you want to click. As if that isn't annoying enough some sites don't have any apparent way of closing said annoying popup. Introducing Internet Explorer developer tools. With a few quick steps you can blast that popup off the screen.
Basic connection for CRM2011 sdk on premise
Private Function getCRM(ByVal userauth as Boolean, Optional ByVal userid as String = nothing) As IOrganizationService
Dim cred As New ClientCredentials()
if userauth then
cred.Windows.ClientCredential = System.Net.CredentialCache.DefaultNetworkCredentials
else
cred.Windows.ClientCredential = New System.Net.NetworkCredential("username", "password", "domain")
end if
Dim org As New Uri("http://crm/orgname/xrmservices/2011/organization.svc")
Dim proxy As New OrganizationServiceProxy(org, Nothing, cred, Nothing)
proxy.EnableProxyTypes()
if not userid is nothing then proxy.callerid = new guid(userid)
Dim orgservice As IOrganizationService = proxy
Return orgservice
End Function
An important note about this approach is that if userauth is false, and a userid is not supplied or the userid is not actually present in the crm system thetyped credentials will be used. In other words even an incorrect userid will succeed. The call will just not be made as the intended user.
Dim cred As New ClientCredentials()
if userauth then
cred.Windows.ClientCredential = System.Net.CredentialCache.DefaultNetworkCredentials
else
cred.Windows.ClientCredential = New System.Net.NetworkCredential("username", "password", "domain")
end if
Dim org As New Uri("http://crm/orgname/xrmservices/2011/organization.svc")
Dim proxy As New OrganizationServiceProxy(org, Nothing, cred, Nothing)
proxy.EnableProxyTypes()
if not userid is nothing then proxy.callerid = new guid(userid)
Dim orgservice As IOrganizationService = proxy
Return orgservice
End Function
An important note about this approach is that if userauth is false, and a userid is not supplied or the userid is not actually present in the crm system thetyped credentials will be used. In other words even an incorrect userid will succeed. The call will just not be made as the intended user.
Deleting all workflows and processes from CRM3
So at work we are currently doing an upgrade of Dynamics CRM3 to CRM 2011 on premise. Upon attempting the upgrade from 3 to 4 the workflows were taking a long time to convert...like 20+ hours. Going to Microsoft we were able to gain a script to remove all closed workflow log data. Unfortunately due to years of bad workflows in the system the majority of the workflows were not closed. Knowing that all of the workflows would be better handled with the addition of plugins in our new environment we just wanted to delete all the workflows, logs, rules, processes...the whole lot. Well after playing some with working out the correct process here we go.
these ran fine however we encountered a constraint when deleting WFProcess and WFStep. The fix was as easy as modifying one of the tables relationships (process_steps) and setting the enforce foreign key constraint to no. Running the deletes after that were easy.
after deleting all of this workflow data we were able to convert a 23 hour upgrade to about 3:50 hours.
delete WFParameter
delete WFActionLog
delete WFAction
delete WFCondition
delete WFRuleLog
delete WFProcessInstance
delete WFRule
these ran fine however we encountered a constraint when deleting WFProcess and WFStep. The fix was as easy as modifying one of the tables relationships (process_steps) and setting the enforce foreign key constraint to no. Running the deletes after that were easy.
delete WFProcess
delete WFstep
after deleting all of this workflow data we were able to convert a 23 hour upgrade to about 3:50 hours.
Subscribe to:
Posts (Atom)