Implement single sign-on from an ASPX webpage or IFRAME

 

Applies To: Dynamics CRM 2015

This topic describes how to develop a custom webpage that can make SDK calls to Microsoft Dynamics CRM 2015 and Microsoft Dynamics CRM Online 2015 Update on behalf of the Microsoft Dynamics CRM user who is signed in. The typical use of this capability is to write a webpage that is displayed in an inline frame in the Microsoft Dynamics CRM web application user interface. That webpage performs its intended operation, for example, providing a store front, while being hosted on a website independent of the site that’s hosting CRM. However, the webpage can perform its operations on behalf of the CRM user who is signed in. The result is seamless integration between a webpage and Microsoft Dynamics CRM.

Microsoft Dynamics CRM 2015 with a separate website

This scenario is for a Microsoft Dynamics CRM 2015 Internet-facing deployment (IFD) where a separate website hosts a custom ASPX webpage that is optionally displayed in an inline frame of the Microsoft Dynamics CRM web application. This scenario uses federated claims. Therefore, you’ll have to set up a security token service (STS) server for identity management. You’ll also need a certificate to be used when making Microsoft Dynamics CRM and the website relying parties, which established cross-domain trust between these parties.

Background information

For more information about how to configure claims and a relying party, see the following topics in TechNet: Deploying and administering Microsoft Dynamics CRM:

For more information about identity management, see the identity training course.

More information: Walkthrough: Single Sign-on from a Custom Web Page in the Microsoft Dynamics CRM 2011 SDK.

CRM Online with an Azure-hosted webpage

This scenario is for use with Microsoft Dynamics CRM Online where Microsoft Azure hosts a custom webpage that’s optionally displayed in an inline frame of the Microsoft Dynamics CRM web application. This scenario uses federated claims, provided by the Windows Live  security token service (STS) server for identity management. You must provide a certificate to be used when making Microsoft Dynamics CRM Online and the Microsoft Azure website relying parties, which established cross-domain trust between these parties.

Background information

For more information about how to configure a relying party, see the following topic: Secure Azure Web Role ASP.NET Web Application Using Access Control Service v2.0

For more information about identity management, see https://channel9.msdn.com/Learn/Courses/IdentityTrainingCourse

For more information about implementing this scenario including problems you may run into and the workarounds, see these blogs: CRM Online & Azure: Improving the SSO experience, and CRM Online & Azure Series.

Enable IFRAME communication across domains

If you want to enable communication for an inline frame that contains content from a different domain, you can use the Window.postMessage method. This browser method can be used for Internet Explorer 8. Google Chrome, Mozilla Firefox, and Apple Safari also support this method. For more information about using postMessage, see the following blog posts:

See Also

Authenticate users with Microsoft Dynamics CRM web services
Sample: Impersonate using the ActOnBehalfOf privilege
Impersonate another user
Web resources for Microsoft Dynamics CRM

© 2016 Microsoft. All rights reserved. Copyright