Implement single sign-on from an ASPX webpage or IFRAME

 

Applies To: Dynamics CRM 2013

This topic describes how to develop a custom webpage that can make SDK calls to Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online on behalf of the logged-on Microsoft Dynamics CRM user. The typical use of this capability is to write a webpage that is displayed in an IFRAME of the Microsoft Dynamics CRM web application user interface. That webpage performs its intended operation, for example, providing a store front, while being hosted on a website independent of the site hosting CRM. However, the webpage can perform its operations on behalf of the logged-on CRM user. The result is seamless integration between a webpage and Microsoft Dynamics CRM.

Microsoft Dynamics CRM 2013 with a separate website

This scenario is for a Microsoft Dynamics CRM 2013 Internet-facing deployment (IFD) where a separate website hosts a custom ASPX webpage that is optionally displayed in an IFRAME of the Microsoft Dynamics CRM web application. This scenario uses federated claims. Therefore, you’ll have to set up a security token service (STS) server for identity management. You’ll also need a certificate to be used when making Microsoft Dynamics CRM and the website relying parties, which established cross-domain trust between these parties.

Background information

For more information about how to configure claims and a relying party, see the following Microsoft Dynamics CRM 2013 Implementation Guide topics:

  1.  Installing Guide for Microsoft Dynamics CRM 2013

    • Microsoft Dynamics CRM 2013 Post-Installation and Configuration Guidelines

      • Configure a Microsoft Dynamics CRM Internet-facing deployment
  2.  Planning Guide for Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online

    • Microsoft Dynamics CRM 2013 system requirements and required technologies

      • Accessing Microsoft Dynamics CRM from the Internet - Claims-based authentication and IFD requirements

For more information about identity management, see https://channel9.msdn.com/Learn/Courses/IdentityTrainingCourse

Sample code and walkthrough

An updated walkthrough and sample code that implements this scenario is coming in a future SDK release. For now, refer to the walkthrough and sample code in the previous release of the SDK.

CRM Online with an Azure-hosted webpage

This scenario is for use with Microsoft Dynamics CRM Online where Microsoft Azure hosts a custom webpage that is optionally displayed in an IFRAME of the Microsoft Dynamics CRM web application. This scenario uses federated claims, provided by the Windows Live  security token service (STS) server for identity management. You must provide a certificate to be used when making Microsoft Dynamics CRM Online and the Microsoft Azure website-relying parties, which established cross-domain trust between these parties.

Background information

For more information about how to configure a relying party, see the following topic: Secure Azure Web Role ASP.NET Web Application Using Access Control Service v2.0

For more information about identity management, see https://channel9.msdn.com/Learn/Courses/IdentityTrainingCourse

For more information about implementing this scenario including problems you may run into and the workarounds, see these blogs: CRM Online & Azure: Improving the SSO experience, and CRM Online & Azure Series.

Enable IFRAME communication across domains

If you want to enable communication for an IFRAME that contains content from a different domain, you can use the Window.postMessage method. This browser method can be used for Internet Explorer 8. Google Chrome, Mozilla Firefox, and Apple Safari also support this method. For more information about using postMessage, see the following blog posts:

See Also

Authenticate users with Microsoft Dynamics CRM 2013 web services
Sample: Impersonate using the ActOnBehalfOf privilege
Impersonate another user
Web resources for Microsoft Dynamics CRM 2013