Category Archives: Dynamics 365

Generating EarlyBound CRM Entities using Spkl Task Runner

16 Thursday Apr 2020

Posted by in Dynamics 365, Dynamics 365 CE Online, Dynamics CE 9

Leave a comment

Tags

,

In article we looked at how connection to CRM On-Premise can be established using Spkl  Task Runner. For developing Plugins, Workflows it is a common  to have early bound classes. CrmSvcUtil.exe facilitates generating early bound classes the same can be achieved using Spkl Task Runner.

The batch file earlybound.bat will create the *.cs files as per settings defined in spkl.json file

Untitled1

As per the settings defined the following will be expected output when earlybound.bat is run:

  • A single file name SbmaEarlyBoundTypes.cs containing definitions for entities specified
  • Namespace for the various classes will be SBMA.Crm.Entities
  • One *.cs file will be generated for every entity because of the setting “oneTypePerFile : true”, this can be set to false if the preference is work with only one *.cs file for all the entity type definitions

Right Click on the spkl folder and bring up the command prompt (if using VS 2019  install the extension Web Essentials 2019 so the command prompt can be launched from Visual Studio IDE)

Untitled3

Untitled2

Now run earlybound.bat

Untitled4

Untitled6

The created types is as highlighted below:

Untitled7

 

 

 

 

 

Solution Management

12 Sunday Apr 2020

Posted by in Dynamics 365, Dynamics 365 CE Online, Dynamics CE 9

Leave a comment

Tags

,

A xRM application built on Dynamics CRM platform consists of several components viz.,

  • Schema: Entities,Relationships between Entities, Option Sets
  • User Interface: SiteMap, Web Resources, Application & Entity Ribbons
  • Anlaytics: Reports, Dashboards
  • Code: Workflows, Plug-ins
  • Security: Roles (built-in and custom), Field Security profile
  • Templates: E-mail, Articles

The above can be packaged up as Unmanaged or Managed solutions so it can be deployed in the target environment.

Managed Solution: A self contained packaged  that can be installed/uninstalled in target environment. No ability to add/remove solution components, changes can made to solution components if already set through managed properties.

Unmanaged Solution: An unmanaged solution provides the ability to add/remove components, delete components (custom entities etc). All the components in unmanaged solution will be references to customizable components in the CRM organization.

When both unmanaged and managed solutions are imported into an organization, conflict resolution is done through Merge and Top Wins stragety

Merge: Applies to user interface components and unmanaged customizations will be last to be applied.

Top Wins: Applies Entities,Views, Security Roles. In case of managed solution the last managed solution imported will have the changes applied and on of this when an unmanaged solution is imported then previous changes are overwritten.

Example:

Consider a solution having “account” entity

solutionlayering1

solutionlayering2

Create two versions using “Clone a Patch” option to change the label on the Account form.

solutionlayering3

solutionlayering4

Change the Phone number label text for the above solution

solutionlayering5

Publish the changes and the Account form view will be:

solutionlayering6

Now create another Clone to Patch version 2:

solutionlayering7

solutionlayering8

The view of Account form after publishing the changes note this is the last Unmanaged Solution to be published.

solutionlayering9

A Comparison of Authentication and Authorization Frameworks

20 Thursday Feb 2020

Posted by in ADFS 4.0, ASP.NET Core, Dynamics 365, WebAPI

3 Comments

Tags

, ,

To provide Single Sign On (SSO) mechanism for users different authentication frameworks are in place viz., WS-Federation (WS-Fed), SAML, OAuth, Open ID and OpenID Connect.

WS-Fed and SAML (Security Assertion Mark-up Language) are still in use in corporate networks to allow users to connect to COTS (Commercial off the Shelf) products and bespoke applications. Federation (aka delegating authentication/authorization) is achieved using Active Directory Federation Services (ADFS) installed and configured on Windows Server OS.

The three essential components of federation are:

  • Sign-in protocol > What is the mechanism to access the application
  • Authentication protocol > How the user is verified
  • Token Type > Once the user validated what is returned back to the user after successful identification

In the article configuring Dynamics CRM platform for Claims Based Authentication was discussed. Let us look at capture of traffic in Fiddler to see what information gets passed on in Request and Response.

Request

Fiddler

As highlighted accessing https://crm.idynamics.dev/seis will route the request to https://adfs.idynamics.dev containing the following parameter(s)

wa=wsignin1.0 > Indicates ADFS service to invoke login

wtrealm=https%3a%2f%2fcrm.idynamics.dev%2f > Client application using ADFS service

wctx=rm%3d1%26id%3da33a2f6c-768e-48aa-9c3c-b594ef0f60b5%26ru%3d%252fseis%252fdefault.aspx%26crmorgid%3dfa61533b-ea52-ea11-83b5-0017fb000002 > Session data sent back

wct=2020-02-20T09%3a53%3a23Z > Time the application is accessed

wauth=urn%3afederation%3aauthentication%3awindows > Mode of Authentication

Response

Fiddler1

The response will confirm to SAML 1.1 as per specification and the following will be included as part of the “wresult” urn:oasis:names:tc:SAML:1.0:assertion

OAuth/Open ID/ OpenId Connect essentially use JWT (JSON Web Token).

JSON web token stores user information viz., id, permission set (aka claim rules) etc., in a compact format so information can be transmitted securely between client and server. The token will in the form of a string will be digitally signed using HMAC algorithm or RSA.
Available security algorithms are defined as constant string values in SecurityAlgorithms class of Microsoft.IdentityModel.Tokens namespace and in the sample project demonstrating Authentication using JWT we will be using HMAC algorithm.
JWT structure will consists of three parts [Header].[Payload].[Signature] represented as Base64-URL string
Header: A combination of token type + signing algorithm identified by claim set
typ (for token type) and alg (for signing algorithm) represented in JSON format this would look like the one below:

{
“alg”: “HS256”,
“typ:”JWT”
}
Payload: Consisting of claims about the user. A claim is represented as key/value pair combination. There are three types of claims Registered, Public and Private. The key part of the claim is limited to 3 characters
Registered: Predefined claims and can be viewed here

Public: Custom defined claims but need to be registered in public registry at

Private: Agreed custom claims between to applications.

Signature: Verifies that the message is not tampered during transmission.

Multiserver topology for Dynamics/SharePoint Setup

16 Sunday Feb 2020

Posted by in Dynamics 365, SharePoint 2019, Windows Server 2016

Leave a comment

Tags

,

In this article we looked at how quickly trial labs can be setup with the use of AutomatedLab PS modules. In this tutorial we will use the Automated Lab PS modules to set up the CRM Farm topology

CRMFarmTopology

The Git repository here has a PS script DynamicsCEFarm.ps1  and a output file ScriptOutputCRMFarm.txt that details the results of script run note that AutomatedLab PS module by default will assign a password and this can the changed. Total elapsed time for initial server configuration was about 30 mintues.

AutomatedLab PS modules can also be used to install SQL Server and other products but for purposes of setting up test lab after initial server configuration I followed through the articles as per below to install and configure other services on Windows 2016 OS

 

 

 

Spkl Task Runner connecting to CRM Instance

15 Saturday Feb 2020

Posted by in Dynamics 365, Spkl

1 Comment

In the article Spkl Task runner was used to unpack the CRM solution components. If you have to connect to a new instance and save the configuration information before unpacking the solution components then follow the steps below:

In the example I am connecting CRM 365 on-premise

spklTaskRunner3

In Dynamics 365 CE online an organization is very much an Instance but in on-premise we will have multiple organizations and this will be listed once successfully authenticated

spklTaskRunner4

The settings are saved under AppData\Roaming… in Credentials.xml

Untitled

If the file Credentials.xml is deleted then you will be prompted to enter CRM Server,Port again.

 

 

 

 

 

 

 

AutoNumber using XrmToolBox

26 Thursday Dec 2019

Posted by in Dynamics 365, Dynamics 365 CE Online, Dynamics CE 9, Uncategorized

Leave a comment

Tags

Xrmtoolbox provides a plugin “Auto Number Manager” that can be used to configure autonumbering for any entity in the CRM solution. Refer here for list of available plugin’s. Once AutoManager plugin is installed it will be available in the start up page of Xrmtool box

AutoManager1

Once connected to CRM organization (aka Instance) the list of solutions will be displayed as per below and selecting a solution will display the list of entities for that solution:

AutoManager2

In the following example autonumber format is set for the Account Number field of Member entity

AutoManager3

AutoManager4

The Number Format set in above is as per below

{PreFix}-{6 digit sequence number}-{Random String}

Seed value indicates the starting number of sequence

Click on Update once the format is acceptable.

AutoManager5

 

 

 

 

Failure to access CRM Organization URL with FQDN on the server

18 Wednesday Sep 2019

Posted by in CRM 2011, CRM2013, CRM2015, CRM2016, Dynamics 365, Dynamics CE 9, Uncategorized

Leave a comment

After installing CRM platform and changing the web address from Deployment Manager console as per below

DisableLoopBack

It will not be possible to browse the Organization created from Deployment Manager and the event viewer will record “Event 4625 Audit Failure NULL SID failed network logons..” this is because of LoopbackCheck feature of the Windows Server that prevents IIS sites being accessed using FQDN in the URL. Run the following PS command to disable the loopback check

New-ItemProperty HKLM:\System\CurrentControlSet\Control\Lsa -Name “DisableLoopbackCheck” -value “1” -PropertyType dword

Also check that the CRM application pool account has the correct SPN set as an example for FQDN crm.idynamics.dev the SPN for app pool account will be

DisableLoopBack1

 

 

Defining GPO for Dynamics 365

10 Saturday Feb 2018

Posted by in CRM2015, CRM2016, Dynamics 365

4 Comments

Tags

,

To install Dynamics 365 platform it is a good practice to have a well-defined Organization Unit (OU) in the Active Directory domain. The different OU’s  that can be created in AD structure include the following:

 

  • Service Accounts : Listing the various service accounts that will be used for the various CRM platform roles, SQL Server, SSRS, Active Directory Federation Services (ADFS) etc.
  • Groups: This will have all of the four groups viz., PrivReportingGroup, PrivUserGroup, ReportingGroup, SqlAccessGroup that are part of the CRM platform
  • LocalAdmin: This will contain groups that will assign LocalAdmin and SysAdmin permissions to the servers.
  • RestrictedGroups: This will contain groups that will assing LogonAsService, LogonAsBatch, ImpersonateClient, PerformanceLogUsers.
  • Servers: Contains the list of servers where the GPO will be applied

With the above requirements, the AD OU group(s) structure in test domain idynamics.dev is as per below:

Capture1

 

Service Account(s) for CRM platform defined as per below:

Capture5.png

With above structure in place we will now go ahead and create Group Policy Objects required:

  • Open Group Policy Management editorCapture6
  • Create a DB Admin GPO purpose is to have Administrator permissions on SQL Server

Right-click on Group Policy Objects > New and enter the following

Capture7

Now we will associate CRM-DEV-SQL-Administrator group to this GPO to have Administrator permission on the server DEV-CRM.

Right-click on DB Admin GPO and bring up the Edit dialogue window

Capture8

Navigate to Computer Configuration > Policies> Windows Settings > Security Settings> Restricted > Add Group and add CRM-DEV-SQL-Administrator.  Configure membership as per the following:

Capture9

Capture10.png

Now that the GPO is defined we will link the above to the computers listed under Server OU

Capture11

In the Group Policy Management editor right-click on server and Link to an existing GPO

Capture12

Capture13

Now logon to the server DEV-CRM and the CRM-DEV-SQL-Administrator group should be published through GPO in the Local Administrator group

Capture14

Following similar steps create additional GPO’s as per the following table:

Capture15

Capture16.png

Issues and Limitations of Claim-based authentication when used with Dynamics CRM

20 Tuesday Oct 2015

Posted by in ADFS, ADFS 4.0, CRM2015, CRM2016, Dynamics 365, Dynamics CE 9

Leave a comment

The following are some of the limitations of accessing Dynamics CRM platform using Claims-based authentication

  • Dynamics CRM does not enforce strong password policy and this task is handled by AD.
  • ADFS federation server sessions are valid up to 8 hours for deactivated or deleted users. The ADFS server tokens allocated to a web single sign-on (SSO) have cookie expiration of 8 hours. Therefore even when a user is deactivated or deleted from authentication provider as long as the user session is still active the user can continue to be authenticated to access resources.
  • Certificates created using the CNG key template are incompatible with Microsoft Dynamics CRM.
  • CRMAppPool account used for Dynamics CRM website must have read permission to the private key or encryption certificate.

Work around option(s):

  1. Disable the user in Dynamics CRM and AD.
  2. Reduce the ADFS token life time. (Power Shell). In ADFS 4.0 on Server 2016 TokenLifetime is replaced with SsoLifeTime and default is set to 480

 New Picture