We have three servers that all share the same database. One server is internet facing.
我们有三台服务器共享同一个数据库。一台服务器面向互联网。
I have a web page in an IFRAME in CRM that talks to the CRM web service using the standard method of connecting for on-premise. When this IFRAME is displayed through the IFD with users logged in through the forms authentication element, you are asked for login credentials.
我在CRM中的IFRAME中有一个网页,它使用标准的内部连接方法与CRM Web服务进行通信。当IFD通过表单身份验证元素登录时,通过IFD显示此IFRAME时,系统会要求您提供登录凭据。
How do I get around this?
我该如何解决这个问题?
EDIT
The IFRAME that targets the CRM service is on four servers. Two of the servers are used for IFD and On-premise use. The other two are for on-premise only. They are all in the same domain. All of the users are internal users that can log in through the web if they are using a customer's computer or a machine in an Internet cafe and therefore can't use the VPN.
面向CRM服务的IFRAME位于四台服务器上。其中两台服务器用于IFD和内部部署。另外两个仅用于内部部署。它们都在同一个域中。所有用户都是内部用户,如果他们使用客户的计算机或网吧中的计算机,则可以通过网络登录,因此无法使用VPN。
3 个解决方案
#1
A few questions to better understand you issue. Is the iframe which targets CrmService on the same IFD server? Is the IFD server on the same domain as the rest of the servers? When you say users are logged in are you refereeing to local domain users or external users?
一些问题可以更好地了解您的问题。 iframe是否在同一IFD服务器上以CrmService为目标? IFD服务器与其他服务器位于同一个域中吗?当您说用户已登录时,您是在向本地域用户还是外部用户裁判?
#2
I suspect the problem is not the services, but the IFrame. When you authenticate to MSCRM via on-premise you are doing Windows Authentication, and when you should the IFrame that authentication request is done again. Since the browser knows everything it needs this is all handled transparently.
我怀疑问题不是服务,而是IFrame。当您通过内部部署对MSCRM进行身份验证时,您正在进行Windows身份验证,并且当您应该再次执行身份验证请求的IFrame时。由于浏览器知道它需要的一切,所以这一切都是透明处理的。
When using IFD, you are not using authentication on the web server level - you are doing it using forms based which is on the application level. You IFrame though is still wanting authentication, and thus the iframe prompts for authentication.
使用IFD时,您没有在Web服务器级别上使用身份验证 - 您使用的是基于应用程序级别的表单。你IFrame仍然需要身份验证,因此iframe会提示进行身份验证。
If you were having a service problem, the IFrame would display and what ever action triggers the service call would fail with a 400 or 500 error.
如果您遇到服务问题,IFrame将显示以及触发服务调用的操作将因400或500错误而失败。
So the question comes in how do you build a web page that can cater for windows authentication and forms based? Well that is easy in MSCRM, first make sure you are not running authentication on the web page - set it to anonymous. That ensures no more popups, then make sure you use the CrmAuthenticationToken code to get the token and use that for all calls. You should not be setting the .Credentials property of the service itself.
那么问题在于如何构建一个可以满足Windows身份验证和表单的网页?那么在MSCRM中很容易,首先要确保你没有在网页上运行身份验证 - 将其设置为匿名。这确保不再有弹出窗口,然后确保使用CrmAuthenticationToken代码获取令牌并将其用于所有调用。您不应该设置服务本身的.Credentials属性。
#3
Assuming you're deploying your page within the CRM website (and not its own virtual directory) then here is pointing you at the SDK article for what Robert mentioned:
假设您正在CRM网站(而不是自己的虚拟目录)中部署您的页面,那么这里指向您关于Robert提到的SDK文章:
See the SDK topic titled: Authentication from an ASPX Page.
请参阅标题为:ASPX页面的身份验证的SDK主题。
In my experience you should always use the CRMImpersonator in your web pages within the CRM website.
根据我的经验,您应该始终在CRM网站的网页中使用CRMImpersonator。
Now if you've got your own page running on its own website: You'll want to see the Discovery service and obtaining a CRM Ticket for accessing the services.
现在,如果您在自己的网站上运行自己的页面:您将希望查看Discovery服务并获取用于访问服务的CRM票证。
#1
A few questions to better understand you issue. Is the iframe which targets CrmService on the same IFD server? Is the IFD server on the same domain as the rest of the servers? When you say users are logged in are you refereeing to local domain users or external users?
一些问题可以更好地了解您的问题。 iframe是否在同一IFD服务器上以CrmService为目标? IFD服务器与其他服务器位于同一个域中吗?当您说用户已登录时,您是在向本地域用户还是外部用户裁判?
#2
I suspect the problem is not the services, but the IFrame. When you authenticate to MSCRM via on-premise you are doing Windows Authentication, and when you should the IFrame that authentication request is done again. Since the browser knows everything it needs this is all handled transparently.
我怀疑问题不是服务,而是IFrame。当您通过内部部署对MSCRM进行身份验证时,您正在进行Windows身份验证,并且当您应该再次执行身份验证请求的IFrame时。由于浏览器知道它需要的一切,所以这一切都是透明处理的。
When using IFD, you are not using authentication on the web server level - you are doing it using forms based which is on the application level. You IFrame though is still wanting authentication, and thus the iframe prompts for authentication.
使用IFD时,您没有在Web服务器级别上使用身份验证 - 您使用的是基于应用程序级别的表单。你IFrame仍然需要身份验证,因此iframe会提示进行身份验证。
If you were having a service problem, the IFrame would display and what ever action triggers the service call would fail with a 400 or 500 error.
如果您遇到服务问题,IFrame将显示以及触发服务调用的操作将因400或500错误而失败。
So the question comes in how do you build a web page that can cater for windows authentication and forms based? Well that is easy in MSCRM, first make sure you are not running authentication on the web page - set it to anonymous. That ensures no more popups, then make sure you use the CrmAuthenticationToken code to get the token and use that for all calls. You should not be setting the .Credentials property of the service itself.
那么问题在于如何构建一个可以满足Windows身份验证和表单的网页?那么在MSCRM中很容易,首先要确保你没有在网页上运行身份验证 - 将其设置为匿名。这确保不再有弹出窗口,然后确保使用CrmAuthenticationToken代码获取令牌并将其用于所有调用。您不应该设置服务本身的.Credentials属性。
#3
Assuming you're deploying your page within the CRM website (and not its own virtual directory) then here is pointing you at the SDK article for what Robert mentioned:
假设您正在CRM网站(而不是自己的虚拟目录)中部署您的页面,那么这里指向您关于Robert提到的SDK文章:
See the SDK topic titled: Authentication from an ASPX Page.
请参阅标题为:ASPX页面的身份验证的SDK主题。
In my experience you should always use the CRMImpersonator in your web pages within the CRM website.
根据我的经验,您应该始终在CRM网站的网页中使用CRMImpersonator。
Now if you've got your own page running on its own website: You'll want to see the Discovery service and obtaining a CRM Ticket for accessing the services.
现在,如果您在自己的网站上运行自己的页面:您将希望查看Discovery服务并获取用于访问服务的CRM票证。