Authentication CRM OrganizationServiceProxy身份验证问题
我们的web应用程序通过Microsoft.Xrm.Sdk OrganizationServiceProxy调用CRM时出现问题,无法进行身份验证。问题似乎与环境有关,即调用在我们的DEV web服务器上工作,但在将应用程序升级到我们的系统测试环境时失败。失败的代码如下所示:Authentication CRM OrganizationServiceProxy身份验证问题,authentication,dynamics-crm-2011,Authentication,Dynamics Crm 2011,我们的web应用程序通过Microsoft.Xrm.Sdk OrganizationServiceProxy调用CRM时出现问题,无法进行身份验证。问题似乎与环境有关,即调用在我们的DEV web服务器上工作,但在将应用程序升级到我们的系统测试环境时失败。失败的代码如下所示: using (var serviceProxy = this.serviceFactory.Impersonate(userProvider.PrincipalUserName).ServiceProxy)
using (var serviceProxy = this.serviceFactory.Impersonate(userProvider.PrincipalUserName).ServiceProxy)
{
var countResult = serviceProxy.RetrieveMultiple(new FetchExpression(query));
int? count = 0;
var entity = countResult.Entities.FirstOrDefault();
if (entity != null)
{
count = (int?)((AliasedValue)entity["activity_count"]).Value;
}
return count.Value;
}
日志中出现的错误是:
System.ServiceModel.Security.SecurityNegotiationException:服务未对调用方进行身份验证。-->System.ServiceModel.FaultException:无法满足安全令牌的请求,因为身份验证失败。
位于System.ServiceModel.Security.SecurityUtils.ThrowIfNegotiationFault(消息消息,端点地址目标)
位于System.ServiceModel.Security.SspiNegotiationTokenProvider.GetNextToutGoingMessageBody(消息输入消息,SspiNegotiationTokenProviderState sspiState)
---内部异常堆栈跟踪的结束---
我已仔细检查了IIS站点的apppool标识和CRM设置。这里有什么明显的地方我们可能错过了吗?我发现与CRM Online的连接花费了最长的时间,因此我创建了一个实例,以传递OrganizationServiceProxy的循环,并提供显式凭据,以便在环境之间轻松切换
IServiceManagement<IOrganizationService> management = ServiceConfigurationFactory.CreateManagement<IOrganizationService>(new Uri(CrmUrl));
ClientCredentials credentials = new ClientCredentials();
credentials.UserName.UserName = CrmUserName;
credentials.UserName.Password = CrmPassword;
AuthenticationCredentials authCredentials = management.Authenticate(new AuthenticationCredentials { ClientCredentials = credentials });
SecurityTokenResponse securityTokenResponse = authCredentials.SecurityTokenResponse;
OrganizationServiceProxy orgProxy = new OrganizationServiceProxy(management, securityTokenResponse);
orgProxy.EnableProxyTypes();
_xrmService = new XrmServiceContext(orgProxy)
IServiceManagement management=ServiceConfigurationFactory.CreateManagement(新Uri(CrmUrl));
ClientCredentials=新的ClientCredentials();
credentials.UserName.UserName=CrmUserName;
credentials.UserName.Password=CrmPassword;
AuthenticationCredentials authCredentials=management.Authenticate(新的AuthenticationCredentials{ClientCredentials=credentials});
SecurityTokenResponse SecurityTokenResponse=authCredentials.SecurityTokenResponse;
OrganizationServiceProxy orgProxy=新的OrganizationServiceProxy(管理,securityTokenResponse);
orgProxy.EnableProxyTypes();
_xrmService=新的XrmServiceContext(orgProxy)
通过双重检查IIS和CRM设置的应用池标识来定义含义。检查web服务器上用于应用池标识的服务帐户是否可以与CRM服务器对话(服务帐户在CRM服务器上具有系统管理员角色)。我们的web应用程序还有其他基于CRM LINQ的调用(使用ServiceContext),这些调用可以正常工作。我们遇到的唯一身份验证问题是web应用程序通过OrganizationServiceProxy和RetrieveMultiple方法查询CRM的某些调用。您的系统测试环境是IFD吗?