Upgrade Code in the ISV folder to Microsoft Dynamics CRM 2011
In Microsoft Dynamics CRM 4, ISV’s could create and integrate ASPX web pages with the web application. These web pages could support single sign-on (SSO) or could perform operations on behalf of the user through impersonation. In Microsoft Dynamics CRM 2011, calling the Microsoft Dynamics CRM 2011 web services from the <crmwebroot>\ISV folder is no longer supported. The ISV folder is officially deprecated. Any webpages or other custom code in that folder must use the 2007 web service endpoint. For more information, see Use the Microsoft Dynamics CRM 4.0 (2007) Endpoint.
When upgrading to Microsoft Dynamics CRM 2011, if your existing web pages meet the following criteria, they will continue to work.
The ASPX web pages are installed under the <crmwebroot>\ISV folder.
The web pages use the 2007 ASMX web service endpoint.
The web page code uses the CrmImpersonator class for switching the thread context or the CrmAuthenticationToken.ExtractCrmAuthenticationToken method to get the UserId.
Sample code for a Microsoft Dynamics CRM 4.0 ISV web application that is compatible with Microsoft Dynamics CRM 2011 can be found in the
SDK\SampleCode\CS\GeneralProgramming\Authentication\IFDBackCompat folder of the SDK download.
Guidelines for Developing New Code
When developing new code, the recommendation is to use the web resources feature of Microsoft Dynamics CRM 2011. For scenarios that will not be satisfied by the web resources feature, create your web application in its own application pool with its own web.config. For this discussion, this application will be referred to as the ISV web application.
For on-premises (AD) only scenarios, use integrated authentication. For an Internet-facing deployment (IFD), on-premises with claims, or Microsoft Dynamics CRM Online scenarios, make the ISV web application a relying party to the Secure Token Service (STS) that Microsoft Dynamics CRM is configured against.
When the user navigates to the ISV web page, the page is presented with a token by STS that has the end user Universal Principal Name (UPN). The ISV web page can retrieve the Microsoft Dynamics CRM UserId using a web service call, by matching against the UserNameUPN. If the web page has ActOnBehalfOf privilege, it can then do impersonation of the user against the web service. There is no need for the ISV web page application pool account to be a member of the PrivUserGroup group.
Same Site of Origin Policy
For same site of origin policy requirements where ISV web pages need to manipulate the Document Object Model (DOM) of the container Microsoft Dynamics CRM page, you need to host the ISV web application on the same server or under a sub-domain. However, this will not work for Microsoft Dynamics CRM Online. Hosting the ISV web application inside the Microsoft Dynamics CRM site virtual directory or under the ISV folder is not supported. Alternately, web resources are a way to mitigate this issue because they are delivered from the Microsoft Dynamics CRM server for all deployment types.
Relative Path Concerns
Microsoft Dynamics CRM 2011 and Microsoft Dynamics CRM Online
Send comments about this topic to Microsoft.
© 2012 Microsoft Corporation. All rights reserved.