Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All

Avoiding Denial of Service

banner art

[Applies to: Microsoft Dynamics CRM 4.0]

Find the latest SDK documentation: CRM 2015 SDK

Microsoft Dynamics CRM supports infinite loop detection to prevent a plug-in from overloading the system and causing a denial-of-service attack or deadlocks. For example, if a plug-in is registered for an update event of an account entity and that plug-in does an update of an account, an infinite loop would result. Infinite loop detection is automatically enabled in plug-ins that call the CreateCrmService method of IPluginExecutionContext to create a proxy to the Web service.

For plug-ins that create a Web service proxy by instantiating CrmService, infinite loop detection can be enabled by setting the Web service instance's CorrelationTokenValue property. Plug-in code can obtain the Correlationid, CorrelationUpdatedTime, and Depth property values required by the CorrelationTokenValue instance from the execution context as shown in the following code sample.

[C#]
using System;
using Microsoft.Crm.Sdk;
using Microsoft.Crm.SdkTypeProxy;
using CrmSdk;

public class SamplePlugin : IPlugin
{
   public void Execute(IPluginExecutionContext context)
   {
      CrmService service = new CrmService();
      service.Credentials = System.Net.CredentialCache.DefaultCredentials;
      service.CorrelationTokenValue = 
         new CorrelationToken(context.CorrelationId, context.Depth,
                              context.CorrelationUpdatedTime);
      // Add more plug-in code here.
   }

}

Infinite loop detection is not supported in Microsoft Dynamics CRM 3.0 callouts. Denial-of-service attacks can occur from callouts that are executed by Microsoft Dynamics CRM 4.0.

The following example is used to illustrate how an infinite loop can occur. Assume a scenario where plug-in P is registered to run for a contact update and callout C is registered to run for an account update. Plug-in P's code performs an account update while callout C's code performs a contact update. When a contact update is processed by the platform, an infinite loop occurs.

  • contact update is processed by the event execution pipeline
  • plug-in P executes and performs an account update
  • callout C executes and performs a contact update
  • result is an infinite loop

See Also

Concepts


© 2010 Microsoft Corporation. All rights reserved.


Show:
© 2015 Microsoft