Implement single sign-on from an ASPX webpage or IFRAME

 

Updated: November 29, 2016

Applies To: Dynamics 365 (online), Dynamics 365 (on-premises), Dynamics CRM 2016, Dynamics CRM Online

This topic describes how to develop a custom webpage that can make SDK calls to Microsoft Dynamics 365 (online & on-premises) on behalf of the Microsoft Dynamics 365 user who is signed in. The typical use of this capability is to write a webpage that is displayed in an inline frame in the Microsoft Dynamics 365 web application user interface. That webpage performs its intended operation, for example, providing a store front, while being hosted on a website independent of the site that’s hosting Dynamics 365. However, the webpage can perform its operations on behalf of the Dynamics 365 user who is signed in. The result is seamless integration between a webpage and Microsoft Dynamics 365.

This scenario is for a Microsoft Dynamics 365Internet-facing deployment (IFD) where a separate website hosts a custom ASPX webpage that is optionally displayed in an inline frame of the Microsoft Dynamics 365 web application. This scenario uses federated claims. Therefore, you’ll have to set up a security token service (STS) server for identity management. You’ll also need a certificate to be used when making Microsoft Dynamics 365 and the website relying parties, which established cross-domain trust between these parties.

For more information about how to configure claims and a relying party, see the following topics in TechNet: Deploying and administering Microsoft Dynamics CRM:

For more information about identity management, see the identity training course.

More information: Walkthrough: Single Sign-on from a Custom Web Page in the Microsoft Dynamics CRM 2011 SDK.

This scenario is for use with Microsoft Dynamics 365 (online) where Microsoft Azure hosts a custom webpage that’s optionally displayed in an inline frame of the Microsoft Dynamics 365 web application. This scenario uses federated claims, provided by the Windows Livesecurity token service (STS) server for identity management. You must provide a certificate to be used when making Microsoft Dynamics 365 (online) and the Microsoft Azure website relying parties, which established cross-domain trust between these parties.

For more information about how to configure a relying party, see the following topic: Secure Azure Web Role ASP.NET Web Application Using Access Control Service v2.0

For more information about identity management, see http://channel9.msdn.com/Learn/Courses/IdentityTrainingCourse

For more information about implementing this scenario including problems you may run into and the workarounds, see these blogs: CRM Online & Azure: Improving the SSO experience, and CRM Online & Azure Series.

If you want to enable communication for an inline frame (iframe) that contains content from a different domain, you can use the Window.postMessage method. This browser method can be used for Internet Explorer 8. Google Chrome, Mozilla Firefox, and Apple Safari also support this method. For more information about using postMessage, see the following blog posts:

Microsoft Dynamics 365

© 2016 Microsoft. All rights reserved. Copyright

Community Additions

ADD
Show: