Export (0) Print
Expand All

Portal authentication

Applies To: CRM 2015 on-prem, CRM Online

[This topic is pre-release documentation and is subject to change in future releases.]

Microsoft account allows users to be authenticated on your website without having to create your own security providers. This topic shows how use Microsoft account authentication with your Website using Developer Extensions for Microsoft Dynamics CRM 2015 and the portal tooklit.

Register Your Website with Microsoft Account

To begin, you need to register your Website with Microsoft account:

https://account.live.com/developers/applications

When registering your site, you need to provide your full domain name, for example, “yoursite.yourdomain.com”, not just “yourdomain.com”.

You also need to provide a URL that directs Microsoft account requests back to when they have finished signing in. This will be to your Handler Service, which you can read about later in this document, but, by default, the URL to enter is:

http://yoursite.yourdomain.com/liveid.axd. 

After you have registered your Website, it provides you with an application ID and a secret that you will use to plug in to your web.config so that the site can be hooked up to the Microsoft account.

Here are some things to note:

Your domain names cannot include strings such as localhost, 127.0.0.1, or anything with the word "live" in it.

You cannot share the management of the Website with other users.

You cannot change your domain name after you have registered it.

Add the LiveIdLoginStatus Control

The last step is to add the LiveIdLoginStatus control, which works like the LoginStatus control. It displays a log in link for users who are not authenticated and a log out link for users who are authenticated.

When anonymous, the link takes the user to Windows Live or optionally (using LoginNavigateUrl) to a specified landing page that lets the user know they are going to Windows Live.

When authenticated, the log out link resets the current user's identity to be an anonymous user.

<crm:LiveIdLoginStatus runat="server" /> 

This assumes that the "crm" tag prefix has been registered to "Microsoft.Xrm.Portal.Web.UI.WebControls".

Add the Membership Provider and Handler Service

The Membership Provider handles the user login information. Using Microsoft account requires the use of the Microsoft account Membership Provider:

<membership defaultProvider="CrmMembershipProvider">
    <providers>
        <add name="CrmMembershipProvider" type="Microsoft.Xrm.Portal.Web.Security.LiveIdMembershipProvider, Microsoft.Xrm.Portal" liveIdConnectionStringName="Live"/>
    </providers>
</membership>

The Handler Service validates whether the authenticated user has been registered on your Website. If you are running an Internet Information Services (IIS) 7 site in Integrated Mode, you will need to ensure that the following is added in your <handlers> section:

<add name="LiveId" verb="*" path="LiveID.axd" preCondition="integratedMode" type="Microsoft.Xrm.Portal.Web.Handlers.LiveIdWebAuthenticationHandler, Microsoft.Xrm.Portal" />

If you are running in Classic Pipeline Mode or IIS6, the Handler Service is configured under the <httpHandlers> section of your Web.config file.

<add verb="*" path="LiveID.axd" type="Microsoft.Xrm.Portal.Web.Handlers.LiveIdWebAuthenticationHandler, Microsoft.Xrm.Portal"/>

Force Registration

When using Microsoft account for authentication, only the Passport Unique Identifier (PUID) is known. If you want additional information about the user (such as a display name or email) you will need to collect this from the user. Two common ways to do this are:

  • Set up a page for them to fill in their information at their own convenience when they are logged in.

  • Collect information before they can be authenticated on your site.

To do the second way, your Microsoft account setup will need some special handling.

  1. As part of a user registration, Microsoft Dynamics CRM needs to know the PUID of the user so that it can link this to the user’s Microsoft Dynamics CRM contact information. In other words, you need to have the user log in using Microsoft account and then send the user to your registration page. This is done by adding the RegistrationUrl attribute on the LiveIdLoginStatus control.

    <crm:LiveIdLoginStatus runat="server" RegistrationUrl="/CreateUser" /> 
    
  2. In the code behind of your registration page, you need to add code to keep the Microsoft account token and create the new user once you have collected the information you want.

    protected void Page_Load(object sender, EventArgs e)
    {
      if (InvitationCode == null || InvitedContact == null)
      {
        var page = SiteContext.Current.Website.GetPageBySiteMarkerName("Home");
        Response.Redirect(page.GetUrl());
      }
    
      // Add the Live ID variables that come from the authentication handler to hidden 
      // script variables.
      if (Request["live-id-action"] == "register")
      {
        Page.ClientScript.RegisterHiddenField("live-id-token", 
          Request["live-id- token"]);
        Page.ClientScript.RegisterHiddenField("live-id-action", 
          Request["live-id-action"]);
      }
    }
    

See Also

Microsoft Dynamics CRM 2015 and Microsoft Dynamics CRM Online
Send comments about this topic to Microsoft.
© 2015 Microsoft. All rights reserved.
Show:
© 2015 Microsoft