All geek questions in one place

Error message: request for security token could not be satisfied because authentication failed

I am trying to access the WCF service (MS CRM 2011) and get the above error. If I run my trial program from the VS2010 debugger using Cassini or IIS Express, it works fine. Authentication errors.

However, if I publish the site in my local IIS 7.5 (running the 64-bit version of Windows 7), I get an error on the line that captures the CRM UserId (WhoAmIResponse).

I opened Fiddler to compare requests between running under the debugger and running in IIS. On a site running under IIS, the request never occurs, so it must be unsuccessful before going this far.

A site published in IIS has its own set of web.config for ...

<authentication mode="Windows"> </authentication> <identity impersonate="true"/>

The site runs under the pre-installed ASP.NET v4.0 application pool, built-in pipeline, ApplicationPoolIdentity account.

Here is my code ...

 public class DemoController : Controller { public ActionResult Index() { ClientCredentials credentials = new ClientCredentials(); credentials.Windows.ClientCredential = CredentialCache.DefaultNetworkCredentials; var _serviceProxy = new OrganizationServiceProxy(new Uri("http://svr-rex2011-dev/TimeEntry/XRMServices/2011/Organization.svc"), null, credentials, null); // This statement is required to enable early-bound type support. _serviceProxy.ServiceConfiguration.CurrentServiceEndpoint.Behaviors.Add(new ProxyTypesBehavior()); IOrganizationService service = (IOrganizationService)_serviceProxy; // Display information about the logged on user. Guid userid = ((WhoAmIResponse)service.Execute(new WhoAmIRequest())).UserId; SystemUser systemUser = (SystemUser)service.Retrieve("systemuser", userid, new ColumnSet(new string[] { "firstname", "lastname" })); // Retrieve the version of Microsoft Dynamics CRM. RetrieveVersionRequest versionRequest = new RetrieveVersionRequest(); RetrieveVersionResponse versionResponse = (RetrieveVersionResponse)service.Execute(versionRequest); ViewBag.FirstName = systemUser.FirstName; ViewBag.LastName = systemUser.LastName; ViewBag.Version = versionResponse.Version; return View(); } }

Any ideas? Very much appreciated !!!

+1
source share
2 answers

It seems that the situation you are describing is this: you get authentication errors when your application tries to access the CRM service while it is running in IIS. When you run the application from Visual Studio or IIS Express, you have no authentication errors.

If so, I'm sure your problem is with the authentication used to run the IIS AppPool application for your application. You need to change the AppPool ID to one that has network access for the CRM service. Usually this should be a domain account with the correct permissions, but there are ways to do this using local computer accounts that have the same password (definitely not recommended if the domain is available).

+1
source

I had the same problem, and in my case it turned out that the CRM was load balanced. Turns out Kerberos authentication delegation does not work in load-balanced architectures .

We circumvented this by pointing our application directly to one of the CRM servers through a HOST record that circumvented load balancing.

Hope this saves someone the few hours it cost me.

0
source

Source: https://habr.com/ru/post/1440391/

More articles:


All Articles