我们遇到一个问题,我们的网络应用程序通过Microsoft.Xrm.Sdk OriganizationServiceProxy调用CRM无法进行身份验证。该问题似乎是特定于环境的,即调用在我们的DEV Web服务器上运行,但在应用程序升级到我们的系统测试环境时失败。失败的代码如下:
using (var serviceProxy = this.serviceFactory.Impersonate(userProvider.PrincipalUserName).ServiceProxy)
{
var countResult = serviceProxy.RetrieveMultiple(new FetchExpression(query));
int? count = 0;
var entity = countResult.Entities.FirstOrDefault();
if (entity != null)
{
count = (int?)((AliasedValue)entity["activity_count"]).Value;
}
return count.Value;
}
我们的日志中显示的错误是:
System.ServiceModel.Security.SecurityNegotiationException:调用者未经过服务身份验证。 ---> System.ServiceModel.FaultException:无法满足安全令牌请求,因为身份验证失败。 在System.ServiceModel.Security.SecurityUtils.ThrowIfNegotiationFault(消息消息,EndpointAddress目标) 在System.ServiceModel.Security.SspiNegotiationTokenProvider.GetNextOutgoingMessageBody(消息incomingMessage,SspiNegotiationTokenProviderState sspiState) ---内部异常堆栈跟踪结束---
我已经仔细检查了IIS网站和CRM设置的apppool身份。这里有什么明显的我们可能错过了吗?
答案 0 :(得分:0)
我发现与CRM Online的连接花费的时间最长,因此我创建了一个实例来传递OrganizationServiceProxy,并使用显式凭据轻松切换环境。
IServiceManagement<IOrganizationService> management = ServiceConfigurationFactory.CreateManagement<IOrganizationService>(new Uri(CrmUrl));
ClientCredentials credentials = new ClientCredentials();
credentials.UserName.UserName = CrmUserName;
credentials.UserName.Password = CrmPassword;
AuthenticationCredentials authCredentials = management.Authenticate(new AuthenticationCredentials { ClientCredentials = credentials });
SecurityTokenResponse securityTokenResponse = authCredentials.SecurityTokenResponse;
OrganizationServiceProxy orgProxy = new OrganizationServiceProxy(management, securityTokenResponse);
orgProxy.EnableProxyTypes();
_xrmService = new XrmServiceContext(orgProxy)