Associating multiple external identities to a single contact record in CRM in Adxstudio

In Adxstudio Portal you can associated multiple external identities to a single contact record in CRM. For whatever reason let say contact Bob McCloud has two ADFS accounts with your organisation, contoso\bob1 and contoso\bob2. You can configure it so that regardless of which account is used to login with, the user context is resolved to Bob McCloud.

Contact records in CRM has a grid of External Identities, and this is where the magic happens.

Just add a record to this grid for each external identity that should be mapped to the given contact. As we are using ADFS, we set the Identity Provider field to be the same as the value for the Authentication/WsFederation/ADFS/AuthenticationType Site Setting in CRM.

The user context will now be resolved to be Bob McCloud when one of these identities are used to login.

 

Advertisements
Posted in Adxstudio, CRM, CRM Portal | Leave a comment

How to manually create Contact record for external ID provider in Adxstudio

When configured to use an external ID provider (e.g. ADFS in our case), Adxstudio does not handle identity management functions such as creating user accounts in that external ID provider. When an external ID is authenticated and logged on to the Portal for the first time, Adxstudio automatically creates a new Contact record and associates it with the external ID.

Sometime you may want to customise this process. For example, you may want to do something like this:

  1. Create the Contact record first upon registration request
  2. Email user to confirm email address
  3. Provision user account in ADFS once user has confirmed email address (password may also be provided at this point)
  4. Link Contact record to ADFS account

Step 4 would require you to make appropriate update to the Contact record so that the Adxstudio Portal web app (the MVC app) can establish the link between the Contact record and the currently logon identity.

In order to achieve this you would need to update the following fields on the Contact record:

Field Value
Username (adx_identity_username) The ADFS account username, e.g. mydomain\user1
Login Enabled (adx_identity_logonenabled) True
Security Stamp (adx_identity_securitystamp) A GUID – seems that any GUID will do
Profile Modified On (adx_profilemodifiedon) If a value is not specified, the user will be taken to the Profile page upon login.

You also need to create an External Identity (adx_externalidentity) record and associate it with the Contact.

The fields for this record are:

Field Value
Contact (adx_contactid) The associated Contact record
Username (adx_username) The ADFS account username, e.g. mydomain\user1
Identity Provider (adx_identityprovidername) As we were using ADFS, we set this value to be the same as the value for the Authentication/WsFederation/ADFS/AuthenticationType Site Setting in CRM.

Also note that Adxstudio adds a new form for the Contact entity in CRM, namely Portal Contact. You can use this form to view and update the fields above.

Posted in Adxstudio, CRM Portal | Leave a comment

Does ‘Record status changes’ workflow trigger fire workflow on status change?

A weird post title I know..

One of the most confusing things in CRM is the State and Status (or Status Reason) of a record. These two things are very different in CRM, and it seems that the CRM UI itself often gets mixed up between the two.

When you create a new entity for example, the default label for the statecode field is Status, and for the statuscode field it is Status Reason.

When configuring a workflow, you can specify that it fires on after ‘record status changes‘:

Exactly what does this mean? Will the workflow fire when the record’s State (Active/Inactive) changes? Or will it fire when the record’s Status (‘sub-state’ within Active/Inactive) changes? Will it fire on both?

Well, as it turns out, this option will fire the workflow only when the record’s State changes. Enabling this option has the same effect as enabling the ‘record fields change‘ option and ticking the statecode field in the filter.

In fact, that’s exactly what CRM does behind the scene. Try this:

  • Tick the ‘record status changes‘ option
  • Tick the ‘record fields change‘ option. This enables the Select button to apply field filtering.
  • Now click the Select button. You will see that the statecode field is selected by default.
  • Untick the statecode field from the filter
  • You will see that the ‘record status changes‘ option is now unticked

So in conclusion…

Even though the option say ‘record status changes‘, it really means on record state (Active/Inactive) changes. Misunderstanding this option can cause workflows to fire (or not fire) unexpectedly in your system.

Posted in CRM | Leave a comment

How to get sign-in URL in Adxstudio portal web app for external ID provider

Recently I have been looking at customising the Adxstudio portal web app (the MVC app). One of the things I needed to do was to create a link that would take users to the login page for the portal. Our portal is configured to use ADFS as the external ID provider, and the link needs to take users straight to the ADFS login page.

The Adxstudio framework code has an extension method on the UrlHelper class that allows you to easily do this, namely SignInUrl(). This method accepts an optional returnUrl parameter, which is the URL that users will be redirected to once successfully authenticated.

From the C# code-behind, you can instantiate an instance of UrlHelper and invoke the extension method like so:

lnkLogin.NavigateUrl = new UrlHelper(Request.RequestContext).SignInUrl("/private/dashboard");

From the ASPX markup, you can use the Url property of the page/user-control to invoke the method:

<a href="<%: Url.SignInUrl() %>">Sign in</a>

 

The method uses the authentication settings configured for the website to return the correct sign-in URL for the external ID provider.

Important: This method returns the sign-in URL of the external ID provider only if that provider is configured to be used as the only provider for the website.

You can configure this using the Authentication/Registration/LoginButtonAuthenticationType Site Settings in CRM configuration. For ADFS for example, set the value of this Site Setting to be the same as the Authentication/Registration/LoginButtonAuthenticationType Site Setting.

For more information on these two Site Settings, please see https://docs.microsoft.com/en-us/dynamics365/customer-engagement/portals/set-authentication-identity and https://community.adxstudio.com/products/adxstudio-portals/documentation/configuration-guide/portal-authentication/asp.net-identity-authentication/ws-federation-provider-settings/

 

Posted in Adxstudio, CRM Portal | Leave a comment

SPClientSideDeployment 3.3 adds option to publish on deployment

With SPClientSideDeployment 3.3 you can now have the file(s) published automatically on deployment from Visual Studio. This option is disabled by default as it would require additional calls to SharePoint during deployment.

To enable this option, go to Tools \ Options \ SPClientSideDeployment, and set the Publish on Deployment option to true.

Download

You can download this extension from the Visual Studio Marketplace.

I hope you find this addition useful, and would love to receive feedback or suggestion.

Posted in SharePoint, SPClientSideDeployment | Leave a comment

CRMQuickDeploy 2.8 automatically adds web resources to CRM solution and allows right-click deploy from Solution Explorer

Add web resources to CRM solution on deployment

CRMQuickDeploy 2.8 now automatically adds web resources to CRM solution on deployment.

A new property has been added for project nodes in the Solution Explorer, namely CRM Solution Name:

When a web resource is deployed, it is automatically added to the CRM solution specified in this property. A warning is generated in the Output window if this property is not specified.

Right-click deploy from Solution Explorer

It is now possible to right-click multiple files and folders in the Solution Explorer and click the Deploy to CRM command from the context menu to trigger deployment for the selected items.

This command is available under the following conditions:

  • All selected items are under the WebResources folder – the command will deploy selected items as web resources.
  • A single RibbonDiff item is selected – the command will deploy the selected item as a RibbonDiff. Multiple selection of RibbonDiff items is not supported at this stage.

Download

You can download this extension at the Visual Studio Marketplace.

I hope you find this addition useful, and would love to receive feedback or suggestion.

Posted in CRM, CRMQuickDeploy | Leave a comment

Identifying default organisation for user in CRM

This is a rehash of several posts by other people.

A user in CRM has a default organisation. This is the first organisation where the user was created. Use the SQL script below to identify the default organisation for a user:

select a.domainname, a.systemuserid, d.DatabaseName, d.uniquename 
from <Org Name>_MSCRM.dbo.systemuserbase a WITH (NOLOCK)
inner join MSCRM_CONFIG.dbo.SystemUserOrganizations b WITH (NOLOCK)
on a.SystemUserId = b.CRMUserId
inner join MSCRM_CONFIG.dbo.SystemUser c WITH (NOLOCK)
on b.UserId = c.id
inner join MSCRM_CONFIG.dbo.Organization d WITH (NOLOCK)
on c.DefaultOrganizationId = d.id
where a.domainname ='DomainUsername'

The script above was posted by Susan in the comment section of this post: https://blogs.msdn.microsoft.com/arpita/2013/01/23/how-to-find-default-organization-for-any-user-in-multiple-organization-crm-deployment/, which describes how the underlying data hang together to determine the default organisation for a user.

When does this might come in handy?

When a user runs a report in CRM, CRM appears to check for the user against their default organisation. The report will not be rendered correctly if this organisation is disabled. I found this information at this post: https://crmbrewer.wordpress.com/2016/05/05/crm-reports-error-error-sys-is-undefined/.

In our particular case, we found the below stack trace in the Event Viewer. My guess is that this is a MS bug that may one day be addressed. This was observed on CRM 2016 on-prem.

 

Exception type: CrmException

Exception message: The CRM organization you are attempting to access is currently disabled.  Please contact your system administrator

at Microsoft.Crm.BusinessEntities.SecurityLibrary.ValidateOrganizationState(IOrganizationContext context, LocatorServiceContext locatorServiceContext)

at Microsoft.Crm.BusinessEntities.SecurityLibrary.CheckDisabledStatus(IUser user, IOrganizationContext context)

at Microsoft.Crm.BusinessEntities.SecurityLibrary.ValidateUserEnabled(Guid userId, Guid organizationId)

at Microsoft.Crm.Authentication.Claims.AuthenticationProvider.Authenticate(HttpApplication application)

at Microsoft.Crm.Authentication.AuthenticationStep.Authenticate(HttpApplication application)

at Microsoft.Crm.Authentication.AuthenticationPipeline.Authenticate(HttpApplication application)

at Microsoft.Crm.Authentication.AuthenticationEngine.Execute(Object sender, EventArgs e)

at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()

at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

Posted in CRM | Leave a comment