1
我在Active Directory中創建了域用戶'jsmith',並且我已經將該域帳戶添加爲Dynamics CRM中的用戶。我的目標是在扮演'jsmith'的同時,執行代碼並使用位於組織的PrivUserGroup中的服務帳戶。我通過傳遞一個CrmConnection實例來實例化CrmDataContext。當調用CrmConnection的構造函數時,我將它的連接字符串的名稱傳遞給應用程序配置文件,然後將ImpersonatedUser屬性設置爲系統用戶標識'jsmith'。有一件事要注意的是,我正在使用控制檯應用程序來運行它。查看下面我的代碼:CrmDataContext.GetEntities查詢 - 錯誤:0x80040204 - 無效的用戶身份驗證
連接字符串中的app.config:
<add name="Crm" connectionString="Authentication Type=AD; Server=http://dev01/myorg; User ID=myorgdomain\sv-crm; Password=password123" />
CrmDataContext和GetEntities代碼:
var connection = new CrmConnection("Crm");
connection.ImpersonatedUser = Guid.Parse("1937F45C-8EB4-E011-8FE4-005056887B79");
var crm = new CrmDataContext(connection);
var contacts = crm.GetEntities("contacts")
if(contacts.Count() > 0) //the call to Count() is where the error gets thrown. Invalid user auth.
//do something
我想用我自己的系統的用戶ID冒充時,沒有哪個問題綁定到我在運行測試時登錄的AD域帳戶。我得到的結果很好,所以我知道用於執行代碼的服務帳戶沒有問題。我甚至將「jsmith」分配給同一個業務部門,並將其置於與我所在的角色相同的角色(即系統管理員),但我仍然收到了無效的用戶身份驗證。我可能會錯過什麼。以下是服務器上跟蹤文件中的錯誤信息。在下面的跟蹤信息中,第一行顯示的是「[2011-07-22 18:14:08.0]進程:w3wp |組織:f827deb3-c6cc-df11-bc07-005056887b79 |線程:6 |類別:異常| 用戶:822138f1-c574-e011-9dca-005056887b79 |級別:錯誤| CrmException..ctor *「。正在顯示的用戶標識是我的系統用戶標識。它似乎會顯示來自連接字符串的服務帳戶的id或正在模擬的id爲'jblow'的ID。任何想法將不勝感激。
[2011-07-22 18:14:08.0] Process: w3wp |Organization:f827deb3-c6cc-df11-bc07-005056887b79 |Thread: 6 |Category: Exception |User: 822138f1-c574-e011-9dca-005056887b79 |Level: Error | CrmException..ctor
at CrmException..ctor(Int32 errorCode, Object[] arguments)
at SecurityHelper.VerifyAndReturnCurrentCallerId(Guid userId, Guid callerId, Guid orgId)
at CrmWebService.get_CurrentCallerId()
at CrmService.Execute(Request request)
at RuntimeMethodHandle._InvokeMethodFast(Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)
at RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)
at RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
at LogicalMethodInfo.Invoke(Object target, Object[] values)
at WebServiceHandler.Invoke()
at WebServiceHandler.CoreProcessRequest()
at SyncSessionlessHandler.ProcessRequest(HttpContext context)
at CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
at ApplicationStepManager.ResumeSteps(Exception error)
at HttpApplication.System.Web.IHttpAsyncHandler.BeginProcessRequest(HttpContext context, AsyncCallback cb, Object extraData)
at HttpRuntime.ProcessRequestInternal(HttpWorkerRequest wr)
at HttpRuntime.ProcessRequestNoDemand(HttpWorkerRequest wr)
at ISAPIRuntime.ProcessRequest(IntPtr ecb, Int32 iWRType)
>Crm Exception: Message: Invalid user auth., ErrorCode: -2147220988
[2011-07-22 18:14:08.0] Process: w3wp |Organization:f827deb3-c6cc-df11-bc07-005056887b79 |Thread: 6 |Category: Platform.Sdk |User: 822138f1-c574-e011-9dca-005056887b79 |Level: Error | CompositeSoapExtensionExceptionHandler.Handle
at CompositeSoapExtensionExceptionHandler.Handle(Stream to, Stream from, Exception exception)
at CrmAuthenticationSoapExtensionBase.ProcessMessage(SoapMessage message)
at SoapMessage.RunExtensions(SoapExtension[] extensions, Boolean throwOnException)
at SoapServerProtocol.WriteException(Exception e, Stream outputStream)
at WebServiceHandler.WriteException(Exception e)
at WebServiceHandler.Invoke()
at WebServiceHandler.CoreProcessRequest()
at SyncSessionlessHandler.ProcessRequest(HttpContext context)
at CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
at ApplicationStepManager.ResumeSteps(Exception error)
at HttpApplication.System.Web.IHttpAsyncHandler.BeginProcessRequest(HttpContext context, AsyncCallback cb, Object extraData)
at HttpRuntime.ProcessRequestInternal(HttpWorkerRequest wr)
at HttpRuntime.ProcessRequestNoDemand(HttpWorkerRequest wr)
at ISAPIRuntime.ProcessRequest(IntPtr ecb, Int32 iWRType)
>CrmSoapExtension detected CrmException:
System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> Microsoft.Crm.CrmException: Invalid user auth.
at Microsoft.Crm.Sdk.SecurityHelper.VerifyAndReturnCurrentCallerId(Guid userId, Guid callerId, Guid orgId)
at Microsoft.Crm.WebServices.Crm2007.CrmWebService.get_CurrentCallerId()
at Microsoft.Crm.Sdk.Crm2007.CrmService.Execute(Request request)
--- End of inner exception stack trace ---
UPDATE 7/25: 我決定通過呼叫就像我一直在使用,其中CrmConnection.ImpersonatedUser設置爲JSMITH ID的CrmDataContext做執行測試。然後,我使用舊學校的方法創建了另一個調用(完全相同的查詢),在那裏創建QueryExpression並將其傳遞到CrmService,其中CrmAuthenticationToken的CallerId屬性設置爲jsmith的id。使用CrmDataContext失敗,出現「Invalid user auth」錯誤,但使用CrmService和QueryExpression的其他調用運行正常。我使用fiddler來查看每個這些調用的原始http請求。兩個調用的原始請求完全相同,只有一件事情....請求的Authorization標頭中的Negotiate標記。我在控制檯應用程序中一個接一個地打了兩個電話,他們產生不同的談判令牌。這是問題,但我不知道如何解決。看起來像這是Advanced Developer Extensions中的一個錯誤。以下是兩者的原始http。
--using CrmDataContext
POST http://myserver/MSCRMServices/2007/CrmService.asmx HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client Protocol 4.0.30319.235)
VsDebuggerCausalityData: uIDPo6mcKDyuc+pPqk3LRv81TrIAAAAA/j8K/SLE5EivZ+mzg1+doYkmNLjkHbFHmbD9UyYmHFEACQAA
Content-Type: text/xml; charset=utf-8
SOAPAction: "http://schemas.microsoft.com/crm/2007/WebServices/Execute"
Accept-Encoding: gzip,gzip
Authorization: Negotiate YIIIrgYGKwYBBQUCoIIIojCCCJ6g.....
Host: myserver
Content-Length: 1281
Expect: 100-continue
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Header>
<CrmAuthenticationToken xmlns="http://schemas.microsoft.com/crm/2007/WebServices">
<AuthenticationType xmlns="http://schemas.microsoft.com/crm/2007/CoreTypes">0</AuthenticationType>
<OrganizationName xmlns="http://schemas.microsoft.com/crm/2007/CoreTypes">myorg</OrganizationName>
<CallerId xmlns="http://schemas.microsoft.com/crm/2007/CoreTypes">1937f45c-8eb4-e011-8fe4-005056887b79</CallerId>
</CrmAuthenticationToken>
</soap:Header>
<soap:Body>
<Execute xmlns="http://schemas.microsoft.com/crm/2007/WebServices">
<Request xsi:type="RetrieveMultipleRequest" ReturnDynamicEntities="true">
<Query xmlns:q1="http://schemas.microsoft.com/crm/2006/Query" xsi:type="q1:QueryExpression">
<q1:EntityName>contact</q1:EntityName>
<q1:ColumnSet xsi:type="q1:AllColumns" />
<q1:Distinct>false</q1:Distinct>
<q1:PageInfo>
<q1:PageNumber>1</q1:PageNumber>
<q1:Count>100</q1:Count>
</q1:PageInfo>
<q1:LinkEntities />
<q1:Criteria>
<q1:FilterOperator>And</q1:FilterOperator>
<q1:Conditions />
<q1:Filters />
</q1:Criteria>
<q1:Orders />
</Query>
</Request>
</Execute>
</soap:Body>
</soap:Envelope>
--call using CrmService with QueryExpression
POST http://myserver/MSCrmServices/2007/CrmService.asmx HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client Protocol 4.0.30319.235)
VsDebuggerCausalityData: uIDPo8cVsRu/YZBCl+8cnC9j5fwAAAAAGni8rU7A/Uy4JYm/bi/S6d/soXPiw+xBoKSYCD/1KRIACQAA
Content-Type: text/xml; charset=utf-8
SOAPAction: "http://schemas.microsoft.com/crm/2007/WebServices/Execute"
Authorization: Negotiate YIIG5wYGKwYBBQUCoIIG2zCCBtegMDAuBgkqhk.....
Host: myserver
Content-Length: 1219
Expect: 100-continue
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema- instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Header>
<CrmAuthenticationToken xmlns="http://schemas.microsoft.com/crm/2007/WebServices">
<AuthenticationType xmlns="http://schemas.microsoft.com/crm/2007/CoreTypes">0</AuthenticationType>
<OrganizationName xmlns="http://schemas.microsoft.com/crm/2007/CoreTypes">myorg</OrganizationName>
<CallerId xmlns="http://schemas.microsoft.com/crm/2007/CoreTypes">1937f45c-8eb4-e011-8fe4-005056887b79</CallerId>
</CrmAuthenticationToken>
</soap:Header>
<soap:Body>
<Execute xmlns="http://schemas.microsoft.com/crm/2007/WebServices">
<Request xsi:type="RetrieveMultipleRequest" ReturnDynamicEntities="false">
<Query xmlns:q1="http://schemas.microsoft.com/crm/2006/Query" xsi:type="q1:QueryExpression">
<q1:EntityName>contact</q1:EntityName>
<q1:ColumnSet xsi:type="q1:AllColumns" />
<q1:Distinct>false</q1:Distinct>
<q1:PageInfo>
<q1:PageNumber>1</q1:PageNumber>
<q1:Count>100</q1:Count>
</q1:PageInfo>
<q1:Criteria>
<q1:FilterOperator>And</q1:FilterOperator>
</q1:Criteria>
</Query>
</Request>
</Execute>
</soap:Body>
</soap:Envelope>
更新:我剛剛嘗試運行控制檯應用程序,同時以jsmith身份登錄到我的機器並將ImpersonatedUser設置爲系統用戶標識'jsmith'。它運行良好,我沒有得到「無效的用戶身份驗證」。我也嘗試冒充其他幾個用戶,而沒有像他們那樣登錄到計算機上,並且出現錯誤。看起來我不能冒充另一個用戶,而運行以不同用戶身份登錄到機器的控制檯應用程序。有任何想法嗎? – brennazoon
你可以運行你的應用程序並調試它來找到CrmConnection.CallerId的值嗎? – glosrob
@glosrob我檢查了CallerId,它被設置爲jsmith的id。 – brennazoon