i have a website. If i click a button, a crm lookup should be opened.
This works very well for my testuser, but if i login to another user, i get a "Access denied" error.
Does anyone have an idea?
best regards
alex
Ok i fixed it.
Solution:
I open my custom website with a button-click in crm and showmodaldialog.
Now i give the document-object of crm as parameter to ShowModalDialog.
In my custom Website i open the lookup with
window.dialogArguments.parentWindow.LookupObjects(null, "single", 8, 0, null, "", null, null, null, null, null, null, id);
Now it works without an Access denied error
Related
I am investigating some code that creates a service with ::CreateService API call:
SC_HANDLE hService = ::CreateService(
hSCM, m_szServiceName, _T(ALE_SERVICE_NAME),
SERVICE_ALL_ACCESS, SERVICE_WIN32_OWN_PROCESS,
SERVICE_AUTO_START/*SERVICE_DEMAND_START*/, SERVICE_ERROR_NORMAL,
szFilePath, NULL, NULL, _T("RPCSS\0"), (LPCTSTR)name, g_pwd.c_str());
name and g_pwd are the user name and password the app user specified installing the app.
1) Where Windows stores user name and password?
2) Is it possible to access user name and password after the service is created? (This will eliminate the need to reenter the credentials when the product is updated and the service executable probably moved to another location).
I am trying to use identity platform to authenticate users into my custom app that is to be used from within MS Teams.
I am aware that Teams uses iFrame to load the custom apps. So I followed the method mentioned in the FAQs - Q5. I used redirectUri property in the MSALConfig. I am using the index file provided by MS for testing purposes by calling it inside an iFrame tag.
In both cases of acquireTokenSilent and acquireTokenPopup, it gets stuck at the popup window loading the redirect page. Neither the authentication is getting completed nor the popup window getting closed.
The following steps can unblock the Teams Tab scenario for the desktop/mobile apps.
Manual Steps
Step 1. Assure you have approved requests in the new API Permission Management Page on the Tenant Admin Site. This creates a client secret behind the scenes.
Step 2. Go to -> https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredAppsPreview
Step 3. Click on SharePoint Online Client Extensibility Web Application Principal
Step 4. Click Manifest on the left menu
Step 5. Copy the id from the oAuth2Permission array
"oauth2Permissions": [
{
"adminConsentDescription": "Allow the application to access SharePoint Online Client Extensibility Web Application Principal on behalf of the signed-in user.",
"adminConsentDisplayName": "Access SharePoint Online Client Extensibility Web Application Principal",
"id": "2143704b-186b-4210-b555-d03aa61823cf",
"isEnabled": true,
"lang": null,
"origin": "Application",
"type": "User",
"userConsentDescription": "Allow the application to access SharePoint Online Client Extensibility Web Application Principal on your behalf.",
"userConsentDisplayName": "Access SharePoint Online Client Extensibility Web Application Principal",
"value": "user_impersonation"
}
],
Step 6. Replace “preAuthorizedApplications” entry with the following json
"preAuthorizedApplications": [
{
"appId": "00000003-0000-0ff1-ce00-000000000000",
"permissionIds": [
"ID OF THE USER_IMPERSONATION Scope"
]
}
],
Step 7. Hit Save.
This issue was solved by changing the implementation to use new feature - SSO instead of MSAL library.
With the new apple rule explained at https://developer.apple.com/support/account/authentication/:
In an effort to keep your account more secure, two-factor authentication will be required for Account Holders of a developer program to sign in to their Apple Developer account and Certificates, Identifiers & Profiles starting February 27, 2019. This extra layer of security for your Apple ID helps ensure that you're the only person who can access your account.
I am getting the following error when trying to publish my iOS app on the store through the CI at https://appcenter.ms :
{
"mandatory_update": false,
"release_notes": "feature/navigator profile (#467)",
"destinations": [
{
"id": "678b39eb-7040-43ca-b903-REDACTED",
"name": "App Store Connect Users",
"message": "Failed to publish to store. Error: App specific password is mandatory for 2fa enabled account in service connection id: 5b1a378c-d7bc-4492-5ad6-REDACTED",
"code": "app_specific_password_missing"
}
],
"code": "partially_succeeded",
"message": "Failed to publish to store. Error: App specific password is mandatory for 2fa enabled account in service connection id: 5b1a378c-d7bc-4492-5ad6-REDACTED"
}
I have looked everywhere online and crawled around the different menus without finding anything of interest.
Do you know where I should enter my app-specific password?
You can follow the instructions here: https://learn.microsoft.com/en-us/appcenter/distribution/stores/apple#adding-two-factor-authentication
Specifically:
Adding Two-factor authentication
If your Apple account has two-factor authentication enabled, App Store Connect requires an app-specific password as security. You can add an App-specific password to your account by navigating to Developer accounts in your Account settings.
Hover over an item in the Accounts list.
Click the three vertical dots on the right side of the list
Select Update app-specific password.
Generate an app-specific password using the Apple ID portal.
The name is for you to remember which service or app is using the app-specific password.
Copy the generated app-specific password and paste it into the dialogue.
Save by clicking Update.
This error is coming because of 2 factor authentication, you need to enter OTP for your apple app store ID.
Step 1: https://appcenter.ms/ open the app center click on distribute navigation link.
Step 2: Click on stores
Step 3: you can see the error message to reenter your Apple connect credentials for the verification, it will ask for OTP.
Now you can publish your app on app store.
I resolved this issue by navigating to https://appcenter.ms/settings/accounts.
I am trying to integrate CRM Dynamics with Adobe Campaign, but I am getting an error.
Can anyone help me understand the meaning of this error:
'SecLib::GetMaxPrivilegeDepthForUser failed. Returned hr= -2147209463, User: a37d4ef0-7684-e511-8129-c4346bacefdc'
Give the service account user that you're using to authenticate with CRM's System Administrator role and make sure that user is also assigned to the most top-level business unit; if it doesn't work after that I would try creating a new administrator account from scratch.
Our team was using the wrong company id or better to say organisation id for the CRM account. Using the correct value fixed our problem.
I've got this weird problem - I'm calling ChangeServiceConfig on a newly installed service (I CreateService it myself) to supply the logon credentials, but while the function succeeds (returns TRUE), if I try to start the service, it fails with a 1069 (logon failed). If I go into the service manager and modify credentials by hand (I can see the user name is correct, but of course can't see the password), then it's all ok and it starts ok.
The call itself is trivial:
ChangeServiceConfig(hService, SERVICE_NO_CHANGE, SERVICE_NO_CHANGE, SERVICE_NO_CHANGE, NULL, NULL, NULL, NULL, strUser, strPassword, NULL);
Any ideas on where I should be looking and what could be wrong?
Thanks in advance.
The user account must explicitly have rights to log on as a service (SeServiceLogonRight). Many users, including computer admins, may not have this flag set, and you may need to set it manually. The windows services control panel actually does this silently behind the scenes when you use it to configure services.
I also have some vague foggy memories about needing to fully qualify the username. It needs to be in DOMAIN\Username format - If it's a local account you need to specify .\Username or find out the machine name and use MACHINENAME\Username