I need to be able to extend CRM 2011 which is running in the cloud. I need to be able to perform CRUD operations from a completely separate internet web site. What options do I have? I have zero experience with CRM. I just found out that the OOB web services can only be accessed within the context of CRM.
I just found out that the OOB web services can only be accessed within the context of CRM.
This is only true for the REST endpoint. Not for the other endpoints. You can access the IOrganizationService if you use .NET as basis or you could access the web services via SOAP.
Use the WSDL Endpoint
http://blogs.msdn.com/b/girishr/archive/2011/03/22/crm-online-2011-web-services-soap-sample-now-ready-for-emea-amp-asia.aspx
CRM 2011 exposes webservices through oData and SOAP endpoints. If you are using CRM 2011 Online you can hit these endpoints over the internet. If hosting CRM yourself, you can set it up for IFD (Internet Facing Deploy). I would suggest taking a look at the CRM 2011 SDK for oData and SOAP examples.
Related
What is the most performant and secure method to call an on-premise API (integrated to on-premise systems not related to CRM) from a Dynamics 365 plugin in Azure?
Why do you want to user Dynamics API when you are already in Plugin for Azure.
Why not user native SDK for Dynamics on-prem .net4.6.2
Connect to Dynamics in Plugin using connection tool and use it.
Here is an example to do so, once connected you can perform CURD operation against dynamics.
https://crm365blog.wordpress.com/2018/05/27/connecting-to-crm-2013-2015-2016-and-dynamics-365-in-c/
one more article
https://rawishblog.wordpress.com/2018/07/16/how-to-connect-to-dynamics-crm-onpremises-ad-ifd-from-a-windows-form-application/
Our setup consists of on-premises CRM 2016 in IFD configuration with ADFS. We have several custom web apps that are embedded in iframes in CRM as well. Our web apps are MVC running in IIS on .NET 4.7 and use the WS-Federation IIS module for authentication. This provides a pretty seemless experience where the embedded application does the redirect to and from ADFS to authenticate the user after they're already logged into CRM.
Our applications also call APIs we have created, which in turn make calls to Dynamics CRM web API using OData. Our APIs are setup to make calls to the CRM web API as a specific user chosen at deployment (it's a bit ugly, but it works). This causes issues associating created entities with the actual user, as CRM considers them created by the user in the API deployment. We need to fix that so that the user authentication is passed from our web application to our API and then to the CRM OData API.
From searching this site and other resources, I have determined this is not possible with WS-Federation and I would need to use OIDC. But, all the documentation that I have found about using OIDC in this manner has involve using Azure Active Directory and Dynamics 365, which does not apply in my scenario. I haven't found any information for the configuration of a local CRM 2016 instance or ADFS.
How is this accomplished for an all on-premises deployment?
To impersonate a user, set the CallerId property on an instance of
OrganizationServiceProxy before calling the service’s Web methods.
via https://learn.microsoft.com/en-us/dynamics365/customerengagement/on-premises/developer/org-service/impersonate-another-user
Or
To impersonate a user based on their systemuserid you can leverage
MSCRMCallerID with the corresponding guid value.
via https://learn.microsoft.com/en-us/powerapps/developer/data-platform/webapi/impersonate-another-user-web-api
Although I can't guarantee that it will work in version 8.1 and below.
We just received an update to Dynamics CRM 9.0, but it seems like a get a unresolved reference when I try to programmatically access the Organization Service Endpoint.
The Uri I am using for this CRM online instance is https://xxxxxxxxxxxxxtest.api.crm.dynamics.com/XRMServices/2011/Organization.svc?wsdl&sdkversion=9'.
Please let me know if anything has changed that I cannot use this endpoint anymore?
Please check if the following blog article helps you. There are several different possibilities why this is happening, but with version 9, so are easily fixed:
https://community.dynamics.com/crm/b/nishantranaweblog/archive/2018/01/31/metadata-contains-a-reference-that-cannot-be-resolved-https-orgname-crm8-dynamics-com-xrmservices-2011-organization-svc-wsdl-amp-sdkversion-9-error-in-dynamics-365
Hope this helps.
The OData URL is
https://[ORGNAME].crm.dynamics.com/XRMServices/2011/OrganizationData.svc/[EntitySet]
The Organization URL is
https://[ORGNAME].api.crm.dynamics.com/XRMServices/2011/Organization.svc
(Double check the info by going under Settings -> Customizations -> Developer Resources)
2011 aka soap endpoints are deprecated, which means will be retired anytime. So you don’t have much time, earlier is better to convert to Web Api.
Beginning with the Dynamics 365 (8.0) release, a new OData 4 endpoint was added to the Dynamics 365 application stack. This endpoint is known as the Web API. The Web API provides a development experience that can be used across a wide variety of programming languages, platforms, and devices. The Web API is intended to replace the CRM 2011 endpoint, also known as the SOAP endpoint, for accessing the Dynamics 365 organization web service and other provided web services.
As of the release of Microsoft Dynamics CRM Online 2016 Update 1 and Microsoft Dynamics CRM 2016 Service Pack 1 (8.1.0), the CRM 2011 endpoint has been deprecated. The 2011 endpoint will be removed some time after the release of Dynamics 365 version 9. We plan to provide updates to the Dynamics 365 SDK assemblies and tools over the next several minor releases, retargeting them to use the Web API instead of the 2011 endpoint.
Till then check if TLS 1.2 is the issue like discussed here.
Check, please, that option "Don't use proxy server for local (intranet) address" off on Proxy tab in Network settings
I have an Azure Logic app that needs to connect to an on-premise Dynamics CRM instance.
I'd like to use the "Dynamics 365" connector so I had a look at this article
Connect to data sources on premises from logic apps with on-premises data gateway
But I can't see CRM as part of the supported data source.
For the moment, I plan to connect directly to CRM Sql Server database (available from the data gateway) but I am wondering if there is any workaround to use "Dynamics 365" connector to connect to an on-premise Dynamics CRM instance?
At the moment, the CRM connector does not support the on-prem data gateway. Another option is to use Custom Connectors and wrap your CRM Soap endpoints with it.
Custom Connectors support the on-prem data gateway, thus you can wrap your CRM Soap Endpoints with the Custom Connector and use either SOAP to REST or SOAP pass-through.
This is still in preview and the team are still working on the documentation, but it works :)
HTH
I am curious to know why we always need to register our CRM online instance on an Azure Active Directory in order to authenticate the Web API while accessing from outside CRM domain.
That is, for example, if I need to access CRM online instance through another website using CRM's Web API endpoint, then I must register my CRM instance to Azure Active Directory.
Though I am aware that, its a very nominal charge to create an Azure Active Directory, still I would need to subscribe to Azure even if I just want to perform some general research for CRM connectivity through Web API.
Why this is must? Are there any security considerations behind this?
Why can't we use the same authentication mechanism as we used to do with Organization service?
Any details on this will be much appreciated.
The CRM WebAPI uses OAuth2 and Azure AD is the only currently supported authentication platform to provide this (Windows Server 2016 will support OAuth2 for on-premise).
The Organisation service is a WCF service and as such uses SOAP for authentication and authorization. This is an entirely different technology stack that brings it's own set of problems, many of which the OAuth2 protocol tries to solve in this scenario.
Although you manage your CRM Online users through the Office 365 portal the underlying technology for these accounts is also Azure AD. Check if you can use this existing AD tenant created as part of your subscription rather than having to create another.
If you are using CRM online you already have aan Azure Active Directory. If you haven't already done so, you can signup for an Azure subscription and import the underlying AAD into your Azure subscription. You will need a credit card, but as far is I know using the Azure AD is free.