问题
I would like to build a simple web site where a customer can place orders and view products. This data is my Microsoft Dynamics CRM 2011 Environment.
This data is customer specific, so i need information about the user which is logged in. User credentials are stored in CRM 2011. With these credentials users may login to this new custom website. They should not have access to the crm environment itself.
How should i setup authentication for this web site? Can i just query the user information in crm 2011, should I setup a ADFS application or something else?
回答1:
We just implemented something similar for a client of mine. We had around 5000 users that needed to be able to view and edit CRM data, but we didn't want to pay for the full CRM user licenses since the data they needed to update / view was rather small. All of the users were already in Active Directory, so we purchased Employee Self Service Client Access License (ESS CAL) licenses for each of the users. This type of user license doesn't have access to the CRM UI, so they could never actually log into CRM itself.
We used AD authentication on the website, with an app pool user that was a CRM super user account. On the initial load of the users's session, we grabbed the username from the context, and looked up the SystemUserId of the user in CRM, then used impersonation with the Service Proxy to only access and update the data that the user was allowed to. It worked really well.
回答2:
One approach would be to create a set of system users (potentially, a single one might suffice) with access rights to the information that a certain set of web site users are supposed to have accessible.
Then, on your server hosting the web application, you could assign a role to each of the logged in visitors (that way, a certain system user instance in CRM will correspond to a role for a set of your visitors).
The login procedure against the web site is really up to you. The connection between the application and the CRM servers is, I believe, most securely set if you keep them on the same physical machine, if that works for your particular set up.
来源:https://stackoverflow.com/questions/15090305/how-to-authenticate-to-crm-2011