Upgrade Code in the ISV folder to Microsoft Dynamics CRM 2011

[Applies to: Microsoft Dynamics CRM 2011]

In Microsoft Dynamics CRM 4, ISV’s could create and integrate ASPX web pages with the web application. These web pages could support single sign-on (SSO) or could perform operations on behalf of the user through impersonation. In Microsoft Dynamics CRM 2011, calling the Microsoft Dynamics CRM 2011 web services from the <crmwebroot>\ISV  folder is no longer supported. The ISV folder is officially deprecated. Any webpages or other custom code in that folder must use the 2007 web service endpoint. For more information, see Use the Microsoft Dynamics CRM 4.0 (2007) Endpoint.

When upgrading to Microsoft Dynamics CRM 2011, if your existing web pages meet the following criteria, they will continue to work.

  • The ASPX web pages are installed under the <crmwebroot>\ISV folder.

  • The web pages use the 2007 ASMX web service endpoint.

  • The web page code uses the CrmImpersonator class for switching the thread context or the CrmAuthenticationToken.ExtractCrmAuthenticationToken method to get the UserId.

Sample code for a Microsoft Dynamics CRM 4.0 ISV web application that is compatible with Microsoft Dynamics CRM 2011 can be found in the SDK\SampleCode\CS\GeneralProgramming\Authentication\IFDBackCompat folder of the SDK download.

Guidelines for Developing New Code

When developing new code, the recommendation is to use the web resources feature of Microsoft Dynamics CRM 2011. For scenarios that will not be satisfied by the web resources feature, create your web application in its own application pool with its own web.config. For this discussion, this application will be referred to as the ISV web application.

Single Sign-On

For on-premises (AD) only scenarios, use integrated authentication. For an Internet-facing deployment (IFD), on-premises with claims, or Microsoft Dynamics CRM Online scenarios, make the ISV web application a relying party to the Secure Token Service (STS) that Microsoft Dynamics CRM is configured against.


When the user navigates to the ISV web page, the page is presented with a token by STS that has the end user Universal Principal Name (UPN). The ISV web page can retrieve the Microsoft Dynamics CRM UserId using a web service call, by matching against the UserNameUPN. If the web page has ActOnBehalfOf privilege, it can then do impersonation of the user against the web service. There is no need for the ISV web page application pool account to be a member of the PrivUserGroup group.

Same Site of Origin Policy

For same site of origin policy requirements where ISV web pages need to manipulate the Document Object Model (DOM) of the container Microsoft Dynamics CRM page, you need to host the ISV web application on the same server or under a sub-domain. However, this will not work for Microsoft Dynamics CRM Online. Hosting the ISV web application inside the Microsoft Dynamics CRM site virtual directory or under the ISV folder is not supported. Alternately, web resources are a way to mitigate this issue because they are delivered from the Microsoft Dynamics CRM server for all deployment types.

Relative Path Concerns

When referring to the ISV web application URLs from Microsoft Dynamics CRM web application ribbons or the sitemap, the concern was that the URL is not relative. The recommended solution is to provide JavaScript that obtains the URL from a configuration entity that will be populated as a post solution install action based on the tenant where it was installed.

See Also


Web Resources for Microsoft Dynamics CRM
Implement Single Sign-on from an ASPX Webpage or IFRAME

Other Resources

Windows Azure web Role Hosted Service + Microsoft Dynamics CRM Online Impersonation

Microsoft Dynamics CRM 2011
Send comments about this topic to Microsoft.
© 2013 Microsoft Corporation. All rights reserved.