Implement single sign-on from an ASPX webpage or IFRAME

 

Applies To: Dynamics 365 (online), Dynamics 365 (on-premises), Dynamics CRM 2016, Dynamics CRM Online

This topic describes how to develop a custom webpage that can make SDK calls to Microsoft Dynamics 365 (online & on-premises) on behalf of the Microsoft Dynamics 365 user who is signed in. The typical use of this capability is to write a webpage that is displayed in an inline frame in the Microsoft Dynamics 365 web application user interface. That webpage performs its intended operation, for example, providing a store front, while being hosted on a website independent of the site that’s hosting Dynamics 365. However, the webpage can perform its operations on behalf of the Dynamics 365 user who is signed in. The result is seamless integration between a webpage and Microsoft Dynamics 365.

Microsoft Dynamics 365 with a separate website

This scenario is for a Microsoft Dynamics 365Internet-facing deployment (IFD) where a separate website hosts a custom ASPX webpage that is optionally displayed in an inline frame of the Microsoft Dynamics 365 web application. This scenario uses federated claims. Therefore, you’ll have to set up a security token service (STS) server for identity management. You’ll also need a certificate to be used when making Microsoft Dynamics 365 and the website relying parties, which established cross-domain trust between these parties.

Background information

For more information about how to configure claims and a relying party, see the following topics in TechNet: Deploying and administering Microsoft Dynamics CRM:

For more information about identity management, see the identity training course.

More information: Walkthrough: Single Sign-on from a Custom Web Page in the Microsoft Dynamics CRM 2011 SDK.

Dynamics 365 (online) with an Azure-hosted webpage

This scenario is for use with Microsoft Dynamics 365 (online) where Microsoft Azure hosts a custom webpage that’s optionally displayed in an inline frame of the Microsoft Dynamics 365 web application. This scenario uses federated claims, provided by the Windows Livesecurity token service (STS) server for identity management. You must provide a certificate to be used when making Microsoft Dynamics 365 (online) and the Microsoft Azure website relying parties, which established cross-domain trust between these parties.

Background information

For more information about how to configure a relying party, see the following topic: Secure Azure Web Role ASP.NET Web Application Using Access Control Service v2.0

For more information about identity management, see https://channel9.msdn.com/Learn/Courses/IdentityTrainingCourse

For more information about implementing this scenario including problems you may run into and the workarounds, see these blogs: CRM Online & Azure: Improving the SSO experience, and CRM Online & Azure Series.

Enable inline frame communication across domains

If you want to enable communication for an inline frame (iframe) that contains content from a different domain, you can use the Window.postMessage method. This browser method can be used for Internet Explorer 8. Google Chrome, Mozilla Firefox, and Apple Safari also support this method. For more information about using postMessage, see the following blog posts:

See Also

Authenticate users in Microsoft Dynamics 365
Sample: Impersonate using the ActOnBehalfOf privilege
Impersonate another user
Web resources for Microsoft Dynamics 365

Microsoft Dynamics 365

© 2016 Microsoft. All rights reserved. Copyright