Category: Dynamics 365

Follow-up on TLS 1.2 issue in Dynamics 365

Recently there have been lots of posts and incidents because of Dynamics 365 v9.0 enforcing TLS 1.2

To resolve this i.e. enforcing your application to connect through TLS 1.2 there are various options available out there.

I have tried to list down all the options I came across in this code

 

If you are having source code that you are building you can use on of the options available below:

1. Use  following before your connection request is made. This will enforce TLS 1.2

System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

2. Change your framework version to 4.6 or above and you don’t need to additional work (or line of code highlighted above)

A quick summary of .Net framework and TLS Support

.Net Framework TLS Support
.Net 4.6 and above TLS 1.2 is supported by default
.Net 4.5 TLS 1.2 is supported you can use first solution to use it.
.Net 4.0 TLS 1.2 is not supported by framework but you can still use it with enum value is server has framework 4.5 or above installed
ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;
.Net 3.5 or below Was not supported earlier but there is a patch to get it working

 

 

Other scenario can be that you have a prebuilt application and none of the solutions highlighted above works (in this case a plugin registration tool)

1.  You can resolve it by adding the following line to the <runtime> section of the app.config file (provided that application is built against supported .Net framework):

<AppContextSwitchOverrides value="Switch.System.Net.DontEnableSchUseStrongCrypto=false"/>

 

In case you have multiple applications running on a server (compiled in version supporting TLS 1.2) you can do registry edit to enforce all applications on server to utilize highest possible version. Be careful with this fix as it might cause negative impacts on other applications.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319

“SchUseStrongCrypto”=dword:00000001

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319

“SchUseStrongCrypto”=dword:00000001

Reference blogs:

https://blogs.perficient.com/microsoft/2016/04/tsl-1-2-and-net-support/

https://blogs.msdn.microsoft.com/usd/2017/10/20/unified-service-desk-and-tls-1-2-mandate-for-dynamics-365-online/

Issue while authenticating with CRM Organization Service from Web App (July 2017 Update)

While connecting through Dynamics 365 Customer Engagement through a web application we were getting OrganizationServiceProxy value as null.

There was nothing out of ordinary in the authentication call

value of conn.OrganizationServiceProxy was null and there was no specific exception thrown by the code.

 

While checking connection object only exception we saw was for LastCrmError object

LastCrmError    “Unable to Login to Dynamics CRMOrganizationServiceProxy is null”  

 

To resolve the issue we tried to change the authentication code to

and got exception

Metadata contains a reference that cannot be resolved: ‘https://***.api.crm5.dynamics.com/XRMServices/2011/Organization.svc?wsdl&sdkversion=9

 

While hunting for possible cause we came across Microsoft blog post stating that they have changed the connectivity to utilize TLS 1.2. (Default version used by .Net framework is SSL3 | TLS).

To enforce TLS 1.2 we included

just before connection request being sent to CRM. Tesolved issue in both authentication methods.

Dynamics 365 Customer Engagement Portals Source Code

After taking over ADX Portal Microsoft stopped selling it for on-premise version of Dynamics CRM and only licensed Online version of Microsoft Portals. With this move many of the new Dynamics 365/CRM projects which required a portal on top of Dynamics 365/CRM backend had no possible alternative available in market.

Few months back Microsoft announced that there will be a one time drop of source code for Microsoft Portals which would be available for clients/SI looking for a on premise version to use in their projects.

After a long wait yesterday Microsoft released opensource version of Dynamics 365 Portal.

Download Link: https://www.microsoft.com/en-us/download/details.aspx?id=55789 

What is provided in the download:

  • Source code
    • Source code for ADX Studio Framework
    • Source code for Microsoft Portal Framework
    • Source Code for sample portal
  • Dynamics 365 Solutions and Deployer Packages for
    • Community Portal
    • Customer Portal
    • ESS Portal
    • Partner Portal
    • Partner Project Service
    • Partner Field Service
    • Starter Portal
  • Installation Guide

 

Key points to note are:

  • This is one time source code drop and there won’t be any future releases.
  • There is no support provided by Microsoft for this.
  • If you choose to use this in a project, with any future changes in Dynamics CRM API calls you will have to upgrade it yourself.

 

Online Management API: Using Console Application

Once you have set up the App Permissions for Azure AD to access Dynamics CRM Online you can use the Application ID to authenticate with Online Management API and work with Various Operations.

 

Follow the given steps to understand how to set up Console Application to work with Online Management API:

  • Open Visual Studio and Create a new “Console Application”
  • Create a New Class file called “Helper.cs” and copy the helper code (from SDK) to the file.

 

  • In Helper code update client id to your Application ID while you registered CRM Online App with Azure AD. Set URL to “http://localhost/” 
  • Add Reference to “Microsoft.IdentityModel.Clients.ActiveDirectory”. If you don’t have it installed you can install it through NuGet Package
    • Right click the References -> Click Manage NuGet Packages.
  •  
    • Search for “Microsoft.IdentityModel.Clients.ActiveDirectory” and select version “2.x.x” as version “3.x.x” will not work.  Click Install.
  •  
  • Replace Program class with following code (taken from SDK Sample) and add missing references.

 

  • Update the Service URL based on your region.
  • Run the Application, it will ask for Online Authentication and approval to give permissions to app.
  • Once executed you will get instance information.

For Sample Highlighted above you can refer to First Sample solution in following Git Repo.

https://github.com/BuggyBrain/Dynamics.OnlineManagement   

Online Management API: Setting up Access through Azure AD

To access Online Management API first thing we need to do is register Dynamics CRM app with Azure AD so that our console application can have access to it.

 

To register App with Azure AD:

  • Navigate to Azure Portal. (Even if you are using trial account it will work).
  • Go to Azure Active Directory -> “App registration”

  • Click “New Application Registration”

  • Key in the Details

 

  • Once App is Created you can see app details.  Application ID is the Client ID we require for the app authentication, Keep Application ID with you for authenticating through Client App.

  • To provide this app permission to Dynamics CRM Online Management API click on Required Permissions -> Add -> Select an API

 

  • Select Dynamics CRM Online from list

 

  • Once “Dynamics CRM Online” is selected, click “Select Permissions” -> “Access CRM Online Organization users” -> “Select”.

 

 

After following above steps you will be able to Authenticate from your custom native app to Online Management API.

Online Management API : Introduction

Microsoft recently released Online Management API for Dynamics 365 Customer Engagement (CRM) instances.

This can be used to automate the process for which we typically required Office 365 Global Admin to Log in to Admin Center and manually slog.

With help of this now we can now go ahead and fulfill our ALM and CI dreams right from setting up a new instance (and going ahead with deploying solutions to those instances using Dynamics CRM metadata calls).

 

Certain key processes which can be automated through Online Management API are:

  • Creating a new Dynamics 365 Instance
  • Retrieving Instance as well as Information about instances
  • Deleting an Instance
  • Taking a Backup (of instance)
  • Retrieving Backup
  • Restoring Backup
  • Retrieving the Templates i.e. Sales, Customer Service, Field Service etc…
  • Retrieve Currency, Languages supported by Instance.
  • Retrieve operation statuses (which have been Triggered)
  • Update Admin Mode setting of instance so that its not available to users.

 

Along with above Online management api can also be used to manage server to server authentication by supporting:

  • Creations of Tenant Application Identity
  • Retrieval of Tenant Application Identity
  • Enable or Disable Tenant Application Identity.

 

Key points to note for API:

 

In my next blog posts I will cover:

Using Entity List as oData Feed: Dynamics 365 Portal

In Dynamics 365 portals we have “Entity Lists” which can be used to display system view on Portal UI as grids/tables.

Other than above usage entity lists also provide flexibility to expose data as oData web services.

To setup oData scroll down on entity list record to “OData Feed” tab and enter the values of entity type name, entity set name and View.

Based on above configuration system will generate oData URL as https://<portalurl>/_odata/entity_set_name

To fetch the data from above oData service

  • Generate the oData URL.
  • Call oData service and get response.
  • Loop through the response to get the data.

 

 

In above code we are passing the account guid to oData as filter and getting list of active contacts tagged to that accounr.

oData service from entity list provide us with various query options like :

  • $filter –> to filter the results based on condition.
  • $orderby –> to sort the results
  • $top –> to get top n results
  • $skip –> to skip top n results.
  • $inlinecount –> to get count of records in the response.
  • $format –> to define the response type, options can be atom, json, jsonverbose.

You don’t have the appropriate permissions. Dynamics 365 Portal

Post upgrade Dynamics 365 Portal we were getting following error during inserting/updating record from portal. 

“You don’t have the appropriate permissions.”

To fix this go to “Entity Permission” and make sure that all permission records which have “Create” and “Update” permissions checked also also have “Append” and “Append To” permission checked.

 

Refer to Microsoft support block highlighting this issue.

https://support.microsoft.com/en-sg/help/4020181/portal-entity-permission-enhancement-requires-record-modifications

Renaming Attributes on Entity Form: Dynamics 365 Portal

While working on Microsoft Dynamics 365 Portal one of the requirement we had was to rename certain fields on Portal so that those are more self explanatory to portal users.

 

To do that for entity form,

  • Go to Entity form Record.
  • Scroll down to “Entity Form Metadata” sub-grid.
Dynamics 365 Entity Form
  • Create a new entity form metadata record of type Attribute and Select the Attribute.
  • Update Label field to display the relevant label on the form.
Dynamics 365 Attribute Metadata

 

To update label in entity list,

  • Go to entity list record,
  • Scroll down to “Options” tab and “Grid Configuration” section.
  • In “Override Column Attributes” select “Attribute”, key in “Display Name”, put column width in pixel (percentage was not working for me).
Dynamics 365 entity list

Hiding System Views

While working on Dynamics CRM one of the most irritating issue is that System Views are Global and there is no (direct?) way through which you can control them based on User/Security Role/ BU etc…

Till now I have come across 3 different ways you can restrict system views visible to users and you can select which method to use for your need:

1. Using Security role based Views:
This is not an official way of controlling system views but its more or less supported.
For this method there is a tool (which used to be free) called Role Based Views by CRM MVP Debajit Dutta.
You can download free version at codeplex which is available for 2011 and 2013.
For 2015 onwards you can purchase it at XRMForYou.

In principal how this tool works is.
It has plugin written on Retrieve Multiple (of savedquery) and based on configuration you do in the tool, it intercepts the retrieve multiple, checks user security role and decides whether to let user see the view or not.

2. If requirement is not role based and its to hide certain views which were created specifically for Sub-grids.
In few cases we create some system views to display on form sub-grid only, if you want to hide those views in Home screen then simple workaround it “DEACTIVATE” those views.
You will still be able to use those on sub-grid and those will not be visible on home screen and dashboards.
Thanks to OldCat65 for this.

3. You need role based view but don’t want to pay for it.
Option 1: Write your own.
Option 2: Use Apps in Dynamics 365.
Using “Apps” in Dynamics 365 you can create your own site map navigation and define which entities, forms and views are part of app. On the home screen of the App only the views selected within app will be visible.
Bonus, Apps can be restricted based Security Roles.