This allows the MS CRM custom WCF service which is hosted in MS CRM IIS server to be accessed from Client in a more secured fashion. The message payload sent from the client will be encrypted over the SSL as well as with the Certificate.
The purpose of this implementation is to provide a dual layer encryption of the message body and also authenticates the request by using a service account.
In this blog we will discuss implementing WCF with the following requirements:
- Implement MS CRM using a custom WCF service (SSL over https).
- Use WS-Security to allow the message payload to be encrypted with a certification.
- Authenticate the client with a service account.
Overview
The image below is a pictorial representation of how a request is submitted to a server which then in turn calls the MS CRM Custom WCF service to push the request to the MS CRM system.
Solution
Below are the steps to implement the WCF solution.
1. Implement the MS CRM custom WCF service SSL over https.
Once the WCF service is deployed to IIS, add the https binding and choose the appropriate certificate. In the following scenario, the certificate is a wildcard certificate.
2. Use WS-Security to allow the message payload to be encrypted with a certification.
In order to encrypt the message payload with a certificate, add a custom binding which will provide message security and will also host the service on SSL. This will allow the client configuration file to auto generate the encoded token value. The custom binding is as follows:
WCF service Web.config
Create a custom binding with the security authentication mode as “UserNameForCertificate”.
Add a behavior with httpsGetEnabled = “true” and add the service certificate as mentioned below.
Add a service section as below. “BindingConfiguration” is pointing to the custom binding which is defined in step 1 above.
Client’s Web.config/app.config
When the WCF service is added as a Service reference on the client app, the server certificate encoded value is auto populated as shown below.
3. Authenticate the client with a service account.
On WCF Service
Add the following appSettings to the WCF service web.config.
The following code snippet is used to authenticate the user (usually the service account details are passed from the client) who is requesting access to the service. This code should be written into the WCF service.
On Client Service
On the client service, before calling a WCF method, it needs to pass the user credentials (usually a service account) as shown below.
MSDN blogs
http://blogs.msdn.com/b/dsnotes/archive/2013/05/03/wcf-dual-layer-encryption-message-transport.aspx
Happy CRM’ing!