Friday, October 6, 2017

Encrypt or Decrypt connection string in .Net

Connectionstring contains highly confidential information which we should secure carefully to prevent any kind of misuse., To secure this confidential information we don't need to write any addition code as we can do with ease in .Net. Below are the steps to encrypt and decrypt connection string.


Let assume you have a connection string as follows either in web.config or app.config.


Now go to below path to access aspnet_regiis.exe
"%WinDir%\Microsoft.NET\Framework\<versionNumber>"

And run below command

aspnet_regiis -pe "connectionStrings" -app "/MyApplication"

The above command with -app switch assumes that there is an IIS virtual directory called MyApplication. If you are using the Visual Studio .NET 2005 Web server instead of IIS, use the -pef switch, which allows you to specify the physical directory location of your configuration file.

aspnet_regiis.exe -pef "connectionStrings" C:\Projects\MyApplication

Note: As above command only looks for web.config, change your app.config name to web.config if you are using windows or console application. Don't worry you will change your config name back to app.config once this process is done.

If everything is fine then you will see below message in command prompt.




And your app.config or web.config will be like below.












You can use below code to retrieve conntionstring, as ConfigurationManager will take care of decrypting the password.

string connectionString = System.Configuration.ConfigurationManager.ConnectionStrings["testConn"].ConnectionString;


That’s all to maintain secure connection string in web.config or app.config.

Note   If your ASP.NET application identity does not have access to the .NET Framework configuration key store, the following message is returned:

Parser Error Message: Failed to decrypt using provider 'RsaProtectedConfigurationProvider'.
 Error message from the provider: The handle is invalid.
 
To grant access to the ASP.NET application identity
  1. If you are not sure which identity to use, check the identity from a Web page by using the following code:
    using System.Security.Principal;
    ...
    protected void Page_Load(object sender, EventArgs e)
    {
      Response.Write(WindowsIdentity.GetCurrent().Name);
    }
     
  2. By default, ASP.NET applications on Windows Server 2003 run using the NT Authority\Network Service account. Open a .NET command prompt, and use the following command to give this account access to the NetFrameworkConfigurationKey store:
    aspnet_regiis -pa "NetFrameworkConfigurationKey" "NT Authority\Network Service"
    If
     the command runs successfully you will see the following output:
    Adding ACL for access to the RSA Key container...
    Succeeded!
     
    You can check the ACL of the file in the following folder:
    \Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys
    Your 
    RSA key container file is the file in this folder with the most recent timestamp.



To change the connectionStrings section back to clear text, run the following command from the command prompt:
aspnet_regiis -pd "connectionStrings" -app "/MyApplication"
If the command is successful, you will see the following output:





To decrypt the connectionStrings section that specifies a physical path to your application's configuration file, use the -pdf switch as shown here.
aspnet_regiis -pdf "connectionStrings" C:\Projects\MyApplication

Friday, September 15, 2017

Unable to Login to Dynamics CRMOrganizationServiceProxy is null

Dlls Required:
Microsoft.Xrm.Tooling.Connector.dll

CRM connection code:
string connectionString = ConfigurationManager.ConnectionStrings["CRM"].ConnectionString;

CrmServiceClient client = new CrmServiceClient(connectionString);


Connection String:
<add name="CRM" connectionString="AuthType=Office365;Username=myid@mydomain.com; Password=mypassword;Url=https://organiationuniquename.crm.dynamics.com"/>


That’s it, this is the piece of code required to connect CRM online through SDK. But the error "Unable to Login to Dynamics CRMOrganizationServiceProxy is null" sometimes can kill good amount of time. Below are the some suggestion which can resolve and saves someone's hours of time.

1. Check your connection string.
2. You should use unique name of organization in connection string. You can find unique name in              Settings->Customizations->Developer Resources







3. something wrong with credentials you are using. Try using service credentials.
4. Double check which version of dlls you are using.
5. Install the right version of dlls through nuget packages










6. There may something wrong with network, try using different network preferably try to test in client network itself
7.     And, include below tag in app.config or web.config
<system.net>
  <defaultProxy useDefaultCredentials="true"></defaultProxy>
</system.net>

Let me know which point helps you most.

Happy coding.



Friday, August 18, 2017

Dynamics 365 editable grid limitations

1. Logic we have implemented on update or create form will not work automatically on editable grid. We should configure explicitly for editable grid.
2. Editable grid works on execution context, we can set or clear notifications of controls under selected row.
3. Save in editable grid works bit differently than normal save method. EventArgs of save method in editable grid is null, hence we cannot stop the save execution in middle. But we can stop the save in update form through eventargs.
4. Group By - by default value is null, user have to select the group by value initially. We cannot set through code.
5. When we are using same javascript file for both editable grid and normal form, I did observer file is loading twice in browser with different case.

Monday, August 29, 2016

Minimum Privileges required to access MS CRM

When signing in to Microsoft Dynamics CRM:

1. To render the home page, assign the following privileges on the Customization tab: Read Web
Resource, Read Customizations.

2. To render an entity grid (that is, to view lists of records and other data): Read privilege on the entity, Read User Settings on the Business Management tab, and Read View on the Customization tab.

3. To view single entities in detail: Read privilege on the entity, Read System Form on the Customization tab, Create and Read User Entity UI Settings on the Core Records tab. 

Owner Team Vs Access Team in MS CRM

Owner Team:


1. We can grant security roles to owner teams.
2. Owner Team owns the record, i.e Owner field of each record will be filled with the team.
3. Need to be created manually or programmatically created and managed.
4. Will be cached in Dynamics CRM Server when user accesses application.
5. Can act as a resource in service scheduling.


Access Team;

1. We cannot grant security roles to access teams.
2. It cannot own any records.
3. Won't be displayed in most team views.
4. Can be system managed, directly from the form of the record that it relates to
5. Won't be cached as it doesn't derive privilege or ownership checks
6. Can't be scheduled as a resource in service scheduling

Tuesday, May 3, 2016

Things you might not know about solutions in MS CRM

Though we are working with the system very closely, certainly there are few things which we might not know.

Here I would like to give few important points related to solutions.


  • You can’t export your default solution as a managed solution
  • MS CRM don’t support importing a default solution taken from an on-premise deployment into a CRM Online organization or a default solution taken from a CRM Online organization into an on-premises deployment. MS CRM do support importing custom solutions between these deployment types, but not default solutions
  • When you export a managed solution, you can’t import it back into the organization it was imported from
  • All imported security roles will be attached to the root business unit
  • If you import customizations that include a language that is not installed on your system, any labels defined in the customizations will default to the base language of the Microsoft Dynamics CRM system the customizations were imported from.

These are very interesting points I came to know when I gone through MS CRM adminstration guide. Please comment if I miss any so that those points will be added to the list.

Monday, May 2, 2016

Minimum privileges for common tasks in MS CRM

1. When logging in to Microsoft Dynamics CRM:


  • To render the home page, assign the following privileges on the Customization tab: Read Web Resource, Read Customizations
  • To render an entity grid (that is, to view lists of records and other data): Read privilege on the entity, Read User Settings on the Business Management tab, and Read View on the Customization tab
  • To view single entities in detail: Read privilege on the entity, Read System Form on the Customization tab, Create and Read User Entity UI Settings on the Core Records tab

2. When logging in to Dynamics CRM for Outlook:

  • To render navigation for Microsoft Dynamics CRM and all Microsoft Dynamics CRM buttons: Read Entity and Read View on the Customizations tab
  • To render an entity grid: Read privilege on the entity, Read Customizations and Read Web Resource on the Customization tab, and Read Saved View on the Core Records tab
  • To render entities: Read privilege on the entity, Read System Form on the Customization tab, and Create, Read, and Write User Entity UI Settings on the Core Records tab