Archive
ADX Portal – Prevent unauthorized access of custom pages
For one of our requirements, we built a custom .aspx page and placed under ‘Areas’ folder of OOB ADX website’s ‘MasterPortal’ project.
Issue:
- The .aspx page was accessible without signing in to the portal by using the following URL convention
- https://base_portal_url/Areas/folderName/Pages/filename.aspx
Fix:
- On Page_Load of the aspx page, check whether the request is from authenticated user or not.
- If unauthenticated request, set 401 error code (i.e., Unauthorized error) to the Response object and redirect to portals ‘SignIn’ page.
- Below is the code snippet need to be placed in Aspx page’s ‘Page_Load’ event, which redirects unauthenticated requests to Portal’s ‘SignIn’ page.
protected void Page_Load(object sender, EventArgs e)
{
if (!Request.IsAuthenticated)
{
Response.StatusCode = 401;
Response.End();
}
}
🙂
CRM application prompting credentials for all SOAP/OData calls
Other day my CRM application started behaving weirdly, it was prompting credentials for every OData/SOAP calls in my Jscripts.
Here is the scenario, I had a custom jscript library on Account entity which enable/disable ribbon buttons on form load.
So when I open the Account form I had to provide credentials for all those service calls in my custom jscript.
I thought the problem was with my browser settings I even tried by resetting properties of my browser but it did not solve the issue
Finally setting to the Windows Authentication’s “Providers” solved my problem.
Below are the steps I followed
- Open IIS
- Click on “Microsoft Dynamics CRM” website
- Double click on “Authentication” on “Features View”
CRM Windows Authentication
- Click on “Providers” on left navigation
- Make sure “Negotiate” provider is the 2nd option after NTLM
Providers
- Reset IIS
These steps worked in my case. Thanks for the hosks link
Rajeev Pentyala - Microsoft Power Platform 