Archive

Posts Tagged ‘authentication’

ADX Portal – Prevent unauthorized access of custom pages

November 26, 2019 Leave a comment

For one of our requirements, we built a custom .aspx page and placed under ‘Areas’ folder of OOB ADX website’s ‘MasterPortal’ project.

ADX_Prevent_UnAuthAccess

Issue:

  • The .aspx page was accessible without signing in to the portal by using the following URL convention
    • https://base_portal_url/Areas/folderName/Pages/filename.aspx

Fix:

  • On Page_Load of the aspx page, check whether the request is from authenticated user or not.
  • If unauthenticated request, set 401 error code (i.e., Unauthorized error) to the Response object and redirect to portals ‘SignIn’ page.
  • Below is the code snippet need to be placed in Aspx page’s ‘Page_Load’ event, which redirects unauthenticated requests to Portal’s ‘SignIn’ page.

protected void Page_Load(object sender, EventArgs e)
{
if (!Request.IsAuthenticated)
{
Response.StatusCode = 401;
Response.End();
}
}

🙂

Categories: ADX Tags: , ,

CRM application prompting credentials for all SOAP/OData calls

September 27, 2012 3 comments

Other day my CRM application started behaving weirdly, it was prompting credentials for every OData/SOAP calls in my Jscripts.

Here is the scenario, I had a custom jscript library on Account entity which enable/disable ribbon buttons on form load.

So when I open the Account form I had to provide credentials for all those service calls in my custom jscript.

I thought the problem was with my browser settings I even tried by resetting properties of my browser but it did not solve the issue

Finally setting to the Windows Authentication’s “Providers” solved my problem.

Below are the steps I followed

  • Open IIS
  • Click on “Microsoft Dynamics CRM” website
  • Double click on “Authentication” on “Features View”
CRM Windows Authentication

CRM Windows Authentication

  • Click on “Providers” on left navigation
  • Make sure “Negotiate” provider is the 2nd option after NTLM
Providers

Providers

  • Reset IIS

These steps worked in my case. Thanks for the hosks link