Friday, October 27, 2006

Impersonation - a few tips...

I was working with an aspx-page that was called by an isv.config.xml-button today and had problems with getting the impersonation to work. It was quite obvious when I solved it. If you have similar problems, I have a few tips:

Usually the external webpages are run from another website that CRM. Make sure this website has anonymous access shut off and Integrated Windows Authentication turned on. Also make sure that the tag <identity impersonate="true"/> is in the web.config-file of the root of the website.

To avoid getting login-dialogs, make sure the site with the external pages are in trusted sites or Local Intranet Sites in IE.

If you have followed these tips, impersonation should work. The SDK mentions that users have to be in the PrivUserGroup but when I tried it still worked. Maybe that is needed in some special cases. If I manage to understand when, I will write about it.

Happy impersonating!

Gustaf Westerlund
CRM and SharePoint Consultant

Humandata AB


  1. Hi Gustaf,

    Thanks for the valuable information. I have a info path form which pushes the incident in CRM using another webservice. So the flow is InfoPath form -> my webservice -> CRM webservice.
    I have impersonation at both the webservice. But it looks like impersonation is not working it is using the default account in CRM as owner field.

    Any clue what would be the problem?


  2. Hi Chaitanya,
    I am not sure that InfoPath properly uses Impersonation and I don't know if it can be passed forward in the manner you are describing. Perhaps you need to set up Kerberos Trust delegation to make it work, but I am not sure. I would try to confirm that each step in the process works and then try connecting one part at a time.