06 July 2011

IFD Claims based Authentication

Recently I had difficulties with creating client application to CRM deployed using Internet Facing deployment with Claims Based Authentication ADFS 2.0 Sample code shows connecting to IFD CRM only available at CRM SDK samplecode\cs\wsdlbasedproxies\ifd, but it supposes that you have to add Service References to Discovery Service and to Organization Service. I was not going to use Service References, but how to instantiate and configure OrganizationServiceProxy class item in the right way was not clear for me.
In my case ServiceConfigurationFactory class helped me. Below is peace of code how I'm retrieving IOrganizationService instance:

Uri organizationUriIFD = new Uri("https://[server]:[port]/XRMServices/2011/Organization.svc");

credentials.UserName.UserName = "username";
credentials.UserName.Password = "password";

using (Microsoft.Xrm.Sdk.Client.OrganizationServiceProxy _serviceProxy = new OrganizationServiceProxy(config, credentials))
// This statement is required to enable early-bound type support.
_serviceProxy.ServiceConfiguration.CurrentServiceEndpoint.Behaviors.Add(new ProxyTypesBehavior());

IOrganizationService _service = (IOrganizationService)_serviceProxy;

WhoAmIResponse response = (WhoAmIResponse)_service.Execute(new WhoAmIRequest());



  1. Can we get the service with defalut credentials like
    credentials.Windows.ClientCredential =System.Net.CredentialCache.DefaultNetworkCredentials;

    Am trying to connect to crm with network credentials but it saying as "user authentication failed"
    Can you please help me...

    1. In some cases it works in other cases it doesn't. Actually it depends on your network configuration and on what kind of application (desktop, web etc.) is your client and how do you run it.

    2. I have the same problem with a console application.
      I can't fix the username/password, the app must run in the name of the current user.
      Have any ideas or advise?

    3. System.Net.CredentialCache.DefaultNetworkCredentials is assigned to "credentials.Windows.ClientCredential" where as in IFD or Claim based implementation "credentials.Username.username / password" is used to authenticate.

  2. Hi Anton, I get a strange exception "The authentication endpoint Username was not found on the configured Secure Token Service!". Can you kindly help me to figure this out

  3. Thank you so much!! I struggled with this for a whole day, and found no other resources to explain Ifd. Linked here from SO question.