Implement single sign-on from an ASPX webpage or IFRAME

This topic describes how to develop a custom webpage that can make SDK calls to Dynamics 365 Customer Engagement (on-premises) on behalf of the Dynamics 365 Customer Engagement (on-premises) user who is signed in. The typical use of this capability is to write a webpage that is displayed in an inline frame in the Dynamics 365 Customer Engagement (on-premises) web application user interface. That webpage performs its intended operation, for example, providing a store front, while being hosted on a website independent of the site that’s hosting Customer Engagement. However, the webpage can perform its operations on behalf of the Customer Engagement user who is signed in. The result is seamless integration between a webpage and Dynamics 365 Customer Engagement (on-premises).

Dynamics 365 Customer Engagement (on-premises) with a separate website

This scenario is for a Dynamics 365 Customer Engagement (on-premises) Internet-facing deployment (IFD) where a separate website hosts a custom ASPX webpage that is optionally displayed in an inline frame of the Dynamics 365 Customer Engagement (on-premises) web application. This scenario uses federated claims. Therefore, you’ll have to set up a security token service (STS) server for identity management. You’ll also need a certificate to be used when making Dynamics 365 Customer Engagement (on-premises) and the website relying parties, which established cross-domain trust between these parties.

Background information

For more information about how to configure claims and a relying party, see the following topics in Deploying and administering Microsoft Dynamics 365 Customer Engagement (on-premises):

Dynamics 365 Customer Engagement (on-premises) with an Azure-hosted webpage

This scenario is for use with Dynamics 365 Customer Engagement (on-premises) where Azure hosts a custom webpage that’s optionally displayed in an inline frame of the Dynamics 365 Customer Engagement (on-premises) web application. This scenario uses federated claims, provided by the Windows Live security token service (STS) server for identity management. You must provide a certificate to be used when making Dynamics 365 Customer Engagement (on-premises) and the Azure website relying parties, which established cross-domain trust between these parties.

Background information

For more information about how to configure a relying party, see the following topic: Secure Azure Web Role ASP.NET Web Application Using Access Control Service v2.0

For more information about identity management, see http://channel9.msdn.com/Learn/Courses/IdentityTrainingCourse

For more information about implementing this scenario including problems you may run into and the workarounds, see these blogs: Dynamics 365 Customer Engagement (on-premises) & Azure: Improving the SSO experience, and Dynamics 365 Customer Engagement (on-premises) & Azure Series.

Enable inline frame communication across domains

If you want to enable communication for an inline frame (iframe) that contains content from a different domain, you can use the Window.postMessage method. This browser method can be used for Internet Explorer 8. Google Chrome, Mozilla Firefox, and Apple Safari also support this method. For more information about using postMessage, see the following blog posts:

See also

Access the Web Services (Authentication) in Dynamics 365 Customer Engagement (on-premises)
Sample: Impersonate Using the ActOnBehalfOf Privilege
Impersonate Another User
Web Resources for Dynamics 365 Customer Engagement (on-premises)