implement-single-sign-aspx-webpage-iframe.md

title	description	ms.custom	ms.date	ms.reviewer	ms.suite	ms.tgt_pltfrm	ms.topic	applies_to	helpviewer_keywords	ms.assetid	author	ms.author	search.audienceType
Implement single sign-on from an ASPX webpage or IFRAME (Developer Guide for Dynamics 365 Customer Engagement (on-premises)) | MicrosoftDocs	This topic describes how to develop a custom webpage that can make SDK calls to Dynamics 365 Customer Engagement (on-premises) on behalf of the Dynamics 365 Customer Engagement (on-premises) user who is signed in		03/29/2019	pehecke			article	Dynamics 365 Customer Engagement (on-premises)	single sign-on from an ASPX webpage or IFRAME, implementing ASPX webpage with (optionally) IFRAME display, implementing single sign-on from an ASPX webpage or IFRAME Windows Azure-hosted webpage, implementing single sign-on from an ASPX webpage or IFRAME implementing single sign-on from an ASPX webpage or IFRAME, ASPX webpage with (optionally) IFRAME display custom website makes SDK calls to CRM on behalf of logged-on user, separate website for	c2b38554-eab9-4793-a2f5-62b7a11d99f7	JimDaly	jdaly	developer

Implement single sign-on from an ASPX webpage or IFRAME

This topic describes how to develop a custom webpage that can make SDK calls to Dynamics 365 Customer Engagement (on-premises) on behalf of the Dynamics 365 Customer Engagement (on-premises) user who is signed in. The typical use of this capability is to write a webpage that is displayed in an inline frame in the Dynamics 365 Customer Engagement (on-premises) web application user interface. That webpage performs its intended operation, for example, providing a store front, while being hosted on a website independent of the site that’s hosting [!INCLUDEpn_crm_shortest]. However, the webpage can perform its operations on behalf of the [!INCLUDEpn_crm_shortest] user who is signed in. The result is seamless integration between a webpage and Dynamics 365 Customer Engagement (on-premises).

Dynamics 365 Customer Engagement (on-premises) with a separate website

This scenario is for a Dynamics 365 Customer Engagement (on-premises) Internet-facing deployment (IFD) where a separate website hosts a custom ASPX webpage that is optionally displayed in an inline frame of the Dynamics 365 Customer Engagement (on-premises) web application. This scenario uses federated claims. Therefore, you’ll have to set up a security token service (STS) server for identity management. You’ll also need a certificate to be used when making Dynamics 365 Customer Engagement (on-premises) and the website relying parties, which established cross-domain trust between these parties.

Background information

For more information about how to configure claims and a relying party, see the following topics in Deploying and administering Microsoft Dynamics 365 Customer Engagement (on-premises):

• Post-Installation and Configuration Guidelines - Configure a Dynamics 365 Customer Engagement (on-premises) Internet-facing deployment (IFD)

• System requirements and required technologies - Accessing Dynamics 365 Customer Engagement (on-premises) from the Internet - Claims-based authentication and [!INCLUDEpn_ifd_short] requirements

  For more information about identity management, see the identity training course.

  [!INCLUDEproc_more_information] Walkthrough: Single Sign-on from a Custom Web Page in the [!INCLUDEpn_CRM_2011] SDK.

Dynamics 365 Customer Engagement (on-premises) with an Azure-hosted webpage

This scenario is for use with Dynamics 365 Customer Engagement (on-premises) where [!INCLUDEpn_Windows_Azure] hosts a custom webpage that’s optionally displayed in an inline frame of the Dynamics 365 Customer Engagement (on-premises) web application. This scenario uses federated claims, provided by the [!INCLUDEpn_Windows_Live] security token service (STS) server for identity management. You must provide a certificate to be used when making Dynamics 365 Customer Engagement (on-premises) and the [!INCLUDEpn_Windows_Azure] website relying parties, which established cross-domain trust between these parties.

Background information

For more information about how to configure a relying party, see the following topic: Secure Azure Web Role ASP.NET Web Application Using Access Control Service v2.0

For more information about identity management, see https://channel9.msdn.com/Learn/Courses/IdentityTrainingCourse

For more information about implementing this scenario including problems you may run into and the workarounds, see these blogs: Dynamics 365 Customer Engagement (on-premises) & Azure: Improving the SSO experience, and Dynamics 365 Customer Engagement (on-premises) & Azure Series.

Enable inline frame communication across domains

If you want to enable communication for an inline frame (iframe) that contains content from a different domain, you can use the Window.postMessage method. This browser method can be used for [!INCLUDEpn_IE_8]. [!INCLUDEtn_Google_Chrome], [!INCLUDEtn_Mozilla_Firefox], and [!INCLUDEtn_Apple_Safari] also support this method. For more information about using postMessage, see the following blog posts:

• Cross domain calls to the parent CRM 2011 form

• Cross-Document Messaging and RPC

See also

Access the Web Services (Authentication) in Dynamics 365 Customer Engagement (on-premises)
Sample: Impersonate Using the ActOnBehalfOf Privilege
Impersonate Another User
Web Resources for Dynamics 365 Customer Engagement (on-premises)

[!INCLUDEfooter-include]