Creating entities through web services fails randomly with 0x80048405 (Access is denied)

1
votes

We have a public ASP.NET web UI which is used as limited frontend to underlying CRM4 instance. Communication is achieved through CRM4 SDK web service:

var service = new Microsoft.Crm.SdkTypeProxy.CrmService();
service.Credentials = new System.Net.NetworkCredential("user", "pass", "domain");
service.Url = server + "/MSCRMServices/2007/CrmService.asmx";

var token = new CrmAuthenticationToken();
token.OrganizationName = organizationName;
service.CrmAuthenticationTokenValue = token;    
service.PreAuthenticate = true;

Calling fetch with xml query always succeeds, but entity creation fails sometimes:

var entity = new DynamicEntity("some_entity");
var resultGuid = service.Create(entity);

After iisreset creation always fails. IIS log says two POST requests to CRMservice:

  1. no user, HTTP 401.5
  2. domain/user, HTTP 500.0

Exception returned is :

[SoapException: Server was unable to process request.]
   System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall) +1769861
   System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters) +345
   Microsoft.Crm.SdkTypeProxy.CrmService.Create(BusinessEntity entity) +79

Soapexception details:

<detail><error>
  <code>0x80048405</code>
  <description>Access is denied.</description>
  <type>Platform</type>
</error></detail>

Things get weird weird when anyone creates some_entity by hand using CRM's own UI. After that web service access works without problems.

More notes:

  1. deletion or update in CRM's own UI does NOT fix web service access
  2. CRM apppool uses max 1 worker process.
  3. After a while web service breaks again to the "access denied" (probably recycling wp)
  4. Errors do NOT depend on data.
  5. removing PreAuthenticate didn't change anything.
  6. Nothing useful in event log.

Could anyone help me get rid of that weird access denied error? Why touching CRM UI changes web service behavior?

EDIT: Even though Michael M provided a workaround for the error, I still don't understand why/how does CRM UI affect CrmService authentication.

1
web-servicesdynamics-crmdynamics-crm-4

1 Answers

3
votes

It's possible that your token is not correct. Depending on your authentication type, you may also need to change the token's AuthenticationType. Try the following method to get an instance of the service.

private static CrmService GetService(string organization, string server, string domain,
                     string username, string password)
    {
        server = server.TrimEnd(new[] {'/'});

        // Initialize an instance of the CrmDiscoveryService Web service proxy.
        var disco
            = new CrmDiscoveryService
                {
                    Url = String.Format("{0}/MSCRMServices/2007/SPLA/CrmDiscoveryService.asmx", server)
                };

        //Retrieve a list of available organizations.
        var orgResponse =
            (RetrieveOrganizationsResponse) disco.Execute(
                new RetrieveOrganizationsRequest
                    {
                        UserId = domain + "\\" + username,
                        Password = password
                    });

        //Find the desired organization.
        foreach (var orgDetail in orgResponse.OrganizationDetails)
        {
            if (orgDetail.OrganizationName != organization)
                continue;

            //Retrieve the ticket.
            var ticketResponse =
                (RetrieveCrmTicketResponse) disco.Execute(
                    new RetrieveCrmTicketRequest
                        {
                            OrganizationName = organization,
                            UserId = domain + "\\" + username,
                            Password = password
                        });

            //Create the CrmService Web service proxy.
            var token = new CrmAuthenticationToken
                {
                    AuthenticationType = 2,
                    OrganizationName = organization,
                    CrmTicket = ticketResponse.CrmTicket
                };

            return new CrmService
                {
                    CrmAuthenticationTokenValue = token,
                    Url = orgDetail.CrmServiceUrl
                };
        }
        return null;
    }