Tag Archives: Windows Azure

CRM Online & Windows Azure Series

I’ve been working with a few CRM Online customers on some advanced scenarios which require using Windows Azure as part of their overall solution.  As a result, I will be publishing series of blog posts and samples which walk you through the following:

As I get the rest of the posts published, I will update links in this post.  This series is a complement to my Design for Online and CRM Online + Windows Azure = Many Possibilities posts.


CRM Online & Windows Azure: Configuring Single Sign On (SSO)

NOTE: While these instructions may work, they are fairly old.  If you are using Visual Studio 2013, there’s a much quicker way to accomplish the same end goal.  See: http://azure.microsoft.com/en-us/documentation/videos/azure-identity-application-to-authenticate/

In this video, I walk you through how to configure Single Sign On (SSO) across CRM Online and Windows Azure using Visual Studio 2010.  My walkthrough is based on the Web Single Sign-On with .NET and Windows Azure Active Directory walkthrough, but adds the nuances of getting this working with Windows Azure & Visual Studio 2010.  If you are using Visual Studio 2012, follow the instructions in the link.  If you are using Windows Azure Web Sites instead of a Web Role, then there is an even easier way to configure SSO: http://www.asp.net/vnext/overview/latest/windows-azure-authentication.

In the video, I use Fiddler to redirect https traffic to the Windows Azure Compute Emulator.  You can download it here:



CRM Online & Windows Azure: Improving the SSO experience

This is supposed to be one of a series of CRM Online & Windows Azure posts for which I have been building some samples.  While I really wanted to make this the second or third post, someone needed the explanation sooner, so this will be somewhat of a tease to the overall series.


I’ve already configured SSO across Windows Azure & CRM Online.  When I try to integrate an Azure hosted page into the CRM UI, I get the following errors:

This content cannot be displayed in a frame

To help protect the security of information you enter into this website, the publisher of this content does not allow it to be displayed in a frame.

This video walks you through why you get the error and how to work around it with a better user experience.

Here’s the code for the two helper pages…

ssoinitiator.htm (CRM Web Resource)

<!DOCTYPE html>

<html lang="en" xmlns="http://www.w3.org/1999/xhtml">



        <meta http-equiv="refresh" content="5">

        <script type="text/javascript">

   2:             function getQuerystring(key, default_) {

   3:                 if (default_ == null) default_ = "";

   4:                 key = key.replace(/[[]/, "\[").replace(/[]]/, "\]");

   5:                 var regex = new RegExp("[\?&]" + key + "=([^&#]*)");

   6:                 var qs = regex.exec(window.location.href);

   7:                 if (qs == null)

   8:                     return default_;

   9:                 else

  10:                     return qs[1];

  11:             }


  13:             function redirectToIntendedPage() {

  14:                 window.location = decodeURIComponent(getQuerystring("data"));

  15:             }


  17:             function bodyOnload() {

  18:                 if (document.cookie.indexOf("AZURE_SSO_COMPLETE=") != -1) {

  19:                     redirectToIntendedPage();

  20:                 } else {

  21:                     var message = document.getElementById("message");

  22:                     message.style.visibility = "visible";


  24:                     if (document.cookie.indexOf("AZURE_SSO_INITIATED=") == -1) {

  25:                         document.cookie = "AZURE_SSO_INITIATED=true";

  26:                         window.open("https://crmazrfedtest.cloudapp.net/SSOHelper.htm");//replace with your azure hosted version

  27:                     } else {

  28:                         document.cookie = "AZURE_SSO_COMPLETE=true";

  29:                         redirectToIntendedPage();

  30:                     }

  31:                 }

  32:             }




    <body onload="bodyOnload() ">

        <div id="message" style="visibility:hidden">

            <h1>Initiating Single Sign On...</h1>

            <p>This page will refresh shortly.</p>




SSOHelper.htm (Azure hosted)

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">


        <title>SSO Helper</title>

        <script type="text/javascript">

   2:             function bodyOnload() {

   3:                 window.close();

   4:             }



        <meta http-equiv="expires" content="-1" />

        <meta http-equiv="pragma" content="no-cache" />


    <body onload="bodyOnload()">


            <h1>Single Sign On Complete</h1>

            <p>Please close this window.</p>





Resizing an Azure VM vhd file

UPDATE (09SEP2013): There’s a faster way.  See: https://github.com/maartenba/WindowsAzureDiskResizer

I got into a bit of a predicament where the C drive of the VM I created here started to fill up.  I needed to install some software that only gave me the option to install to the C drive.  The installer was telling me there wasn’t enough disk space.  Here’s what I did to increase the size of the OS disk of my Azure VM:

  • Delete the VM
  • Download the .vhd
  • Resize the downloaded .vhd
  • Delete the original .vhd from blob storage
  • Upload the resized .vhd
  • Recreate the VM
  • Use diskpart to get access to the unallocated part of C

Delete the VM


Download the .vhd

Cloud Storage Studio is my favorite storage tool for Windows Azure.  If you’d prefer a free option, then my next favorite is Azure Storage Explorer.  Use one of these to download the .vhd file.  This part is going to require a local hard drive with lots of disk space.  You will need at least 2x the size of the original VHD + the size you want to grow it by.  A fast internet connection will be a big advantage here as well.

Resize the downloaded .vhd

You can use Hyper-V Manager to resize your .vhd file:


My challenge was that the PC with the disk space necessary to store the downloaded and expanded .vhd wasn’t Hyper-V capable.  Therefore, I used a tool called VHD Resizer from here.  There is a nice walkthrough of how to use it here.

Delete the original .vhd from blob storage


Upload the resized .vhd

You need to upload the resized .vhd back to blob storage.  I figured out how to upload it correctly after reviewing Step 5 from the Creating and Uploading a Virtual Hard Disk that Contains the Windows Server Operating System instructions.  However, the command line switches for csupload.exe need to look like this:

csupload Add-Disk –Destination “<full blob url you want for your vhd>” –Label “<whatever you want>” –LiteralPath “<path to resized .vhd>” –OS Windows

Recreate the VM

I created a new VM via the management portal and pointed it to the .vhd file I uploaded with csupload.  In my case, I had to re-attach an additional .vhd drive since my original .vhd was configured with an F drive where my database files were stored.  Once your VM boots up, log in using Remote Desktop.  For me, all of my SQL Server 2012 databases were in a recovering state.  Not sure why.  After I rebooted my server, everything was fine. 

Use diskpart to get access to the unallocated part of C

Your C drive will still report the old size in Windows Explorer.  You need to claim the additional unallocated space in the expanded drive.  To do this, open a command prompt and execute the following series of commands in italics:


Next execute:

list disk

Make sure you select the os disk.  For me, it was disk 0:

select disk=0

Find the partition that needs extending:

list partition

Select the partition.  For me, it was partition 1:

select partition=1

Finally, extend the partition:


Now, you have the additional space in the drive you need to install more stuff Smile.


Building a CRM 2011 dev box using a Windows Azure Virtual Machine

UPDATE: The instructions were a bit out of order.  Thanks for @DynamicsCRM_EDU for the heads up!  I fixed it.  Please let me know if you find anything else that needs clarification.  I write these things late in the night most of the timeWinking smile.

I am a big fan of the One Organization per Developer approach to team development with Dynamics CRM 2011.  Additionally, I think every CRM developer should have their own isolated development environment (just like most traditional development environments).  Some of the benefits:

  • Not stepping on other peoples work (or worse someone else hosing my work)
  • No one else’s publishing action slowing me down
  • Can attach debuggers for plugin / workflow activity code
  • Sometimes you need to spin up/tear down CRM orgs for prototyping, fixing things that are hard to undo once you’ve done them, etc.
  • Like most development, you churn a bit until you are ready to check your changes in for others to use

I’ll be blogging more about source control stuff, but have a look at this post for a peek at a tool that’s coming to make source control of non code customizations easier:


Frankly, the problem with building out a CRM dev box is that it requires capable hardware to run CRM and Visual Studio and SharePoint and SQL and Reporting Services and…you get the point.  Sometimes, acquiring capable hardware is not something you have control over Sad smile.  Therefore, people end up using less than adequate developer environments for CRM development.  While CRM Online is great for production and staging environments, it just doesn’t offer the developer productivity that self contained, all tools on one box, isolated CRM environment do.  Windows Azure’s new Infrastructure as a Service (IAAS) Virtual Machines (VMs) to the rescue!  I just wrapped up building my first CRM dev box on Windows Azure.  Here are my notes on getting it working for those who want to try it.

DISCLAIMER: CRM 2011 isn’t support for production deployment in Windows Azure VMs just yet, but works just fine in a single VM developer install.

First, I followed the instructions below up to the Open the virtual machine using Remote Desktop and complete setup section.


I chose a 4 core, 7 GB RAM VM because that’s what I run for the VM on my Lenovo 510 laptop.  You can probably get away with less, but this config has served me well OnPremises, so I went with it.  Once I was able to establish a Remote Desktop connection, I immediately went into Server Manger and clicked the Configure IE ESC link and turned it off so I could surf the web without warnings:


Then, I enabled Microsoft Update:


I went ahead and ran Microsoft Update and installed everything. 


The Windows Azure VM we picked has two drives (C: and D:).  The C: drive only has 30 GB.  The D: drive isn’t durable, so don’t put anything on it that you expect to still be there if your VM gets rebooted, moved, etc.  Therefore, you are going to want to add another drive for your databases.  I added a 30 GB drive:



You will also need to initialize the disk in the VM:


Make sure you configure SQL Server to use the new drive as the default location for data and log files:


Per this blog post:


…you don’t want write caching on the disk your databases are on.  The good news is that the data disk we just created has write caching off by default.  The pre-configured VM I picked from Windows Azure already has SQL Server 2012 installed, including Reporting Services.  From there, I followed the instructions in Girish’s  blog to setup a CRM 2011 VM:


Of course, you can skip the Windows/SQL Server/Hyper-V stuff since we already have a VM running in Windows Azure with Windows/SQL pre-installed.  You can skip to about the 19:30 point in the video to get started.  At about the 23:00 point, you’ll need to reboot.  The next step in the video is to install SQL Server.  While you don’t need to because it’s already installed in the VM, you do need to configure Reporting Services (accept all defaults, unless I call a change out otherwise):



In the picture above, make sure you run under a domain account.  Otherwise, the CRM Reporting Extensions will not pass the environment check.





Since we don’t need to install SQL Server, you can skip to the 34:15 point.  At about the 38:10 point, you will be told to go ahead and Run the SharePoint Products Configuration Wizard.  DON’T!  Instead, install Service Pack 1 for SharePoint Foundation:


Once you’ve done that, then pick up where the video left off by manually running the SharePoint Products Configuration Wizard:


When you get to the point of running the CRM 2011 installer, grab the bits from:


This update has Update Rollup 6 slipstreamed so it installs perfectly fine on SQL Server 2012.  You can use your MSDN/TechNet keys to register CRM 2011 if you want to use the VM for longer than 90 days.  Otherwise, just use the trial key from the link above.  The last thing I did was run Microsoft Update one more time and accept all the updates (which include Update Rollup 8).  Cleaning up any of the installer files you downloaded isn’t a bad idea either.

At this point, you have a fully functional CRM 2011 dev box which you can remote into and work within in isolation.  Of course, you’ll probably want to have a look at My CRM Dev VM post which talks about what else I like to install into a CRM Dev VM.  If you need source control for this VM, then you should try http://dkdt.me/Luuq8G.  If you really need to gain access to resources from the VM that are behind your corporate firewall (like an existing TFS server), there’s always Windows Azure Virtual Network

Hopefully this helps any of you out there who had the same idea I had!


Design for Online

UPDATE (30MAY2013): Have a look at this post for some tangible examples of Windows Azure with CRM to address some of these scenarios.

DISCLAIMER: This post is not official guidance from Microsoft.  It’s the thoughts and opinion of one guy who has been spending a fair amount of time talking to customers and partners about what I’ve been calling the “Design for Online” principles.  These are just my “brain dump” notes of what I’ve learned along the way.  Therefore, feel free to leave comments and provide feedback to make this post better.

In many ways, this post is a different spin on my CRM Online myth busters post.  However, instead of forcing you to reverse engineer “Design for Online” principles from a bunch of busted myths, I decided to lay out what I believe to be the key design decisions and pointers you need to make sure you have a solution that will run relatively unchanged in any deployment environment: CRM 2011 installed in your datacenter (OnPrem), CRM Online, or another hosting provider.  I think that everyone should be forcing themselves to embody these principles in ANY solution they build on top of CRM 2011.  Why?  It gives you deployment flexibility.  I’ve worked with a few folks who wanted to move to CRM Online and were disappointed that their solution wasn’t built in such a way that could get them there without major rework.  If they had built with “Design for Online” in mind, then they would be much happier right now.  Also, I just think that on-prem apps shouldn’t be designed with “legacy design principles.”  They should be designed with modern design principles including separation of concerns and the isolation you get when you stick to these principles.  At a high level, the principles can be summed up as:

  • Use Claims-based authentication
  • Run everything under SSL
  • Deploy all .NET assemblies (plugins / workflow activities) to the sandbox / database
  • Use ILMerge with third party assemblies
  • Put full trust code somewhere else
  • Configure any UI mash up integration for Single Sign-on
  • Pretend the Filtered Views don’t exist
  • Build all of your Reporting Services reports using FetchXML


Use Claims-based authentication

As I mentioned in my CRM Online myth busters post, CRM Online supports ADFS 2.0.  Claims-based authentication doesn’t mean you have to have an Internet Facing Deployment (IFD).  However, if you want to go IFD, you have to use Claims-based authentication anyway.  If you have the option, you should always go with this as your authentication choice.  This is also a key to enabler to Single Sign-On (SSO) with other pieces of your application (ASP.NET pages, SharePoint, etc.) whether you are on your corporate network or accessing CRM from any internet connection.  A good place to start is Configuring Claims-based Authentication for Microsoft Dynamics CRM 2011.  Also, the Microsoft Dynamics CRM 2011 Implementation Guide has a specific whitepaper called Microsoft Dynamics CRM 2011 and Claims-based Authentication.doc you should have a look at as well.


Run everything under SSL

This is actually a requirement for Claims-based authentication, but I felt it was worth calling out by itself.


Deploy all .NET assemblies (plugins / workflow activities) to the sandbox / database

This is the first place I hear a fair amount of developer / solution architect angst.  Lots of “Yea, but what if…” retorts.  I’ll get to those.  Keep reading.  If you aren’t familiar with the sandbox, then make sure you read Plug-in Isolation, Trusts, and Statistics.  Do not change the registry key mentioned at the end of the article.  If you are Using the Plug-in Registration Tool for Microsoft Dynamics CRM 2011, then make sure you set Step #3: Specify the Isolation Mode to Sandbox and Step #4: Specify the Location where the Assembly should be stored to Database when Registering a Plug-in or Custom Workflow Activity.  If you are using the Developer Toolkit for Microsoft Dynamics CRM 2011 and Microsoft Dynamics CRM Online, then it defaults to this form of registration.


Use ILMerge with third party assemblies

Code within sandbox deployed assemblies is constrained to using .NET Framework assemblies, the public assemblies that are part of the Microsoft Dynamics CRM 2011 Software Development Kit (SDK), and the code inside the assembly itself.  If you need to leverage a third party assembly, then consider using ILMerge.  There are two blog posts I find useful to get this configured here and here.  The second post is a little old and talks about .NET 3.5.  Ignore that part.  The useful part of the second post is how to configure Visual Studio to use ILMerge as a post build activity.


Put full trust code somewhere else

Sometimes, you just have to write code that won’t run in the sandbox.  Resist the urge to violate the Deploy all .NET assemblies (plugins / workflow activities) to the sandbox / database principle.  Instead, put the code requiring elevated trust behind a web service hosted in a separate process that you own.  Call it from the plugin / workflow assembly.    In the OnPrem world, the web service will probably be running on Windows Server in its own web site.  In CRM Online, the web service will probably be running in a Windows Azure Web Role.  Also, OnPrem this can run on the same physical server as the CRM 2011 front-end servers even though you are going to have to run the site on a separate subdomain.  See Binding multiple domains to a wildcard SSL on a single IP in IIS 7.5 for more details.  There are some key implementation details for this to work:

  • Use the trusted subsystem pattern to authenticate from the plugin code to the external web service using a single identity.
  • If the code running behind your web service needs to call back into Dynamics CRM, then:
    • The web service code in turn uses the trusted subsystem pattern to authenticate back to CRM via the Organization Service using a single identity.  This is typically a CRM user you’ve created specifically for trusted subsystem use.  There are a number of samples for connecting to the Organization Service from .NET code, but the Simplified Connection to Microsoft Dynamics CRM really does make it simple!
    • If you need the CRM Organization Service to execute under the context of the original user the plugin code ran under, then you will need to Impersonate Another User.  Therefore, you will need to pass CallerId from the plugin code to your web service code, which will then passes it back to the CRM Organization Service.

This all seems a little daunting when you first hear/read it, but after you’ve done it once you will realize it isn’t as daunting as it sounds.  Consider this scenario the exception, not the rule.  A few other little tidbits of information to help you implement this scenario:

    • Consider making your web service a REST service.  There is generally less overhead and a smaller data payload across the wire especially if you use JSON serialization.  There really isn’t anything about these services that require SOAP, unless you just prefer the SOAP service programming model better.
    • If you prefer to use a SOAP service, then have a look at:

  <binding name="NetHttpBinding">

     <binaryMessageEncoding />

     <httpsTransport />



      • If you use binary encoding, then modify the code in the Calling WCF Service in Plugin in CRM link to reflect it:
BindingElementCollection elements = new BindingElementCollection();

elements.Add(new BinaryMessageEncodingBindingElement());


elements.Add(new HttpsTransportBindingElement());


CustomBinding binding = new CustomBinding(elements);


Configure any UI mash up integration for Single Sign-on

While less prevalent with the advent of web resources in CRM 2011, there are still times where you want to write custom ASP.NET code or even REST services that you want to integrate (or mash up) into the CRM UI, but need to write server side code for them.  The only supported way to do that in CRM 2011 is to have a companion site and Implement Single Sign-on from an ASPX Webpage or IFRAME.  In the OnPrem world, the content will probably be running on Windows Server in its own web site.  In CRM Online, the content will probably be running in a Windows Azure Web Role.  By doing taking this approach, you can no longer use window.parent for cross frame communication because you will be in a cross domain scenario. See Cross domain calls to the parent CRM 2011 form.  Another scenario that you may not realize is a UI mash up integration is the out of the box SharePoint integration for CRM 2011.  More details here.  However, if you’ve configured single sign-on across these three sites (CRM/SharePoint/Companion Site), then it all just works at the UI layer.  This is why principle #1 is Use Claims-based authentication.


Pretend the Filtered Views don’t exist

Plain and simple, CRM Online doesn’t support direct access to the database.  Therefore, in the world of CRM Online, the Filtered Views don’t exist.  Write all of our code against the CRM web services.


Build all of your Reporting Services reports using FetchXML

In order to build FetchXML SSRS reports, you need to install the Microsoft Dynamics CRM 2011 Report Authoring Extension on the same PC in which you have Business Intelligence Development Studio (BIDS) installed.  This adds a Fetch XML data source.  From there, you just follow the directions in Create Custom Reports Using Business Intelligence Development Studio.  SSRS reports in CRM Online are Sandboxed.  See RDL Sandboxing for Microsoft Dynamics CRM Online for more details.  One of the objections I often hear is “but I really want to write my queries in SQL because that’s what I know.”  I “get it.”  For now, FetchXML it is.  For most, I recommend using the Advanced Find feature of the CRM UI to compose the query, then click the Download Fetch XML button. 


For advanced query capabilities of FetchXML that aren’t possible through Advanced Find, you will need to start with Advanced Find, then modify the XML yourself.  See Build Queries with FetchXML for more details.  Personally, I’m not “GUI Query Tool” guy.  I like to write my queries by hand.  Let’s face it, no one wants to learn “yet another query language” which is what you have to do with FetchXML.  I shield myself from this by using LINQ.  I use LINQPad + LINQPad Plugin for Microsoft Dynamics CRM 2011.  The one gotcha is that the plugin doesn’t produce FetchXML.  There’s a feature request here to enhance the plugin to do so.  VOTE it up!  However, through extensibility of LINQPad, I created an extension method to do the conversion.  See Getting FetchXML from LINQPad for more details.


What about integrating with systems behind my firewall from CRM Online?

This isn’t exactly a “Design for Online” principle as much as an answer to the “How do I do it in CRM Online?” question. While CRM Online doesn’t provide any specific capability to securely cross the internet and talk to systems behind an organizational firewall, you can still do it.  CRM Online is from Microsoft.  Microsoft is a platform company that happens to have a platform that already enables such scenarios.  It’s called Windows Azure.  I address this scenario and others in my CRM Online + Windows Azure = Many Possibilities post.  While these approaches enable “from CRM Online” scenarios, meaning code running inside CRM Online calling out, it’s equally important to understand that some integration needs can be met with data integration that can be achieved through tools such as  CozyRoc and Scribe.  Of course, your scenarios will dictate what integration approach is most appropriate.  Also, building optimized data migration code becomes more important when you are calling across the internet moving data from a legacy system to a cloud environment.  I have a post about called Data Migration with CRM 2011 that covers this topic.



Ok, so now I finally have a blog post to point people to that comprehensively covers what I think of as the “Design for Online” principles.  The last point, Yes, I have tried all of this stuff out.  However, I have tried each out in isolation.  I’m planning on putting together a fairly simple reference sample that brings all of this together and demonstrates it running in CRM OnPrem + Windows Server as well as CRM Online + Windows Azure.


I made it on the MSDN Cloud home page :)

I recently recorded an overview video called Developing Cloud Applications with Windows Azure to replace the current one on the Cloud section of MSDN.  I just heard news that the video is live.  I am pretty excited because this is THE VIDEO you see when you go to http://msdn.com, then click the Cloud section. There’s nothing deep in the video, but the goal was to comprehensively answer the “What is the Windows Azure Platform” question at enough depth that developers new to the Windows Azure Platform wouldn’t feel like they were watching too much of a marketing video.

Follow devkeydet on Twitter

Help make Microsoft developer technologies better!

Follow devkeydet on Twitter

Ron Jacobs just blogged about how .NET developers can provide feature feedback and vote on WCF/WF features.


Many Microsoft product teams are doing this nowadays. It still surprises me how many .NET developers don’t realize these feature voting sites exist. In addition to WF/WCF, I am aware of these:























Let me know in the comments if I’ve missed any.  I’ll add them.

San Francisco, Open 311, Silverlight and Windows Azure

“City of San Francisco, CA has launched their Open 311 solution called HeyGov! for San Francisco .  HeyGov! is a SaaS (Software as a Service) offering from Microsoft Partner, ISC, that provides a new and engaging way for citizens and governments communicate more effectively in the Web 2.0 era.  

The service requests are captured from device-centric applications or entered by city’s 311 staff into their existing CRM (Customer Relationship Management) system, exposed via an API based on Open 311 standards and visualized via a rich user-interface built with Silverlight 4 and Bing Maps. Built and hosted on the Windows Azure platform, the HeyGov! solution also takes advantage of virtually unlimited storage and processing power of the cloud and provides the ability to quickly address service requests and implement updates even during peak times.”

More details here…