Impersonation in Plug-ins

Impersonation is used in Microsoft Dynamics CRM platform to execute the business logic on behalf of a system user, this includes the custom code execution governed by Microsoft Dynamics CRM security privileges of the impersonated user. Pre-entity and Post-entity images as passed to plug-ins as the execution context on behalf of the impersonated user.

Plug-ins not executed by sandbox or asynchronous service execute under CRMAppPool Identity service account. By default, CRMAppPool uses Network Service account but it can be changed by the administrator. If it is changed then administrator will need to add this identity account to thePrivUserGroup in the Active Directory.

Impersonation during Plug-in Registration

A user can be impersonated during the plug-in registration, administrator can specify a user account to execute the plug-in.
If the plug-in is getting registered programmatically then impersonation can be done by setting the property ImpersonatingUserId to a specific user, web service calls made by the plug-in execute on behalf of the impersonated user.

Impersonation during Plug-in Execution

Impersonation defined at the registration level can be overridden at run time during plug-in execution.
For security purposes, the plug-ins can also be impersonated as the user who actually initiated this process/plug-in (by doing a specific action within the CRM application) by using the property InitiatingUserId. 
 
// Get a reference to the Organization service.
IOrganizationServiceFactory factory = (IOrganizationServiceFactory)serviceProvider.GetService(typeof IOrganizationServiceFactory));
//any user
IOrganizationService service = factory.CreateOrganizationService(context.InitiatingUserId);
//or user form context
IOrganizationService service = serviceFactory.CreateOrganizationService(context.UserId);

Advertisements

3 thoughts on “Impersonation in Plug-ins

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s