What’s New in Dynamics 365 portals

A number of the Dynamics 365 application services; Field Service, Project Service and portals, all became generally available this week following the release of Dynamics 365 earlier this month. These all offer a number of improvements and new features from their previous iterations under Dynamics CRM. Previously called CRM portals, now Dynamics 365 portals, has received some significant updates, even some functionality that starts to bring the 3 application services together with Project and Field Service functionality now in some portals. Let’s take a look at some of the largest changes in this release:

  • Multilingual support for a single portal
    Any of the now 43 languages can be configured on a portal and no longer requires a completely separate portal service for each language.  This functionality also significantly differs from how multilingual support was included in the legacy Adxstudio Portals. You will find a new entity, Website Languages that adds an additional layer, this instead of duplicating the entire web site using the old web site copy tool.  The page copy section is no longer directly on the web page information form but now available through a localized content relationship which will display the web page in a new content mode and other content data entities like content snippet or site settings also have new relationships to the website language.

    mlp_webpage
    There are also new liquid extensions to support this functionality within your own templates, website.languages will provide a collection of all the language items, pages.languages is a list of languages for the current page available, and website.selected_language will identity what language the site is currently being shown in.
  • Charts displayed in the portal
    You can now embed your CRM/Dynamics 365 charts directly on the web with a new liquid extension.  For an example of charts, if you install the latest partner portal there is a new web template called “Partner Dashboard” that provides an example of embedding multiple charts, entity lists and other components on a single page to give a rich interface to portal users. The liquid extension makes it very easy to add a chart anywhere in a page, all you need is the chart ID and view ID the chart should use for its data source.

    {% chart id:"chart-guid-without-braces" viewid:"view-guid-without-braces" %}
    
    <!-- Est. Revenue by Est. Close Date (Day) - Opportunities Closing Next Month --> 
    {% chart id:"EB02E9AA-5580-E611-80D8-00155DFE75F9" viewid:"00000000-0000-0000-00AA-000010003002" %}
    

    portalcharts

  • Content Access Level Security for Knowledge Management Articles
    Content Access Level or CAL is a feature that has been added to allow for securing access to knowledge articles to different groups of users. In Dynamics 365 with a portal installed you will find some sample CALs but you can also define your own and associate them to contacts and articles. Article content will be secured regardless of how you try accessing the content, either browsing via navigation elements, direct URL or via the Portal Search, all will respect the security rules defined by the CAL.
  • Project Service and Field Service Portal Extensions
    If you provision a new Partner Portal and have either Project Service or Field Service installed you will see some new options available that allow you to enable portal functionality for these components, there are also new actions if you have an existing portal to install the new portal extensions.

    provision_psaThese extensions bring some components to the portal, with PSA your able to view customer and partner related projects or resources. With Partner Field Service extension you can see related field service agreements, assets, service requests, and work orders.
  • Partner Portal Improvements
    There are a number of improvements and new functionality added to the popular partner portal including a new partner onboarding/application, multi-partner collaboration, and also deal registration.

These are all great improvements for this release and continue to look forward to further updates with the monthly updates to Portal Service in the new year. If you want to check out these features and more you can try the latest version yourself by requesting a trial.

For more information about what’s new for Field Service and Project Service a breakdown is available on the What’s New for Dynamics 365 Help and Training site.

Note: This post also appears on Adoxio Business Solutions Team Blog.

Adxstudio Portals v7.0.0023 Released

A new version of Adxstudio Portals has just been released on the Adxstudio Community site. You can head over to download the latest version, 7.0.0023 here.

This version has a number of much needed fixes to bugs that were introduced in v7.0.0022. One in particular that was keeping a lot of implementations away from 7.0.0022 was the anonymous web forms bug. From the release notes posted they look to have addressed this and a number of other fixes.

Another major addition in this release is the web notifications can now be configured directly in CRM for what entities will cause a notification to the portal. The default in previous releases was all entities unless you manipulated this through the plugin registration tool. There is now a Web Notifications Entities that the web notification plugin will use to determine whether to send the message or not. This should be a huge boost to portal performance but now be-aware to add your new custom entities to this list if you want that data also invalidated on the portal. You can read more about this configuration here.

This release unfortunately does not fix the compatibility of Adxstudio v7 and Dynamics 365 but this new release is still very welcome with all the improvements and new cache invalidation functionality.

Update 12/1/2016: Andrew Chan from Adoxio –
Please be aware that a “settings.xml” file is packaged with the sample project under the App_Data folder. Please remove this file when you spin up a new project. Without doing so, this file will cause the Portals to try and connect to an already configured CRM organization that isn’t available, and it will ignore a CRM specified in the connection string in web.config.

Note: This post also appears on Adoxio Business Solutions Team Blog.

Dynamics 365 and Adxstudio Portals Compatibility

Update 2/1/2017:
Microsoft has release CRM SDK 6.1.2 which fixes compatibility between Adxstudio Portals v7 and Dynamics 365! Read more here.

With all the changes in Dynamics 365 there are updates in the SDK and service that now make Adxstudio Portal v7.x incompatible. Outlined below are some of the issues you may run into, with some temporary workarounds if you want use Dynamics 365, and the potential pitfalls of these current solutions.  As a result of the current status of support with Dynamics 365, it would be recommended that if you have an Adxstudio Portals v7.x implementation using CRM Online that you currently do not upgrade past CRM 2016 Update 1.

Update 12/27/2016:
It looks like a fix is going to be coming soon! Posted over at the Dynamics 365 Team Blog about SDK backwards compatibility a new CRM 2013 SDK version that supports the new authentication will be released as SDK v6.1.2. With this updated SDK version you would be able to swap the reference DLLs in Adxstudio Portals v7 without the negative impact to functionality that switching to v8.2 SDK has. No date was provided for this update, but we may also see v7.0.0024 released with this fix in the new year.

Dynamics 365 SDK Backwards Compatibility

One of the changes that is causing some issues is that the ACS endpoint is no longer being provisioned on online instances.  This started with some CRM 2016 Update 1 instances but now seems to be rolling out more broadly.  You might receive the following error when attempting to have your portal connect to the CRM.

ACS10002: An error occurred while processing the SOAP body. ACS50000: There was an error issuing a token. ACS50001: Relying party with identifier ‘https://instancename.crm.dynamics.com/’

Some instances of this could be resolved by changing the instance URL which would potentially cause the ACS endpoint to be rebuilt, but not always.  You could also log a ticket with Microsoft Support for them to restore the ACS endpoint to your instance.

Adxstudio Portals v7.x ships as a solution compatible with CRM 2013, 2015, and 2016.  As such it ships with the CRM 2013 SDK DLLs (v6.0 SDK).  With the release of Dynamics 365 and SDK v8.2 the CRM 2013 SDK DLLs are no longer compatible, and you actually need to upgrade to the v8.1 SDK DLLs to connect with a Dynamics 365 instance.  If you do try to connect Adxstudio Portals with its default CRM SDK 6.0 DLLs then you would likely see the following error message:

The Organization Service URL is invalid. Metadata contains a reference that cannot be resolved: 'https://instancename.crm.dynamics.com/XRMServices/2011/Organization.svc?wsdl=wsdl0'. There is an error in XML document (1, 1298). The maximum nametable character count quota (16384) has been exceeded while reading XML data. The nametable is a data structure used to store strings encountered during XML processing - long XML documents with non-repeating element names, attribute names and attribute values may trigger this quota. This quota may be increased by changing the MaxNameTableCharCount property on the XmlDictionaryReaderQuotas object used when creating the XML reader. Line 1, position 1298.

This can be solved by replacing both the Microsoft.Xrm.Sdk.dll and the Microsoft.Crm.Sdk.Proxy.dll with the versions from the v8.1 SDK, changing the MasterPortal project to .NET Framework 4.5.2 and adding the following dependent assembly references.

<dependentAssembly>
  <assemblyIdentity name="Microsoft.Xrm.Sdk" publicKeyToken="31bf3856ad364e35" culture="neutral"/>
  <bindingRedirect oldVersion="0.0.0.0-8.0.0.0" newVersion="8.0.0.0"/>
</dependentAssembly>
<dependentAssembly>
  <assemblyIdentity name="Microsoft.Crm.Sdk.Proxy" publicKeyToken="31bf3856ad364e35" culture="neutral"/>
  <bindingRedirect oldVersion="0.0.0.0-8.0.0.0" newVersion="8.0.0.0"/>
</dependentAssembly>

However while this will solve your connection issue it will come with unknown issues to other Adxstudio components like Entity List and the portals front-side editor. The change in SDK version does have impact on the portal functions due to the differences between SDK 6.0 (CRM 2013) and SDK 8.1 (CRM 2016 Update 1) and the dependencies the portal components have.

At this time it would probably be recommended if you have a Adxstudio Portals v7.x implementation using CRM Online that you do not upgrade past CRM 2016 Update 1. If you run into the ACS endpoint error explained above then open a support ticket with Microsoft Support and request that the ACS endpoint be restored. If you have already been upgraded, or want to use Dynamics 365 and still need Adxstudio Portals v7, then your best option is to do the DLL upgrade and try to work around the current issues with the reference change.

Note if you start a trial or demo with the intent on showing Adxstudio Portals you can change to a previous version with the following guide.

Microsoft has been notified and aware of the issue.  We are working with them to see what resolution options are available.  As more information on a potential update to resolve these issue becomes available from Microsoft I will update this post. Below is currently a running list of known issues using SDK 8.1 with Adxstudio Portals v7.0.0022, this is in no way a complete comprehensive list.

  • Entity List – grid configuration Edit action – will not appear on entity list rendering for Target Types ‘Web Page’ and ‘Url’, if using Target Type ‘Entity Form’ will result in error:
    Cannot create and populate list type Microsoft.Xrm.Sdk.KeyAttributeCollection. Path 'EditActionLink.EntityForm.KeyAttributes', line 1, position 2877.
  • Entity List – grid configuration Details action – will cause error if using Target Type ‘Entity Form’ as indicated above
  • Front-side editor – ‘Object reference not set to an instance of an object’ when Creating a new web page, or editing a page, or editing a snippet, or modifying a web link set.

If you discover other issues please let me know through comments, Twitter, email or however else and I will update this listing.

Note: This post also appears on Adoxio Business Solutions Team Blog.

Change your Dynamics 365 Trial to a Previous Version

When you create a new trial of Dynamics 365 it will always come as the latest available copy of CRM or now Dynamics 365. Often when a new version is released the trials are the first to get access to the new build so that it can easily be showcased. With every new version there will be incompatibilities with 3rd party or legacy components due to changes in the SDK or functionality within the CRM interface. For these reasons you may want to have a previous version for your CRM trial so you can still showcase that functionality that has not been updated for the latest release.

With the CRM Online/Dynamics 365 Administration Center you can administer trial instances to edit their URL or even reset them to an earlier version.

  1. With your trial account login to https://portal.office.com.
  2. On the tile selection, select the Admin tile.
  3. If you are prompted to enter a backup email or phone number you can simply cancel this screen and it will return you to the admin center.
  4. On the left hand navigation, select Admin Centers and CRM or Dynamics 365.
  5. You should now be at the CRM Online/Dynamics 365 Administration Center where it lists your trial instance. Highlight your instance and select Edit.
    d365admin
  6. To be able to reset your instance to an previous release we need to put it in Sandbox mode, from the Instance Type drop down, select Sandbox, and then click Next, and Save.
    instancetype
  7. You should be returned the Administration Center instances and your trial instance should now show as a Sandbox type, and you should have a reset button when it is selected. Select Reset.
    d365admin-reset
  8. On the reset instance screen, you have a target version dialog where you can select the version of CRM you want your instance to be. Select your desired version.
    targetversion
  9. You can then select your desired scenario, if you just want a blank CRM then select none of these. You can also change your CRM URL if you wish. Note this will not change your tenant name (tenantname.onmicrosoft.com).
  10. Select the reset and then carefully read the prompt. This process will delete any existing and customizations currently in the instance. Once ready, confirm yes in the dialog.

You will then have to wait 10 – 15 minutes for the instance to reset to the target version but once done you can navigate to your previous version of CRM and perform whatever tasks you needed to.

Configure ADXStudio Portals and CRM portals with Azure AD B2C

Azure Active Directory B2C is a new Azure service that is targeted at helping your organization utilize consumer based identities within your sites and applications. This is a guide covering setting up ADXStudio Portals version 7 and CRM portals v8.1 with Azure AD B2C as an identity provider through configuration.  As well discuss some of the additional customizations that can be made to the ADXStudio Portal v7 MasterPortal code base to further enhance the user experience.

A recent update to Azure AD B2C policies has allowed ADXStudio Portals and CRM portals to work with Azure AD B2C via configuration.  To learn more about the technical change please view Azure AD B2C Now Supports ADXStudio Portal v7.

CRM portals v8.x customization is limited and therefore the user experience that the customizations below outline with Azure AD B2C cannot be completely implemented.  CRM portals v8.2 is expected to support Azure AD B2C natively in the Fall release or in a future monthly update.  All configuration based settings mentioned apply for ADXStudio and CRM portals interchangeably.

Note that while you can configure B2C with CRM portals it is completely unsupported and not recommended by Microsoft. The concern is that when support is added to CRM portals if you were previously using B2C that the implementation might not be compatible with your existing users. Therefore it is advised that you do not configure B2C with CRM portal until it is released directly as a feature of the product. The date for this has also moved to unknown, there was discussion on this coming shortly in 8.2, but that has not be committed to. If you wish to implement Azure AD B2C then you should use the latest version of ADXStudio Portals.

The benefit of using Azure AD B2C is moving the authentication of your users to a common secure global service that be consumed be various different application platforms because of its standard based implementation of OpenID Connect. This allows your users to have a single identity with a common user experience across your portfolio of applications. ADXStudio Portals and CRM portals with its implementation of ASP.NET Identity built on the OWIN Framework supports OpenID Connect since version 7.0.0020 with providers like Azure AD B2C.

To get started you will need to create an Azure AD B2C directory which is completely free up to 50,000 authentications per month. Once you have your Azure AD B2C directory you have the ability to enable various social identity providers like Facebook, Google, LinkedIn, Amazon and Microsoft Account for you users to use. You can also enable users without a social identity account to create local users via email address or username. To learn more about creating a directory and setting up social providers via the guide here.

One of the unique functions of Azure AD B2C is that it has the concept of policies. The policies allow you to segment configurations of your identity service, providing flexibility per application, process or however you decide to use policies.  Policies allow you to customize the branding, as to what might be collected during sign up or the claims that are returned to an application. Based on how the ADXStudio Portal and CRM portals function with identity providers through configuration it is best implemented with a “Sign Up and Sign In” policy instead of separate policies for “Sign In” and “Sign Up”.

For the ADXStudio Portal or CRM portals to consume B2C we will need to list it as an application in the B2C settings.

  1. Navigate to Azure AD B2C tenant and then the settings for the directory in the Azure Portal and select Applications, then Add.
  2. Add your application name, enable Web App / Web API, and enter your reply URL (this must be HTTPS and it only needs to be your ADX portal root URL).
  3. Click the Create button.
  4. Once the application is created, select it and you should see an Application ID. Copy this value and save it.

To configure OpenID Connect for ADXStudio Portal or CRM portals we need to map the functionality of the CreateOptionsFromPolicy method in the GitHub sample for .NET Web App Startup.Auth.cs to the portal site settings documented here for ADXStudio Portals and here for CRM portals.

Adding a new identity provider with ADXStudio Portal or CRM portal is must be done via the CRM GUI, outlined below are the necessary site settings for Azure AD B2C.

The settings all follow the format of Authentication/OpenIdConnect/AzureADB2C/[setting_name]. The text AzureADB2C can be replaced with your desired provider name, the label seen on the portal is configured through the caption setting.

Authentication/OpenIdConnect/AzureADB2C/AuthenticationType
The value is the name of your B2C policy for Sign Up and Sign In.
Sample Value: B2C_1_SuSi

Authentication/OpenIdConnect/AzureADB2C/MetadataAddress
You can obtain this value by selecting your policy and copying the metadata endpoint address at the top of the panel.
Sample Value: https://login.microsoftonline.com/adxb2c.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1_SuSi

b2c_policy

Authentication/OpenIdConnect/AzureADB2C/Authority
You can obtain this value by navigating to your Metadata Address and copying the value of issuer
Sample Value: https://login.microsoftonline.com/52f15a3d-fac9-447f-832b-79e4fc16bff6/v2.0/

b2c_issuer

Authentication/OpenIdConnect/AzureADB2C/ClientId
The value is the Application ID that you saved when setting up the application in the previous steps.
Sample Value: e48b78ef-e274-4480-a3d5-621138ae1b47

Authentication/OpenIdConnect/AzureADB2C/RedirectUri
This value applies to both RedirectUri and PostLogoutRedirectUri. It should be the root URL to your ADX portal.
Sample Value: https://b2cadx.local.adoxio.com

Authentication/OpenIdConnect/AzureADB2C/PostLogoutRedirectUri
This value applies to both RedirectUri and PostLogoutRedirectUri. It should be the root URL to your ADX portal.
Sample Value: https://b2cadx.local.adoxio.com

Authentication/OpenIdConnect/AzureADB2C/Scope
Value: openid

Authentication/OpenIdConnect/AzureADB2C/ResponseType
Value: id_token

Authentication/OpenIdConnect/AzureADB2C/NameClaimType
Value: name

Authentication/OpenIdConnect/AzureADB2C/Caption Optional
This can be set to whatever you would like the button text to read on the Sign In and Register pages of the portal. This value is optional.
Sample Value: Azure AD B2C

Once you have completed all the site settings outlined above associated to your ADX portal website then you should be able to restart the portal application and see the new provider listed under external account.

ADXStudio Portals Sign In:
adx_signin

CRM portals Sign In:
crmportal_signin

You can now test your registration and sign in flows. The nice thing about the Sign Up and Sign In policy and the portal is it will handle that detection as part of its out of the box configuration. All of the other ADXStudio Portals or CRM portal authentication settings can be used and applied to the site as normal.

The following customizations only applies to ADXStudio Portals.

With the out of box code in ADXStudio Portals login controller the logoff or sign out function will only sign you out from the ADX Portal. To modify this functionality you just need to update the Logoff HTTP GET and POST methods in LoginController.cs. This controller can be found in the MasterPortal code base Areas\Account\Controllers folder.

// GET: /Login/LogOff
[HttpGet]
public ActionResult LogOff(string returnUrl)
{
	if (HttpContext.Request.Url != null && !returnUrl.Contains(HttpContext.Request.Url.Authority))
	{
		returnUrl = $"{HttpContext.Request.Url.Scheme}://{HttpContext.Request.Url.Authority}{returnUrl}";
	}

	var authTypes = AuthenticationManager.GetAuthenticationTypes();

	AuthenticationManager.SignOut(new AuthenticationProperties { RedirectUri = returnUrl }, authTypes.Select(t => t.AuthenticationType).ToArray());
	return Redirect(!string.IsNullOrEmpty(returnUrl) && Url.IsLocalUrl(returnUrl) ? returnUrl : "~/");
}

The changes here are to ensure that the return URL passed to Azure B2C is a includes the full site URL and not just the relative path. Azure B2C checks this return URL against what was configured in the application settings to ensure it includes the same root URL.   Additional the code to tell ASP.NET Identity OWIN to sign out not only of the portal but also Azure B2C is to modify the SignOut method of the AuthenticationManager to include the authentication types as a parameter. This causes OWIN to process not only the ADX applicaiton cookie but call the associated Azure B2C logoff method which will remove the Azure B2C cookie as well.

Note – you may also modify the ReturnUrl methods in Helpers\UrlHelper.cs to output a full qualified URL as the return URL instead of modifying the URL in the LogOff HTTP GET method.

The following is the change to the HTTP POST method, no return URL is needed, just the Authentication Types added to the SignOut parameters.

// POST: /Login/LogOff
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult LogOff()
{
	var authTypes = AuthenticationManager.GetAuthenticationTypes();

	AuthenticationManager.SignOut(authTypes.Select(t => t.AuthenticationType).ToArray());
	return Redirect("~/");
}

The other changes you would be able to make in the code is mapping claims to CRM properties so that the profile is auto populated. Though you may need to consider a more complex implementation so that all CRM modifications of certain attributes are sync’d back to the Azure AD B2C attribute store. If you are interested then check out the Graph API documentation. For a less complex implementation that does not require complex attribute mapping, you could leave contact profile data collection just to CRM/portal and not collect any additional claims on the Azure B2C side.

If you want to at least ensure the email from Azure B2C is mapped to the CRM Contact email address then you can modify the ExternalLoginCallback method in the LoginController.cs and add lines 8 – 11 highlighted in the following code:

var loginInfo = await AuthenticationManager.GetExternalLoginInfoAsync();

if (loginInfo == null)
{
	return RedirectToAction("Login");
}

if (string.IsNullOrEmpty(loginInfo.Email))
{
	loginInfo.Email = loginInfo.ExternalIdentity.Claims.FirstOrDefault(a => a.Type == "emails")?.Value;
}

This is necessary due to the AuthenticationManager.GetExternalLoginInfoAsync() method only looking for http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress as the claim type name it would get for email.  Note B2C has been modifying the email claim name recently so you may need to update the Type condition to match what is current.

A last tip, if you plan to only use Azure B2C then it might make sense for your users to skip the portal sign in page and go directly to Azure B2C. This can be done using an out of box site setting Authentication/Registration/LoginButtonAuthenticationType. Simply set this site setting to same value as the site setting Authentication/OpenIdConnect/AzureADB2C/AuthenticationType and the sign in button in headers that utilize the UrlHelper method (default out of box non-liquid based) will forward directly to Azure B2C.