A common request I have seen is the ability to hide/expose certain fields on forms according to the current user permissions and/or ID. Below is 1 possible solution using IFRAMES, ASP.NET,
MSCRM forms customization, and the CRM Web Service. The example was written in VS.NET 2005 but will also work in VS 2003.
I would HIGHLY recommend using a dev install of MSCRM for this, i.e. don’t do this on a production install! J
So the first step is to choose the form you want to work with. I chose Accounts for this example and decided to work with the address fields. So I opened up MSCRM, chose Settings->Customization->Customize Entities.
I then double-clicked on Accounts to open the Account customization window.
Next double-click on “Forms and Views”, and then double-click on “Form” to open the form.
Now select the field you want to hide, and click “Remove”. Click “yes” on the dialog Note this does not remove the field from the application, it merely removes the data entry field from the form.
I chose to remove all the fields in the Address section, you can do that, hide only some of the fields, or just add an entirely new section. So when done, form looked like this:
Next Click "Save and Close" and then "Save and Close" again. On the next screen, make sure that "Account" is selected, and click "Publish".
Ok now we need to create our VS.NET Project for our custom form. The goal is that the custom form will load in an IFRAME contained in the Account form, read the current user id, and based on that ID will expose fields. So I am not going to cover creating a new ASP.NET project, if you've not done that before you can download the Client SDK HOL here. This PPT covers creating an ASP.NET application.
So we need to add the web reference to our ASP.NET application. If you right-click on your application and select "Add web reference" you'll get a dialog where you should enter:
http://<yourcrmservername>/mscrmservices/2006/crmservice.asmx
Give this reference a name like "mscrm" and this will add the CRM web reference to the project and give you access to the CRM API.
So you should have a form called "default.aspx" which you can rename or leave alone, it's up to you. On that form add 2 labels and 2 text boxes and name them as:
lblAddress1
lblCity
txtAddress1
txtCity
and set the "Visible" property of the components to "false"
Next open the form and add the following code:
using
mscrm; // Change this to whatever you named your web referenceprotected
void Page_Load(object sender, EventArgs e)Explanations:
1. Reads the current user identity
2. Initializes the CRM web service
3. Executes a WhoAmI request to read the user from CRM.
4. If statement to determine what fields to expose. NOTE: this code can use
either method 1. or 3. to read the current user. If using 1., then the If
statement compares the id.Name to the Domain\user combination. If using method 3
we can compare the CRM User ID to a string with the User ID from CRM. In this
example all this is hard-coded however this could be modified (and probably
should be! :) to read this information from the system. Part of the problem with
hard-coding is that if your domain isn't name "MICROSOFT" and/or you don't have
a user "gail" on the system, this won't work. Change this line to read:
if
(id.Name.Equals("<your domain>\\<a valid user>"))
If you use Method 3 to grab the UserId, you need to know the GUID of that user
in MSCRM.
Some important notes:
You need to setup an IIS virtual directory in your IIS setup. I created a
directory
C:\Inetpub\wwwroot\WebSite1 and then created an IIS virtual directory called
"address".
And the permissions need to be set as so:
To access this page open IIS Manager, right-click on your virtual directory and select "Properties->Directory Security" and in the "Authentication and Access Control" box click "Edit".
Also, in the web.config file of your ASP.NET application,
above the <authentication mode="windows" /> line, add
<identity impersonate="true"/>. Next we have to add our web application URL to
the "Trusted Sites" in IE for whatever machine we want to run the app on. So for
example, my server is set up as
http://192.168.1.105, so my custom app runs under
http://192.168.1.105/address, so I
added 192.168.1.105 to my IE trusted zone. If you don't do this, you will be
prompted for credentials when the IFRAME loads within the account form
Thanks Kristen for your help with this!! :) Alex Mackman, one of the authors of
"Building Secure ASP.NET applications" also helped here. Here is the article:
Click here
Build your ASP.NET project and then copy the entire directory into the directory
you created in c:\Inetpub\wwwroot. This
step may differ depending on what version of VS you use. With VS 2005 a
directory C:\My Documents\Visual Studio 2005\WebSites
is created, so my "WebSite1" folder sits in there, and then I copy that folder
into C:\Inetpub\wwwroot. I don't
remember the exact steps in VS 2003, but the end result needs to be that your
built project files are in the directory your IIS virtual directory is pointing
at.
If you would like to test this at this point, open IE and
type http://<your virtual directory>, so for this
example I would open IE and type http://192.168.1.105/address.
Next we need to add an IFRAME to our Account form and point the IFRAME URL at
our new application. Back on the MSCRM Account for in customize mode, select the
Address Section on the form (Click on it) and then click "Add an IFRAME".
and you'll see:
On this screen enter the data for your web application as so:
Name: give it a name Click "Save and Close" and then "Save and Close" again.
On the next screen, make sure that "Account" is selected, and click "Publish". OK, that should be it! To test, close all open MSCRM windows and then re-open
MSCRM in IE. Click "Sales->Accounts" and then double click on any account. In
this example, when I log onto my client machine as "gail" and open the Account
form, I get:
URL: enter the virtual directory URL, so for the example:
http://192.168.1.105/address NOTE:
This HAS to be the URL for the virtual directory in IIS, not the actual
directory path like c:\Inetpub\wwwroot\<name>
A label isn't necessary
You MUST uncheck the "Restrict cross-frame scripting" box
Location should beset correctly if you selected the "Address" section on the
form.
You should have something similar to this when done:
Click OK and you'll see something similar to:
And if I open the form as any other user I get:
And that's it for this example.
Please note that this is not the prettiest form in the world and this idea may
or may not fit your particular solution, but it is ONE possible solution.