Looking for PowerObjects? Don’t worry, you’re in the right place! We’ve been part of HCL for several years, and we’ve now taken the final step in our acquisition journey: moving our website to the HCL domain. Nothing else is changing – we are still fanatically focused on Microsoft Business Applications!

HCLTech Microsoft Business Applications Practice Blog

for Dynamics 365, Power Platform and the rest of the Microsoft technology stack

MS CRM Custom WCF with Dual Encryption

Post Author: HCLTech |

This allows the MS CRM custom WCF service which is hosted in MS CRM IIS server to be accessed from Client in a more secured fashion. The message payload sent from the client will be encrypted over the SSL as well as with the Certificate.

The purpose of this implementation is to provide a dual layer encryption of the message body and also authenticates the request by using a service account.

In this blog we will discuss implementing WCF with the following requirements:

  1. Implement MS CRM using a custom WCF service (SSL over https).
  2. Use WS-Security to allow the message payload to be encrypted with a certification.
  3. Authenticate the client with a service account.


The image below is a pictorial representation of how a request is submitted to a server which then in turn calls the MS CRM Custom WCF service to push the request to the MS CRM system.


Below are the steps to implement the WCF solution.

1. Implement the MS CRM custom WCF service SSL over https.
Once the WCF service is deployed to IIS, add the https binding and choose the appropriate certificate. In the following scenario, the certificate is a wildcard certificate.

2. Use WS-Security to allow the message payload to be encrypted with a certification.

In order to encrypt the message payload with a certificate, add a custom binding which will provide message security and will also host the service on SSL. This will allow the client configuration file to auto generate the encoded token value. The custom binding is as follows:

WCF service Web.config

Create a custom binding with the security authentication mode as "UserNameForCertificate".

Add a behavior with httpsGetEnabled = "true" and add the service certificate as mentioned below.

Add a service section as below. "BindingConfiguration" is pointing to the custom binding which is defined in step 1 above.

Client's Web.config/app.config

When the WCF service is added as a Service reference on the client app, the server certificate encoded value is auto populated as shown below.

3. Authenticate the client with a service account.

On WCF Service

Add the following appSettings to the WCF service web.config.

The following code snippet is used to authenticate the user (usually the service account details are passed from the client) who is requesting access to the service. This code should be written into the WCF service.

On Client Service

On the client service, before calling a WCF method, it needs to pass the user credentials (usually a service account) as shown below.

MSDN blogs



Happy CRM'ing!

By Joe D365
Joe D365 is a Microsoft Dynamics 365 superhero who runs on pure Dynamics adrenaline. As the face of PowerObjects, Joe D365’s mission is to reveal innovative ways to use Dynamics 365 and bring the application to more businesses and organizations around the world.

PowerObjects Recommends