Archive for the 'Microsoft CRM' Category

Nov 14 2012

Beating CRM2011 Anti-XSS with a Web Resource Shim

Published by under Microsoft CRM

Background

In Microsoft Dynamics CRM we’ve got several places that documents relating to an account can be uploaded to SharePoint.  Some are custom solutions developed whilst we were using CRM4 and others are using the built-in CRM2011 SharePoint integration.

To keep things simple for users, I have created a SharePoint web part that allows them to see a consolidated view of documents relating to each account.  This web part has a menu against each document that allows users to open the record that the document was uploaded against.

The Problem

Previously, I was just opening the CRM record in an Internet Explorer (IE) window and everything was fine.  However, now CRM has got a nifty Xrm.Utility.openEntityForm() JavaScript function that will open entity forms in either an IE or Outlook window, depending on which client the user is using to access CRM.

If you are using a CRM Web Page WebResource, you’ve got the option of either including ClientGlobalContext.js.aspx or using parent.Xrm to access the Microsoft Xrm JavaScript object model.  Unfortunately, Crm is on one website address and SharePoint is another website address.  Therefore, although SharePoint is being displayed in CRM using an iFrame, Anti-XSS (Cross Site Scripting) prevents the use of parent.Xrm in the SharePoint page.

The Solution

Given that the Xrm JavaScript object model needs to be used from a page in CRM the solution I came up with is to use a WebResource html page that will act as a shim for SharePoint:

!DOCTYPE html>
<html>
<head>
    <title>Xrm Shim</title>
    <base>
    <script type="text/javascript" src="../ClientGlobalContext.js.aspx"></script>
    <script type="text/javascript" src="../c5_javascript/lib/jquery.min.js"></script>
    <script type="text/javascript">
        $(function () {
            var data = Xrm.Page.context.getQueryStringParameters();
            Xrm.Utility.openEntityForm(data.typename, data.id);
        });
    </script>
    <meta charset="utf-8">
</head>
<body>
</body>
</html>

I then updated my SharePoint web part to run the following script when the user clicks the CRM Record menu item:

crmRecordMenuItem.ClientOnClickScript =
    string.Format(@"ifrm = document.createElement('IFRAME');
        ifrm.setAttribute('src', '{0}/{1}/WebResources/xrmshim.htm?typename=%DocTypeName%&amp;id=%CRMDocID%');
        ifrm.style.width = 1+'px';
        ifrm.style.height = 1+'px';
        document.body.appendChild(ifrm);", crmUrl, crmOrgName);

This creates an iFrame that loads from html shim from CRM which in turn calls Xrm.Utility.openEntityForm using the typename and id passed from SharePoint in the query string parameters.

The shim is simple enough that it can be used on any page that is hosted on any site other that CRM.  It could be extended to call any Xrm object model methods provided by ClientGlobalContext.js.aspx.

No responses yet

Jun 08 2012

CRM2011 Automated Testing – Integration Testing

Published by under .NET,General,Microsoft CRM

The integration testing is concerned with testing customisations within the context of CRM to ensure that the various components work together correctly. In my current work this is mostly related to custom plugins in CRM and custom integration with SharePoint. The key point is that with this type of testing I am not concerned with the user interface, rather the underlying processes.

In many ways the integration tests are very similar to the unit tests, they are code based test created using the Gallio/MbUnit framework. However, instead of testing code in isolation and mocking dependencies, the integration tests test whole systems. This is achieved by making create, update, delete, etc. calls to the web service to simulate user actions.

Test setup and tear down code can become length as you need to be able to setup scenarios to be able to test, including creating test records and enabling/disabling plugin to allow actions to be performed that may otherwise be blocked.

It is also during integration testing that I introduce testing as specific users to test security related constraints. This is easily achieved in CRM as connections to the Organization Service support impersonation.

Integration tests are also good where a user has identified an issue with a plugin in a scenario you hadn’t thought of before. I tend to use this as a trigger to create new integration test to match that case, and then one or two more boundary cases around it.

As these tests require connection and interaction with CRM, they can be slow to run. As a result, I tend to run these in TeamCity, where they can be left to run on their own, or I will run specific tests in order to help track down an issue. Whilst setting them up may seem to take a long time, relative to “productive development” time, they soon become invaluable for regression testing as new functionality is developed or existing code is refactored to improve performance, etc.

Example:

namespace Tests.Plugin.AddressTests
{
    public class AddressTests
    {
        #region Setup/Teardown

        [SetUp]
        public void BeforeEachTest()
        {
            _testEntity = createEntityForTests();
        }

        [TearDown]
        public void AfterEachTest()
        {
            if (_testEntity != null)
            {
                _testEntity.DeleteAndIgnoreException();
            }
        }

        #endregion

        #region Instance variables

        protected CrmEntity _testEntity;
        protected static readonly string ExpectedExceptionMessageContains = "This record already has an active";

        #endregion

        [Test]
        public void TestMultipleMailingAddressesCanBeUnchecked()
        {
            setAddressPluginState(PluginStepState.Disabled);
            var address1 = CustomerAddressBuilder.NewMailingAddress(_testEntity.ToEntityReference(), "Mailing 1");
            var address2 = CustomerAddressBuilder.NewMailingAddress(_testEntity.ToEntityReference(), "Mailing 2");
            var address3 = CustomerAddressBuilder.NewMailingAddress(_testEntity.ToEntityReference(), "Mailing 3");
            setAddressPluginState(PluginStepState.Enabled);

            address1.C5_Mailing = false;
            address1.Save();

            setAddressPluginState(PluginStepState.Disabled);
            address1.Delete();
            address2.Delete();
            address3.Delete();
            setAddressPluginState(PluginStepState.Enabled);
        }

        #region Protected Methods

        protected enum PluginStepState
        {
            Enabled = 0,
            Disabled = 1
        }

        protected void setAddressPluginState(PluginStepState state)
        {
            using (var context = ServicesFactory.CrmContext())
            {
                var steps = from step in context.CreateQuery<SdkMessageProcessingStep>()
                            where step.Name.Contains("Address")
                            select new SdkMessageProcessingStep { SdkMessageProcessingStepId = step.SdkMessageProcessingStepId, Stage = step.Stage };

                foreach (var step in steps)
                {
                    EntityReference entityref = step.ToEntityReference();

                    SetStateRequest req = new SetStateRequest();
                    req.EntityMoniker = entityref;
                    req.State = new OptionSetValue((int)state);
                    req.Status = new OptionSetValue(-1);

                    SetStateResponse resp = (SetStateResponse)context.Execute(req);
                }
            }
        }

        #endregion
    }
}

In this example you can see that the test is disabling a plugin, setting up some test address records, re-enabling the plugin and then executing the test. After the test is complete it cleans up the test records.

Related Posts

No responses yet

Jun 07 2012

CRM2011 Automated Testing – Unit Testing

Published by under .NET,Microsoft CRM

Ideally the code being tested should not rely on external resources, where such dependencies exist they should be mocked to isolate the code being tested form the external system. In the case of plugins, this means that testing units of code should not require the code to have a connection to an actual instance of CRM.

CRM2011 has improved the way that plugins are developed against CRM, especially with the introduction of the CrmSvcUtil.exe tool for creating early bound classes for entities in CRM that can be used alongside the CRM SDK assemblies. Additionally Microsoft has provided interfaces for accessing CRM and data provided by CRM to the plugin:

  • IOrganizationService
  • IPluginExecutionContext
  • ITracingService

This means it is simple to mock the CRM services to test the plugin in isolation.

However, mocking a whole execution context would be a bit of a lengthy exercise, especially the IPluginExectionContext object is different depending on what messages and what pipeline stages you are writing the plugin for.

Thankfully there is a project on Codeplex that makes this job simple: CrmPluginTestingTools. There are two parts to this tool:

  • A plugin that you register in CRM as you will register your final plugin (including configuring pre- and post-images) that serialises the plugin execution context to xml files.
  • A library of classes for de-serialising the xml files into objects that match the IPluginExecutionContext interface.

Once you’ve registered their plugin, perform the steps that you plugin will handle; grab the output xml files; head into Visual Studio and start crafting your unit tests.

I tend to use the de-serialized xml files in my unit tests as a starting point and then use the object model to update the IPluginExecutionContext objects to structure the data for the specific test.

The execution context is only half of the story, I also use Moq to create a mock IOrganizationService that code being tested will be given instead of an actually connection to CRM. By doing this I am able to isolate the code from the CRM server plus I can determine what will be returned without having to setup records in CRM. I can even mock any type of exception if I want to test that aspect of my code.

As with all my automated tests, the unit tests are built on top of Gallio/MbUnit testing framework. This means that I don’t need to think about how to run the tests, I know they will all work with TestDriven.net in Visual Studio, the Gallio Test Runner – for a more graphical UI on my workstation, and TeamCity continuous integration server.

Overall Process

Of course, the plugins I write and single-class monsters, instead I break up the code in logical units (classes/methods) of responsibility and I test each unit on its own. If a unit of functionality doesn’t require access to CRM or the plugin execution context then I don’t worry about mocking those for that specific test.

Solution Structure

This solution contains several projects, these being:

  • Crm2011.Common

This contains the early-bound classes generate by CrmSvcUtil.exe which are used by several solutions.

  • Crm2011.Plugins.Address

The plugin that is being written/tested.

  • Crm2011.Plugins.DeploymentPackage

The project for deploying the plugin into CRM. The steps and images registered in this project should match how the CrmPluginTestingTools plugin was registered.

  • Plugin.Unit.Tests

This contains the unit tests created for testing the plugin, as well as the serialized execution contexts used by the unit tests. This project also contains a .gallio file that is the project used to run the tests in Gallio; and a .msbuild file that is the MsBuild project used to compile and run the tests in TeamCity.

  • SerializePluginContext & TestPlugin

The CrmPluginTestingTools projects for de-serializing the xml execution contexts in the unit tests.

Examples

[TestFixture]
public class CompanyAddressPreDelete
{

	MyServiceProvider serviceProvider;
	IPluginExecutionContext pluginContext;

	[SetUp]
	public void Setup()
	{
		var context = TestContext.CurrentContext.Test.Metadata["Context"][0];
		var service = new Mock&lt;iorganizationservice>();
		var assemblyPath = typeof(IndividualAddressPreCreateTests).Assembly.Location;
		var contextFile = Path.Combine(Path.GetDirectoryName(assemblyPath), @"Address\Contexts\Company\Delete\"+context+".xml");
		serviceProvider = new MyServiceProvider(service.Object, contextFile);
		pluginContext = (IPluginExecutionContext)serviceProvider.GetService(typeof(IPluginExecutionContext));
	}

	[Test, Metadata("Context", "PreOperation-BothTicked-Active")]
	public void both_active_should_clear_parent()
	{
		var plugin = new Crm2011.Plugins.Address.PreAddressDelete();
		plugin.Execute(serviceProvider);

		Assert.Exists(pluginContext.SharedVariables, sv => sv.Key == "AddressChanges", "Address Changes not registered in SharedVariables");
		var changes = new SharedVariables(pluginContext.SharedVariables).AddressChanges;
		Assert.Count(2, changes);
		Assert.Exists(changes, x => x.Address == AddressType.Mailing && x.Change == ChangeType.Remove);
		Assert.Exists(changes, x => x.Address == AddressType.Invoice && x.Change == ChangeType.Remove);

		Assert.Exists(pluginContext.SharedVariables, sv => sv.Key == "MakeChanges", "Make Changes not registered in SharedVariables");
		Assert.IsTrue((bool)pluginContext.SharedVariables["MakeChanges"]);
	}
}

The above code is a single test fixture (class that contains unit tests); a SetUp method that is run before each test; and a single unit test. I have added Metadata attribute to the test method so the setup method can determine which execution context xml files should be de-serialized for the test. The first two lines of the test setup and execute the plugin, the rest of the test ensures that the ShareVariables on the execution context have been correctly set of the given data.

The following example indicates how the organization service can be mocked to ensure that the plugin is making the correct call to CRM:

[TestFixture]
public class CompanyPostDeleteTests
{
	Mock&lt;iorganizationservice> service;
	MyServiceProvider serviceProvider;
	IPluginExecutionContext pluginContext;

	[SetUp]
	public void Setup()
	{
		service = new Mock&lt;iorganizationservice>();
		var assemblyPath = typeof(IndividualAddressPreCreateTests).Assembly.Location;
		var contextFile = Path.Combine(Path.GetDirectoryName(assemblyPath), @"Address\Contexts\Company\Delete\PostOperation.xml");
		serviceProvider = new MyServiceProvider(service.Object, contextFile);
		pluginContext = (IPluginExecutionContext)serviceProvider.GetService(typeof(IPluginExecutionContext));
	}

	[Test]
	public void deleted_mailing_and_invoice_address_should_clear_account_twice()
	{
		var parentId = Guid.NewGuid();
		pluginContext.SharedVariables.Add("MakeChanges", true);
		pluginContext.SharedVariables.Add("AddressChanges", "Mailing:Remove|Invoice:Remove");
		pluginContext.PreEntityImages.Add("Image", CreateTestAddress(parentId));


		var plugin = new PostAddressDelete();
		plugin.Execute(serviceProvider);

		service.Verify(s => s.Update(It.Is&lt;entity>(e =>
			 e.Id == parentId &&
			 e.LogicalName == "account" &&
			 e.Attributes.Contains("address1_line1") && (string)e["address1_line1"] == ""
		)), Times.Once());

		service.Verify(s => s.Update(It.Is&lt;entity>(e =>
			e.Id == parentId &&
			e.LogicalName == "account" &&
			e.Attributes.Contains("address2_line1") && (string)e["address2_line1"] == ""
		)), Times.Once());
	}
}

By using unit testing in isolation of CRM, it is possible to create the vast majority of a plugin without having to touch the CRM server itself (with the exception of creating the test serialized execution contexts). Not only that, once you have created the unit tests, it is possible to run them again and again without having to manually click through CRM, so if you make changes to entities in CRM you can easily re-run the CrmSvcUtil.exe to update your early-bound classes and then run the unit tests to verify that they still pass.

Related Posts

One response so far

Jun 06 2012

CRM2011 Automated Testing – Tool Stack

Published by under .NET,Microsoft CRM

To mark my return to blogging, I’ve decided to write a series of blog posts around automated testing in CRM2011.  This is part 1, an overview of the types of tests I’m creating and the tools I’m using for creating and running the tests.  Future posts will look at each of the types of tests in turn and look at how I’m using TeamCity to automate these tests.

The automated testing in place for CRM2011 is broken downv into the following three types of tests:

  • Unit Tests
  • These are small, fast tests that are written in code and are designed to test isolated pieces of code.
  • Integration Tests
    • The tests are for complete systems or sub-systems, e.g. a plugin running in the context of CRM.  However, they are still code based and tested in without User Interface interaction.
  • User Interaction Tests
    • This is tests of the system from the perspective of the user.  They are based on a simulation of the user clicking and entering values in the browser.

    Testing Components

    The basic components that are being used for automated testing of CRM are as follows:

    • Used for creating the test classes and test runner used for executing the tests.
  • CrmPluginTestingTools
    • This is used to create copies of actual plugin execution contexts from CRM.  These are then used in plugin unit tests outside of CRM.
  • Moq
    • Used for creating mock copies of external systems, e.g. CRM Web Services, so that unit tests do not require access to CRM.
  • WatiN
    • This is a web browser runner that simulates a user clicking in the browser.
  • TestDriven.Net
    • This integrates testing functionality into Visual Studio, making it quicker and easier to write and run tests from within Visual Studio without having to rely on an external application.
  • TeamCity
    • This is an automated continuous integration system that is used to both compile the source code and run unit tests.  It has also been configured to create a backup of the customisation solution from CRM into Subversion.

    Tool Stack

    The following diagram illustrates the tool stack used for each of the types of tests, with the system under test at the top of the stack and the host environment at the bottom:

    All of the test can be run in either Visual Studio or TeamCity and all of the test are based on the Gallio/MbUnit test framework.  In addition, the unit tests uyse Moq and CrmPluginTestingTools to allow the unit tests to run in isolation; the integration tests simply call straight to the CRM Web Services for both setting up the test and confirming the results; the user interaction tests use WatiN to control IE to run the test.

    Related Posts

    One response so far

    Mar 29 2012

    Error in CRM 2011 Outlook Client: Retrieval of a page from CRM server failed due to an error

    Published by under Microsoft CRM

    I’ve been busily working away for the past three months in my new job preparing a big CRM4 –> CRM2011 upgrade. We’ve had our fair share is issues during the process, there’ll be a few more blog posts coming, but this latest one I thought was worthy noting.

    I’ve just come across an issue in CRM Outlook client with pinned views that I was able to solve and thought the solution might help other people if they come across the same problem.

    I’m not sure what actions the user performed but they were testing pinned views on an entity in the CRM Outlook client when they became unable to access the entity any more. Closing and re-opening Outlook didn’t solve the problem, re-configuring the Outlook client didn’t solve the problem. Other entities could be accessed correctly.

    This is how Outlook appeared:

    With Tracing enabled on the client machine, the following error message appeared in the Application event log:

    Fault bucket , type 0
    Event Name: CRMmanaged
    Response: Not available Cab Id: 0
    Problem signature:
    P1: 5.0.9690.1992
    P2: OUTLOOK
    P3: Microsoft.Crm
    P4: Unrecognized Guid format.;Hash=’-656984235′
    P5:
    P6:
    P7:
    P8:
    P9:
    P10:
    Attached files:
    These files may be available here:

    C:\Users\training8\AppData\Local\Microsoft\Windows\WER\ReportQueue\NonCritical_5.0.9690.1992_be39755d306c1de7a13dc6f26ffc62a6bfd38c6_12130c81

    Analysis symbol:
    Rechecking for solution: 0
    Report Id: c901b421-78fd-11e1-bfe1-00217030db10
    Report Status: 4

    I tracked this issue down to a value in the UserEntityUISettings table in the CRM database: TabOrderXml.  There is one row per-entity per-user that stores the user defined customisations for the Outlook client.

    The valid values for this table are:

    • NULL
    • A single GUID: {00000000-0000-0000-00AA-000010001002}
    • A semi-colon delimited list of GUIDs: {00000000-0000-0000-00AA-000010001002};{00000000-0000-0000-00AA-000010001003}

    However, in the case of this user, the value had become the following:

    • {00000000-0000-0000-00AA-000010001002};;

    Outlook was unable to handle the two semi-colons at the end without GUID values.

    To fix the error I performed the following steps:

    • Execute the following SQL against the CRM database:
    update UserEntityUISettings
        set TabOrderXml = NULL
    where OwnerId = '645CF03B-ECE5-E011-9978-00155D650A09'
        and ObjectTypeCode = 1

    Where OwnerId is the ID of the system user and ObjectTypeCode is the type code of the entity that the user is having problems with.

    • Close Outlook for the user (if it isn’t already closed)
    • Re-configure the Outlook client for the user
    • Re-open Outlook

    The reason for re-configuring the CRM Outlook client for the user is that the settings are cached on the users machine in an SSCE database and re-configuring CRM Outlook client resets the database, forcing a refresh of the settings from the server.

    No responses yet