Power users and vendors are always excited about SDKs to their favorite applications. The ability to build solutions on top of powerful interfaces can go a long way towards extending the capabilities of a product. CRM’s SDK is proof of that; but when it is applied in a CRM Online situation, the challenges inherent to cloud computing mean the technical hurdles are higher.
Authentication is the primary culprit. To authenticate to the CRM Online system you need to obtain a Windows Live ID (WLID) ticket, and the only way to do that has been to dance to IdCrl’s tune (there are actually ways to bypass IdCrl, but they are unsupported.) IdCrl is only intended to be used when there’s ‘a warm body at the keyboard’ to enter credentials, so service accounts (who are often more useful when it comes to taking advantage of SDKs) weren’t invited to the party. On-premises and partner-hosted deployments have been able to simply let Active Directory handle all aspects of authentication, which has no such limitations.
Fortunately, recent functionality additions to Windows Live ID allow CRM Online to reach parity with its counterparts. SDK consumers will now be able to use certificates to obtain WLID tickets. This opens up a wide range of possibilities that can expand CRM’s functionality with web services and third-party solutions. The CRM Online team recognized that once service accounts were able to do business in CRM Online, impersonation would need to be supported. So that’s an area where complementary improvements were made.
The main obstacles remaining are the expense of obtaining a certificate, and, for impersonation scenarios – the fact that it’s fairly involved to manage Windows Live identities for the amateur developer. You’ll need to register your app with Windows Live and make use of their Relying Party Suite (RPS) libraries. This allows, for example, the ability to obtain the unique id (aka puid or Net Id) of a user browsing your site when they’ve signed in with their WLID account. You’ll need that unique id, among other authorization prerequisites, if you want to impersonate that user in CRM.