How to connect to CRM using SDK (claims based authentication and custom STS)

Question

I configured claims based authentication on my CRM instance. I'm using custom STS (Example available here) Now I want to access to web services from some test application. Does anyone have some example for this? I tried with same code for connection in case of windows auth. but, ofcourse, unsuccessful. I'm getting an error:

{"The authentication endpoint Kerberos was not found on the configured Secure Token Service!"}

This is code for connection (for AD authentication type):

OrganizationServiceProxy orgserv;
      ClientCredentials clientCreds = new ClientCredentials();
      ClientCredentials devCreds = new ClientCredentials();


        clientCreds.Windows.ClientCredential.UserName = "user";
        clientCreds.Windows.ClientCredential.Password = "P@$$w0rd";
        clientCreds.Windows.ClientCredential.Domain = "myDomain";
        IServiceConfiguration<IOrganizationService> orgConfigInfo =
                    ServiceConfigurationFactory.CreateConfiguration<IOrganizationService>(new Uri("https://myCRMServer/myOrg/XRMServices/2011/Organization.svc"));

        using (orgserv = new OrganizationServiceProxy(orgConfigInfo, clientCreds))
        {
          orgserv.ServiceConfiguration.CurrentServiceEndpoint.Behaviors.Add(new ProxyTypesBehavior());
          orgserv.EnableProxyTypes();
          connection = orgserv;
        }

I found somewhere that for claim based authentication is enough to send only UPN (User Principal Name). But the same error happens. I also tried with username/password combination and it was unsuccessful.

AuthenticationCredentials authCredentials = new AuthenticationCredentials();

...

authCredentials.UserPrincipalName = "user";

...

authCredentials.ClientCredentials.UserName.UserName = _userName;
authCredentials.ClientCredentials.UserName.Password = _password;

Error after this is: The authentication endpoint Username was not found on the configured Secure Token Service!

Answer 1

I finally solved this issue. In the end I configured ADFS and added Relaying Party trust for my custom STS. Now this works perfectly. API calls are made through ADFS and Web access authentications is done through custom STS.

Answer 2

If your just using the CRM 2011 web services interface I don't think claims even matters. The following code allows be to authenticate and connect to CRM 2011 and use the REST API

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Net;
using System.IO;

namespace CRM_REST_FromConsoleApplication
{
    internal class Program
    {
        private static void Main(string[] args)
        {
            var url = new Uri(@"https://MyServer/MyOrganiation/xrmservices/2011/organizationdata.svc/AccountSet?$select=Name&$top=10");

            HttpWebRequest request = WebRequest.Create(url) as HttpWebRequest;

            //TODO: Set Credentials Here            
            request.Credentials = new NetworkCredential("USERNAME GOES HERE", "PASSWORD GOES HERE", "myDomain");


            using (HttpWebResponse response = request.GetResponse() as HttpWebResponse)
            {
                StreamReader reader = new StreamReader(response.GetResponseStream());

                Console.WriteLine(reader.ReadToEnd());
            }

            Console.WriteLine("Press any key to continue...");
            Console.ReadKey();
        }
    }
}