I have an MVC application that connects to CRM via the SDK's OrganizationService. The user logs in via a form in the application using their username and password. The CRM organization uses claims-based authentication and is connected to an ADFS 2.0 server.
Whenever I try to authenticate a user via their username and password, the newly instantiated service reuses an earlier token it got from successfully connecting. This makes it possible for users to log back in with just the correct username - even with an invalid password. The connection I'm using is set to have an instanceMode of *PerInstance* and that doesn't appear to help either.
I feel like I'm missing something essential here. Do I have to do something to tell CRM to re-authenticate my users' credentials or do I have to do something to tell our STS server to invalidate the previously issued token?
Thanks.
↧
How to prevent OrganizationService from reusing the same STS Token?
↧