Skip to content
/

This post will be about a new sample of using “Sandboxable”.
We will walk through the steps to create a Microsoft Dynamics CRM plug-in that on deletion of any record, stores the deleted data as a file on Azure blob storage.

This post will be about a new sample of using . I wrote about .

In this post, we will walk through the steps to create a Microsoft Dynamics CRM plug-in that on deletion of any record, stores the deleted data as a file on Azure blob storage.

When using Azure blobs to store data, you should enable .

As usual, you will find the links to the complete source code at the end of this post.

Setting up the project

For this sample, the steps for are the same as the steps described in the previous post. So, I won’t list them here again.

Writing the plug-in

I’ve based the plug-in code on the MSDN article .

Getting the deleted entity

To get the details about the deleted record we need to get them from the . The registration of a Pre-Image will be described later in this post.

Entity entity = context.PreEntityImages["Target"];

Getting the connection details

To connect to Azure blob storage, you need:

  1. The storage account name
  2. One of the storage account access keys

For this sample, we’ll use a JSON string stored in the secure storage property of the plug-in step.
To deserialize these settings we use JsonConvert with a nested PluginSettings class.

PluginSettings pluginSettings =
                    JsonConvert.DeserializeObject<PluginSettings>(this.secureString);

Initializing the CloudBlobClient

The offers an easy way to manage and use all Azure blob storage related resources.
To initialize this class, we need to provide the URL and the .

StorageCredentials storageCredentials =
              new StorageCredentials(pluginSettings.AccountName, pluginSettings.Key);
Uri baseUri = new Uri($"https://{pluginSettings.AccountName}.blob.core.windows.net");
CloudBlobClient blobClient = new CloudBlobClient(baseUri, storageCredentials);

Creating a root container

First we’ll make sure there is a container to store all the contents generated by this plug-in.

With the blob client, we can create a reference to the with the name that is stored in the constant named FolderName.
To make sure the container exists, we call the which ensures us if there isn’t a container present yet, it’ll be created for us at that moment.

CloudBlobContainer container = blobClient.GetContainerReference(FolderName);
container.CreateIfNotExists();

Creating an entity directory

Now we want to create a directory inside the container to store entity specific records.

CloudBlobDirectory entityDirectory = 
                            container.GetDirectoryReference(entity.LogicalName);

Directories differ from containers because they don’t exist on disk. That’s why we don’t need to check if the directory already exists. If you’re interested in more details, I recommend the article by John Atten.

Adding a blob to the directory

Just like the container and the directory before, we also need to create a reference for the blob.
On the blob directory ask for a reference to the using the .

string fileName = entity.Id.ToString("N") + ".json";
CloudBlockBlob blob = entityDirectory.GetBlockBlobReference(fileName);

We won’t create the blob immediately because we want to add some details about the content we’re about to store. This can be done by setting the Properties and Metadata properties of the blob.
One of the we want to set is the . This will allow other systems to recognize the file correctly as a JSON file.

blob.Properties.ContentType = "application/json";

However, the BlobProperties only contains a fixed set of properties.
By using the on the blob allows us to store custom metadata with the blob.

blob.Metadata["userid"] = context.UserId.ToString("B").ToLowerInvariant();
blob.Metadata["userfullname"] = fullName;
blob.Metadata["deletiondate"] = context.OperationCreatedOn.ToString("O");

Now it’s time to write some file contents to the blob. We create blob data, using the context of the current plug-in execution. For demonstration purposes we serialize the JSON with the option set to Indented.
Because the blob content is plain text, we can use the .

var blobData = new
  {
    context.UserId,
    FullName = fullName,
    context.MessageName,
    entity.LogicalName,
    entity.Id,
    entity.Attributes
  };
blob.UploadText(JsonConvert.SerializeObject(blobData, Formatting.Indented));

Now build the project so we can proceed.

Register the plug-in assembly

Now the freshly baked assembly needs to be registered on the server.
The steps to do this are outside the scope for this post, but more information can be found in the .

Register the plug-in step for an event

To test the plug-in, we’ll register it asynchronously on the deletion event of every entity.

Dependencies on external resources should never be part of a synchronous pipeline.

In the Secure Configuration property, we set the value with the JSON object containing the connection information:

{
  "AccountName":"loremipsum",
  "Key":"DDWLOREM...IPSUMr0A=="
}

(obviously, these values do not represent real data)

Register the plug-in step for the deletion event of any entity

Because we are working with the deletion event we need to register a Pre-Image to capture the values of all attributes before the actual deletion took place.
We set the value of the Name and the Entity Alias properties to Target

Register a new image for the plug-in step for the deletion event of any entity

Testing the plug-in

We delete a contact in CRM. In my case the contact is called Sample User.

After a couple of seconds, we see the following container and directories appear on the storage account:
The "samplecrmfolder" container with multiple directories for different entities
Screenshot from

Opening the file in the contact directory, shows us some familiar content:

{
  "UserId": "d617a1a0-359a-e411-9407-00155d0ae259",
  "FullName": "Lorem Ipsum",
  "MessageName": "Delete",
  "LogicalName": "contact",
  "Id": "6e843a34-91b1-e611-80e4-00155d0a0b40",
  "Attributes": [
    {
      "Key": "firstname",
      "Value": "Sample"
    },
    {
      "Key": "lastname",
      "Value": "User"
    },
    {
      "Key": "fullname",
      "Value": "Sample User"
    },
    ...
  ]
}

If we look at the HTTP response header when retrieving the file, we see that the content type and metadata properties are present:

HTTP/1.1 200 OK
Content-Type: application/json
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-version: 2015-12-11
x-ms-meta-userid: {d617a1a0-359a-e411-9407-00155d0ae259}
x-ms-meta-userfullname: Lorem Ipsum
x-ms-meta-deletiondate: 2016-12-08T14:23:25.5635361Z
x-ms-blob-type: BlockBlob

Concluding

By utilizing the Sandboxable Azure SDK, we only needed a few lines of code to store deleted CRM records in Azure blob storage, making a remote archive a piece of cake.

When using blob storage for archiving you might want to take a look at which might save you same money.

Sample code

The complete source code is available as a sample project.
Expect more samples in the Sandboxable-Samples repository on GitHub in the future.

/

A while back I've introduced Sandboxable. It's a means to use NuGet packages that normally are not available for code that runs with Partial Trust.
In this post, we will walk through the steps to create a Microsoft Dynamics CRM plug-in that will add a message to an Azure queue.

A while back I’ve introduced . It’s a means to use NuGet packages that normally are not available for code that runs with Partial Trust.

In this post, we will walk through the steps to create a Microsoft Dynamics CRM plug-in that will add a message to an Azure queue.

At the end of the post you will find the links to the complete source code for you to use.

Setting up the project

  1. Create a new Class Library project in Visual Studio
  2. Add the following NuGet packages with their dependencies:
    • Microsoft.CrmSdk.CoreAssemblies
      This package will add the base to create a plug-in for CRM
    • MSBuild.ILMerge.Task
      This package makes sure that the generated assembly will also contain all dependencies.
      More information about this package can be found on the
    • Sandboxable.Microsoft.WindowsAzure.Storage
      This package provides the Azure storage SDK, modified to run in the sandbox.
  3. Change the Copy Local property for the CRM references to false. These assemblies are already present in the runtime hosting the sandbox, so they can be kept outside our assembly
  4. Enable strong name key signing on your project

Now you can do a test build of the project to check if everything works correctly.

Writing the plug-in

I’ve based the plug-in code on the MSDN article .

Getting the connection details

To connect to an Azure queue, you need 3 details

  1. The storage account name
  2. One of the storage account access keys
  3. The name of the queue

There are several ways to get these details at runtime. To name a few: hard-coded, stored as data in an entity, stored in a web resource as a XML file or in the plug-in step configuration.
For this sample we’ll use a JSON string stored in the secure storage property of the plug-in step.
To deserialize these settings we use JsonConvert with a nested PluginSettings class.

PluginSettings pluginSettings =
                     JsonConvert.DeserializeObject<PluginSettings>(this.secureString);

Initializing the CloudQueueClient

The offers an easy way to manage and use Azure queues.
To initialize this class, we need to provide the URL and the .

StorageCredentials storageCredentials =
               new StorageCredentials(pluginSettings.AccountName, pluginSettings.Key);

Uri baseUri = new Uri($"https://{pluginSettings.AccountName}.queue.core.windows.net");

CloudQueueClient queueClient = new CloudQueueClient(baseUri, storageCredentials);

Creating a reference to the queue

With the queue client, we can create a reference to the with the name that is stored in the constant named QueueName.
To make sure the queue exists, we call the which ensures us if there isn’t a queue present yet, it’ll be created for us at that moment.

CloudQueue queue = queueClient.GetQueueReference(QueueName);

queue.CreateIfNotExists();

Adding the message to the queue

We create some message data, using the context of the current plug-in execution. This data is wrapped in a .
We add the message to the queue, using the and we’re done!

var messageData = new
  {
    context.UserId,
    context.MessageName,
    entity.LogicalName,
    entity.Id,
    entity.Attributes
  };

CloudQueueMessage queueMessage =
                    new CloudQueueMessage(JsonConvert.SerializeObject(messageData));

queue.AddMessage(queueMessage);

We must build our project again so we can proceed.

Register the plug-in assembly

Now the freshly baked assembly needs to be registered on the server.
The steps to do this are outside the scope for this post but more information can be found in the .

Register the plug-in step for an event

To test the plug-in, we’ll register it on the creation event of the contact entity.
For performance optimization we’ll choose the asynchronous execution method. External resources should never be part of your synchronous pipeline.

In the Secure Configuration property, we set the value with the JSON object containing the connection information:

{
  "AccountName":"loremipsum",
  "Key":"DDWLOREM...IPSUMr0A=="
}

(obviously, these values do not represent real data)

Register the plug-in step for the creation event of contact entities

Testing the plug-in

We create a new contact in CRM called Sample User.
After a couple of seconds we see the following message appear on the queue:

{
  "UserId": "d617a1a0-359a-e411-9407-00155d0ae259",
  "MessageName": "Create",
  "LogicalName": "contact",
  "Id": "6e843a34-91b1-e611-80e4-00155d0a0b40",
  "Attributes": [
    {
      "Key": "firstname",
      "Value": "Sample"
    },
    {
      "Key": "lastname",
      "Value": "User"
    },
    {
      "Key": "fullname",
      "Value": "Sample User"
    },
    ...
  ]
}

(formatted for readability)

Concluding

By utilizing the Azure SDK, we only needed a few lines of code to send messages to an Azure queue and making all sorts of integration with other systems possible.
By using the Sandboxable project we’re no longer limited by the sandbox.

Sample code

The complete source code is available as sample project.
Expect more samples in the Sandboxable-Samples repository on GitHub in the future.

/

I would like to introduce to you Winvision’s first open source project: Sandboxable.

Sandboxable enables your project to utilize functionality provided by other (Microsoft) libraries that normally are not available in a Partial Trust environment like the Microsoft Dynamics CRM sandbox process.
The project offers modified NuGet packages that will run with Partial Trust.

I would like to introduce to you ’s first open source project: .

Sandboxable enables your project to utilize functionality provided by other (Microsoft) libraries that normally are not able to use in a Partial Trust environment like the Microsoft Dynamics CRM sandbox process.
The project offers modified NuGet packages that will run with Partial Trust.

Sandboxing

Sandboxing is the practice of running code in a restricted security environment, which limits the access permissions granted to the code. For example, if you have a managed library from a source you do not completely trust, you should not run it as fully trusted. Instead, you should place the code in a sandbox that limits its permissions to those that you expect it to need.

You can read more on this in the article
If you encounter a .NET sandbox today chances are it’s running with

A big example of software running in a sandbox are the Microsoft Dynamics CRM (Online) Plug-ins and custom workflow activities. ()

The problem

As developers we use a lot of library code like NuGet packages as we’re not trying to reinvent the wheel. The downside is that most of these libraries are not written with a Partial Trust environment in mind.
When we embed these libraries to our code in the sandbox we encounter 2 common issues:

  1. The code contains security critical code and will fail to load with a TypeLoadException or will throw an SecurityException at runtime
  2. The package references another package that contains security critical code and even though the code might not even be used it will trigger one of the exceptions mentioned above

Problematic constructs

  • Calling native code

    [DllImport("advapi32.dll", SetLastError = true)]
    [return: MarshalAs(UnmanagedType.Bool)]
    internal static extern bool CryptDestroyHash(IntPtr hashHandle);
  • Override SecurityCritical properties of an object like Exception

    public override void GetObjectData(SerializationInfo info, StreamingContext context) {
        ...
    }

    Where Exception has the following attributes on this method

    [System.Security.SecurityCritical]
    public virtual void GetObjectData(SerializationInfo info, StreamingContext context)
    {
        ...
    }
  • Serialize non-public classes, fields or properties

    [JsonProperty(DefaultValueHandling = DefaultValueHandling.Ignore, NullValueHandling = NullValueHandling.Ignore, PropertyName = PropertyNotBefore, Required = Required.Default)]
    private long? _notBeforeUnixTime { get; set; }

The solution

When we encounter a NuGet package that fails to load or execute in the sandbox and it’s source is available we make a Sandboxable copy of it.
This is done by eliminating the offending code in a way that is the least obtrusive and publish this version to NuGet.

The base rules are:

  • Keep the code changes as small as possible
  • Prefix all namespaces with Sandboxable
  • Eliminate offending NuGet dependencies
  • If a new dependency is needed, it will be on a sandbox friendly NuGet package

Source and contribution

The source is published at the Sandboxable project at GitHub.

Included in the solution is also a stand-alone project to test if code will break inside a sandbox. This makes testing libraries easier without the need to deploy it to a (remote) environment.

I like to invite everybody to use the Sandboxable NuGet packages and contribute to the project.