Dynamics CRM Project Implementation Technical specification

1 project design Phase1.1 customizing and extending the Dynamics CRM specification 1.1.1 use of custom entities

1. Prioritize the use of existing system entities and add custom attributes to them;

2. Renaming an existing entity to make the entity more meaningful;

3. Consider creating a custom entity when you are unable to meet your business requirements in either of these situations

1.1.2 the use of plugins and workflows

Consider the deployment, performance, and maintenance aspects of a plug-in or workflow solution, and then choose a technology that best meets your business goals.

The following table lists the features of plug-ins and workflows.

Conditions	Plug - ins	Work flow
Execute before or after core platform operations (create, update, delete, etc.)	Execute (Synchronize) immediately before or after the core operation. Queues can be queued to execute (asynchronously) after the core operation.	Queued to execute after the core operation (asynchronous/ synchronous ).
Impact on server performance	Synchronization plug-ins may increase the platform response time because they are part of the main platform processing process. Asynchronous plug-ins have less impact on server response times because the code runs in different processes.	The impact on server response time is small because the code runs in a different process.
security restrictions	Registering plugins with the platform requires a system administrator or system customizer security role and " deployment Administrator " Span style= "Font-family:calibri" > "	User can web Create workflows interactively in the application. However, to register a custom workflow activity, the user who makes the deployment must have the same security role that is required to register the plug-in.
CRM version (SKU) support	After registering in the sandbox, it is supported in CRM Online . Can be supported in partner-hosted installations, which are at the discretion of the partner.	Workflows that do not include custom workflow activities are supported in all product versions. Custom workflow activities are not supported on CRM Online .
Length of processing time	Plug-ins that perform registrations for synchronous or non- synchronous execution require that their execution be completed within a 2-minute time limit.	Applies both to short-term processes and to long-term processes.
The CRM for Outlook client also works offline	Both online and offline support.	Workflow does not execute while offline.
Process and data persistence	The plug-in executes until completed. The plug-in must be written in a stateless situation where no in-memory data is preserved.	Workflows can be paused, postponed, canceled, and resumed through the SDK call or by the user through the Web application. The state of the workflow is automatically saved until the workflow is paused or postponed.
Simulation	Plug-ins can perform data operations on behalf of other system users.	The workflow cannot use impersonation.

1.2 ISV Extension Specification 1.2.1 Use of the CRM Web service

Place the CRM Web service URL into a configuration file (for example, put in an app. config file) so that the code is linked to the URL The changes are isolated

1.2.2 where plug-ins and custom workflow activities are stored

For plug-ins or custom workflow activities on disk, place the assembly in the <installdir>\server\bin\assembly folder.

1.2.3 customizing where a Web application or Web page is stored

For a custom Web Application or Web page, store the application or Web page in A custom directory on the CRM server and publish to IIS.

1.2.4 Create a new Web site extension CRM

Create a new Web site for your code in any of the following situations:

The application must be bound to a different domain, protocol, or port than the CRM application, or it must be running in a different application pool.

The application can exist independently and be accessed separately. For example, a portal that interacts with CRM as a server (using a Web service) should be hosted as a new site.

Applications always use Active Directory or integrated Windows Authentication (non- IFD) and do not need to consider cross-domain scripting issues. For example, an application interacts with a backend that uses a WEB service and also interacts with a CRM form. Pages hosted in an IFRAME contained by CRM applications that do not interact with CRM forms belong to this category.

1.3 Security Best Practices for business1.3.1 Security best Practices for developing server-side code

L Do not modify the CRM database in any way other than the SDK because it bypasses the CRM security model.

The plugin runs in the administrator context, and you should be aware that this code may access information that the logged-on user does not have permission to access.

• For workflow assemblies and plug-ins, avoid writing code that takes a long time to execute. It is important to note that plug-in code that registers for synchronous execution returns as short as possible.

If you want to replicate the CRM data in your own data store , you should be responsible for the security of your data. If you use a plug-in to transfer data, be sure to register the plug-in for execution after the core platform operation is complete. The security permission check for the logged-on user is performed during the core platform operation.

The rendering of data obtained from CRM may not be secure. Unsafe HTML tags may be inserted in the data .

L Follow the requirement not to access the SQL Server database directly through CRM Enterprise Manager . Not using the SDK may put you at risk of SQL injection.

For Internet -facing deployments, keep in mind that the security of the solution depends on the weakest link. When an application is exposed to the Internet, it faces security threats.

L Use only the languages that generate managed code for optimal security, prevent buffer overflows and exceptions, and so on.

1.3.2 Security best Practices for developing client code

Use Web resources whenever possible, instead of using pages that require server-side processing. If your requirements can only be met by server-side processing, install the custom Web page on a separate Web site. Set the trust level for your site accordingly, based on the trustworthiness in code security. This can reduce threats and other threats from cross-site scripting.

To improve security, make sure that you run your separate site with an account that is different from CRM. This account should have as few access rights as possible and cannot access the database directly. You can use a complex, non-expiring password because no one will be logged in to this account in addition to the application.

L Avoid using ActiveX controls because they have known security issues.

L Always use the modal confirmation dialog box when deleting records or applying sensitive changes, such as adding new users to security roles. This helps prevent technologies such as click Hijacking or interface spoofing vulnerabilities in which malicious developers might embed your pages in a seemingly secure page to persuade users to perform actions that reduce security or do not require data.

1.3.3 Best practices for customizing the security of your site

L Do not use anonymous access.

L Use integrated Windows authentication,NTLM, or Basic for Secure Sockets Layer (SSL) authentication.

If your site is on a different computer from CRM, use SSL to avoid sending unencrypted data over the network.

1.4 Best Performance Business Practices

Improve code performance with the following best practices

1.4.1 using multithreading

Adding thread support to an application can assign work to multiple CPUs. This recommendation assumes that you are running code on a multiprocessor system. For more information, see the "managed threading" article in theNET Framework Advanced Development Guide .

1.4.2 Use common methods

Use the following common methods instead of the Execute method and use them in conjunction with the corresponding message. Can improve code performance

Method	News
Create	Createrequest
Delete	Deleterequest
Update	Updaterequest
Retrieve	Retrieverequest
RetrieveMultiple	Retrievemultiplerequest

1.4.3 write a fast plug-in execution

Always write plug-ins that take the least time to perform scheduled tasks. For example, the Execute method is often handled in CRM . If you register a plug-in for this message, the plug-in will have a significant performance impact on the system. Because The plug-in executes every time the Execute method is processed.

If you want to perform the registration plug-in synchronously, it is recommended that it be designed to complete its operation within ten seconds. It is best to minimize the processing time of the plug-in to maintain the interactivity of client applications that are connected to the same organization service that executes the plug-in.

1.4.4 restricting the retrieved data

Retrieves the minimum amount of data required by the application when retrieving data from the server. You can do this by specifying a column set, which refers to the collection of entity properties to retrieve. For example, you should avoid using retrieveallentitiesrequest messages, specifying the Entityfilters property Entityfilters.all Entity filters to retrieve all metadata. Conversely, if you restrict the entity filter, or use one of the following messages, you may achieve better performance:retrieveentityrequest,retrieveoptionsetrequest ,retrieveattributerequest , or retrieverelationshiprequest.

1.4.5 restrict actions that cascade to related entities

When using the Update method or the updaterequest method, do not set the ownerid property on the record unless the owner has actually changed. When you set this property, changes typically cascade to related entities, which increases the time that is required to update the operation.

2 Project Development Phase2.0.1 Source Code Control

Source code generated during project development needs to be versioned using source code control tools. The work of source code control is done by the project technical leader.

2.0.1.1 What is covered by source code control:

1. CRM Custom extension source code;

2. CRM Custom extended workflow source code;

3. CRM customizes Web resources in the solution . including HTML page,JS Script and picture icon resources, etc.

4. Custom Web applications extended by ISVs;

2.0.1.2 recommendation and use of source code control tools

Please refer to Annex A.

2.0.2 Technical Documentation Specification

The source code generated during the project development process needs to have corresponding technical documentation.

Among them, the function development of the business module level needs to have the flowchart, the function point level development needs to have the function explanation.

2.0.3 Source Code Development Specification

To reduce project maintenance costs, reduce bugs in the code , and facilitate collaboration between teams. The development of the source code (. NET part) must comply with Microsoft's C#开发规范. Please refer to Annex B.

The source code is reviewed by the project technical person.

3 Project Delivery Phase3.0.1 Source code Delivery

The project delivery phase is checked by the project technical owner into the company's source control server for all source code for the project. Including:

1. CRM Custom extension source code;

2. CRM Custom extended workflow source code;

3. CRM customizes Web resources in the solution . including HTML page,JS Script and picture icon resources, etc.

4. Custom Web applications extended by ISVs;

Upload address:http://www.wicresoft.com/svn (after the company SVN Server is set up and then updated )

3.0.2 Technical Documentation Delivery

The project delivery phase is uploaded by the project technical owner to the company's SharePoint Document Management Server for all technical documentation for the project.

Upload address:http://www.wicresoft.com/SharePoint (after the company SharePoint server is set up and then updated)

4 Appendix A: 4.1 recommendation and use of source code control tools

5 Appendix B: 5.1 C # Code development Specification

Dynamics CRM Project Implementation Technical specification