Sign In not working

Jun 3, 2010 at 1:48 PM

I have successfully imported and created the new Portal.

I can use the Contact Us page to create a new lead etc.

I have also registred my domain with Live Services.

When I sign in using a Live Id, it successfully passes the appid to live services.

Once I sign it it redirects me back to the Portal.

However, the user is not actually "signed in" and if I click on Cases / Knowledgebase / Service, it prompts me to sign-in again!

Any ideas?

Jun 3, 2010 at 4:36 PM

Please read the documentation on how to provision / invite a user to sign in with Live ID.  A decision was made to ship the portal with the most secure mechanism we could build, so we implemented an invitation model with a challenge/response mechanism.  This requires that the user receive an invitation email and follow the sign-in link on the email.  The user can't just sign in with Live ID and have access to the portal without going through this on-boarding process.  Welcome to the complex world of Live ID....  The good news is that the process is documented in the portal documentation.  You can also adjust the site code to implement your own signup process.  For example, the website does not require the invitation / challenge-response mechanism to get signed up.

Shan McArthur

Jun 3, 2010 at 4:42 PM


Appreciate the reply...I did follow the instructions:

- generated Invitation code

- saved contact record

- launched URL:

- logged into Live

Unfortunately, I get the same just redirects back to my site but I'm not actually 'signed in'

Am I missing a step?

Jun 3, 2010 at 4:51 PM


My apologies, I hadn't set the Password question / Password answer fields!

Thanks for steering me in the right direction

The Portal is fantastic by the way! 10/10

Jun 3, 2010 at 5:01 PM

That is a good start.  Did you set up a security question and answer?

The other thing that could be complicating things is that the Live Id authentication handler registered in the web.config has to match the return url that you have registered in the Live ID portal.  There was a small error in the documentation that said to use live.axd as the return url, but the web.config registered the handler as LiveID.axd.  Please confirm that the return url goes to the handler.


Jun 3, 2010 at 10:26 PM


I've installed and configured the Partner Portal today, i've had many issues on the way, but finally the crm customizations and the web portal are set up.  the current issue is that i cannot log in using WLID, i've created invitations, sent by email (also there's an issue, because the emails don't get delivered) when i click the link for log into the portal, it shows me the following message:

Configuration Error

Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.

Parser Error Message: The remote name could not be resolved: ''

Source Error:

Line 53: 		<roleManager enabled="true" defaultProvider="CrmRoleProvider">
Line 54: 			<providers>
Line 55: 				<add name="CrmRoleProvider" type="Microsoft.Xrm.Portal.Web.Security.CrmContactRoleProvider" crmDataContextName="Xrm"/>
Line 56: 			</providers>
Line 57: 		</roleManager>

Source File: C:\Inetpub\wwwroot\partnerportal\web.config    Line: 55

Any suggestions please?

I've already fixed the liveid handler for "LiveID.axd", i've registered on live services.. and i don't know what still missing.,

thank you.

Jun 4, 2010 at 12:10 AM

 Never mind, I've fixed the issue.

It works perfect (unless the email invitation, it does not send from CRM). :)


Jun 4, 2010 at 1:11 AM

Glad you could get it working.  I assume that the connection string for CRM was not set up properly.  On the question of email deliver, the email is a CRM workflow and will only be delivered via the CRM email router or via a user having the outlook client installed.  This is not portal specific, but standard CRM configuration.


Jun 8, 2010 at 12:37 AM

Hi, I have the ePortal installed and running fine on a CRM VPC behind corporate firewall.  However I cannot compete the registration process due to an error in the SiteContectModule.GetClientURL method. 

To get the ePortal to work with liveID we had to set up some firewall rules to redirect from an external domain name (registered with LiveID) to the IP address of my VPC ePortal. We also needed to add rules to HTTP filter on the ISA server.  

The error I get is when I complete the security question, so at this point I have been successfully redirected back from LiveID after accepting the CRM generated invite and logging into LiveId.   The error is a SecurityException that Request URL host and server internal redirect do not match.  My guess is that the SiteContextModule.GetClientURL method gets the local host name (in this case the IP address of the VPC) and tries to redirect the page from the current page with external domain name. 

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[SecurityException: Request URL host "" and server internal redirect URL host "" do not match.]
   Microsoft.Xrm.Portal.Web.SiteContextModule.GetClientUrl(HttpContext context) +662
   Microsoft.Xrm.Portal.Web.SiteContextModule.RewritePath(Object sender, EventArgs args) +105
   System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +68
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75

Since the SiteContextModule is a bit of a "black box" I'm unsure of what to do from here.  I could try to elevate the application permissions but unsure of how this should be done and what permissions to change.  




Jun 8, 2010 at 12:44 AM

You should not use ISA to change the url or redirect the user.  The key is name resolution, not extra firewall configuration.  If your website is registered with Live ID as, simply add a host entry on the demo VPC to point that dns name to, or use the DNS and create a zone to do the same.  You will not be able to use Live ID with an IP address - it requires a domain name (although that domain name doesn't actually have to be real).  For my VPC, I typically use instead of a live domain name.

I am also putting the final touches on some documentation for getting the Customer Portal functioning on the demo VPC with no internet connectivity.  Stay tuned.

In the meantime, I recommend that you fix up your host headers on your machine and remove the ISA rule you have deployed.

Shan McArthur

Jun 8, 2010 at 3:29 AM

OK! I see.  I removed the ISA rules added a DNS entry to the registered domain name in my hosts file.  I have internet access on my VPC via a proxy server so I also added an entry under IE proxy settings to bypass the proxy server for that address.

This all works now.

Cheers Shan



Jun 8, 2010 at 5:43 AM

I just published an article on how to use an Active Directory membership provider with the portal so that you can run the portal in a demo VPC environment without internet access.  Check out this thread for more information.

Shan McArthur