{"id":2270,"date":"2016-05-21T10:19:38","date_gmt":"2016-05-21T10:19:38","guid":{"rendered":"http:\/\/himbap.com\/blog\/?p=2270"},"modified":"2016-05-21T10:19:38","modified_gmt":"2016-05-21T10:19:38","slug":"user-impersonation-using-web-api","status":"publish","type":"post","link":"https:\/\/himbap.com\/blog\/?p=2270","title":{"rendered":"User Impersonation using Web API"},"content":{"rendered":"<p>In this article we are going to provide sample code for impersonating user using Web API in Dynamics CRM 2016. Impersonation is a process where user A can execute some business logic on behalf of user B. To use impersonation both user should have privilege to perform the action. For example if user A wants to impersonate user B while creating account entity record, both user A and B should have create privileges on account entity. Also in addition to create privilege user A should have Act on <strong>Behalf of Another User<\/strong> privileges that can be set from <strong>Miscellaneous Privileges <\/strong>under <strong>Business Management <\/strong>tab in security role.<br \/>\n<a href=\"https:\/\/himbap.com\/blog\/wp-content\/uploads\/2016\/05\/impersonateuser.jpg\"><img decoding=\"async\" loading=\"lazy\" class=\" size-medium wp-image-2271 aligncenter\" src=\"https:\/\/himbap.com\/blog\/wp-content\/uploads\/2016\/05\/impersonateuser-300x109.jpg\" alt=\"impersonateuser\" width=\"300\" height=\"109\" srcset=\"https:\/\/himbap.com\/blog\/wp-content\/uploads\/2016\/05\/impersonateuser-300x109.jpg 300w, https:\/\/himbap.com\/blog\/wp-content\/uploads\/2016\/05\/impersonateuser.jpg 427w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p>To impersonate user using Web API, we can set request header like below:<\/p>\n<pre class=\"brush: jscript; title: ; notranslate\" title=\"\">\r\nrequest.setRequestHeader(&quot;MSCRMCallerID&quot;, &lt;&lt;GUID of the impersonated user&gt;&gt;);\r\n<\/pre>\n<p>Here is the complete code to impersonating user using Web API, we are impersonating user while creating account entity record:<\/p>\n<pre class=\"brush: jscript; title: ; notranslate\" title=\"\">\r\nfunction createAccount() {\r\n    var ImpersonatedUserID = &quot;1F7709D9-B31E-E611-80EC-4346BDDA181&quot;;\/\/replace GUID here\r\n    var serverURL = Xrm.Page.context.getClientUrl();\r\n    var account = {};\r\n    account[&quot;name&quot;] = &quot;Web API Impersonation Example&quot;;\r\n\r\n    var req = new XMLHttpRequest();\r\n    req.open(&quot;POST&quot;, serverURL + &quot;\/api\/data\/v8.0\/accounts&quot;, false);\r\n    req.setRequestHeader(&quot;Accept&quot;, &quot;application\/json&quot;);\r\n    req.setRequestHeader(&quot;Content-Type&quot;, &quot;application\/json; charset=utf-8&quot;);\r\n    req.setRequestHeader(&quot;OData-MaxVersion&quot;, &quot;4.0&quot;);\r\n    req.setRequestHeader(&quot;OData-Version&quot;, &quot;4.0&quot;);\r\n    req.setRequestHeader(&quot;MSCRMCallerID&quot;, ImpersonatedUserID);\r\n    req.onreadystatechange = function() {\r\n        if (this.readyState == 4 \/* complete *\/ ) {\r\n            req.onreadystatechange = null;\r\n            if (this.status == 204) {\r\n                var accountUri = this.getResponseHeader(&quot;OData-EntityId&quot;);\r\n                var ID = accountUri.substr(accountUri.length - 38).substring(1, 37); \/\/get only GUID\r\n                Xrm.Utility.openEntityForm(&quot;account&quot;, ID); \/\/Open newly created account record\r\n            } else {\r\n                var error = JSON.parse(this.response).error;\r\n                alert(error.message);\r\n            }\r\n        }\r\n    };\r\n    req.send(JSON.stringify(account));\r\n}\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>In this article we are going to provide sample code for impersonating user using Web API in Dynamics CRM 2016. Impersonation is a process where user A can execute some business logic on behalf of user B. To use impersonation both user should have privilege to perform the action. For example if user A wants to impersonate user B while&#8230; <a href=\"https:\/\/himbap.com\/blog\/?p=2270\">Read more &raquo;<\/a><\/p>\n","protected":false},"author":1,"featured_media":2271,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[275,296],"tags":[361,358,360,359],"_links":{"self":[{"href":"https:\/\/himbap.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2270"}],"collection":[{"href":"https:\/\/himbap.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/himbap.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/himbap.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/himbap.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2270"}],"version-history":[{"count":2,"href":"https:\/\/himbap.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2270\/revisions"}],"predecessor-version":[{"id":2273,"href":"https:\/\/himbap.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2270\/revisions\/2273"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/himbap.com\/blog\/index.php?rest_route=\/wp\/v2\/media\/2271"}],"wp:attachment":[{"href":"https:\/\/himbap.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2270"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/himbap.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2270"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/himbap.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2270"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}