By-Pass Custom Plugin Dynamics CRM

Introduction

 
During the implementation of projects in Dynamics CRM, developers need to fulfill multiple business requirements and flows through custom logics by implementing PLUGINS. For example, let’s say we need to implement a functionality of Auto Number implementation, for which developer will register a plugin over the creation of record for the entity.

Now, this plugin will be triggered everytime a record is created irrespective of the trigger point, which means, whather a record is created through user Interface: Model Driven App : Canvas App or through a Custom Code.

Post implementation of project, data migration is one of the critical activities which needs to be performed which includes multiple steps including data cleaning and data loading in the application through custom code. Since existing records have predefined numbers we need to disable our custom logic to ensure that the system should not generate a new number or overwrite the existing auto number through our custom logic.
 

Code Implementation

 
As a part of the demo, we have registered a plugin over the creation of lead entity which will be triggered over the creation of the record, and since it’s a dummy implementation I have returned a InvalidPluginExecutionexception which will throw a custom error message every time we try to create a lead record.
 
Code
  1. if (context.InputParameters.Contains("Target") && context.InputParameters["Target"] is Entity) {  
  2.     Entity entity = (Entity) context.InputParameters["Target"];  
  3.     IOrganizationServiceFactory serviceFactory = (IOrganizationServiceFactory) serviceProvider.GetService(typeof(IOrganizationServiceFactory));  
  4.     IOrganizationService service = serviceFactory.CreateOrganizationService(context.UserId);  
  5.     try {  
  6.         throw new InvalidPluginExecutionException("Plugin Exception");  
  7.     } catch (Exception ex) {  
  8.         tracingService.Trace("FollowUpPlugin: {0}", ex.ToString());  
  9.         throw;  
  10.     }  
  11. }  

Solution to Problem

 
During one of the implementations wherein we needed to upload records to multiple entities we have decided to go for development of console apps, and since we have multiple plugins over multiple entities we were facing challenges since deactivating those would add more effort. We need to keep track of what has been disabled and who has disabled the same.
 
During analysis, we figured out a unique way to bypass the plugins by harnessing the power of CreateRequest Message which has a unique property of “BypassCustomPluginExecution”.

The property is not listed in any of the SDK Documents and needs a System Admin role to execute in Console app as a unique role has been attached to same “prvBypassCustomPlugins privilege”.
 
We tried searching for the role under security roles and permissions section but no luck  -- probably Microsoft has kept it as a secret at their end.
 
Code to ByPassCustomPlugin
  1. try {  
  2.     if (service != null) {  
  3.         Entity x = new Entity("lead");  
  4.         x["subject"] = "Created through Console App Plugin Bypass";  
  5.         CreateRequest createEnt = new CreateRequest();  
  6.         createEnt.Parameters["BypassCustomPluginExecution"] = true;  
  7.         createEnt.Target = x;  
  8.         service.Execute(createEnt);  
  9.     }  
  10. catch (Exception ex) {  
  11.     Console.Write(ex.ToString());  
  12. }