CRM3 – IFrame prompting for credentials

I had a problem today where new CRM IFrame customisations on various entities were prompting for additional security. The IFrame’s source pages were part of the same CRM site and only used integrated windows authentication in IIS snap-in console. Another symptom was that the pages IE security zone was “Unknown Zone (Mixed)”. Searching the news groups I could see other user have had this issue and that the IFrame has the security="restricted" attribute, this forces IE to re-authenticate the IFrame page for windows security even thought Windows Authentication is being used.

The solution was to un-tick the default setting “restrict cross-frame scripting” in each of the CRM IFrame customizations, this resolved the issue and I once again had happy users, phew!

According to the Working with Microsoft Dynamics CRM 3.0 book (page 455) this setting also does the following:
· Restricts JavaScript and VBScript from executing on the IFrame page
· All hyper links will open in a new browser window

References:
IFrame attributes used with Microsoft CRM
IFrame Security Attribute