Sometimes we need to connect to a third party web service from a Plugin or Custom Workflow Activity, usually when the isolation mode is None we don’t have huge restrictions, however using the isolation mode as Sandbox, in there yes, we have huge restrictions but we can still have web access to third party web services. Below is an example from the CRM 2015 SDK.
Web Access for Isolated (sandboxed) Plug-ins
If you plan on registering your plug-in in the sandbox, you can still access Web addresses from your plug-in code. You can use any .NET Framework class in your plug-in code that provides Web access within the Web access restrictions outlined Plug-in isolation, trusts, and statistics. For example, the following plug-in code downloads a Web page.
// Download the target URI using a Web client. Any .NET class that uses the // HTTP or HTTPS protocols and a DNS lookup should work. using (WebClient client = new WebClient()) { byte responseBytes = client.DownloadData(webAddress); string response = Encoding.UTF8.GetString(responseBytes);
Security Note
For sandboxed plug-ins to be able to access external Web services, the server where the Sandbox Processing Service role is installed must be exposed to the Internet, and the account that the sandbox service runs under must have Internet access. Only outbound connections on ports 80 and 443 are required. Inbound connection access is not required. Use the Windows Firewall control panel to enable outbound connections for the Microsoft.Crm.Sandbox.WorkerProcess application located on the server in the %PROGRAMFILES%Microsoft Dynamics CRMServerbin folder.
Some enumerated restrictions: Sandboxed plug-ins and custom workflow activities can access the network through the HTTP and HTTPS protocols. This capability provides support for accessing popular web resources like social sites, news feeds, web services, and more. The following web access restrictions apply to this sandbox capability.
Only the HTTP and HTTPS protocols are allowed.
Access to localhost (loopback) is not permitted.
IP addresses cannot be used. You must use a named web address that requires DNS name resolution.
Anonymous authentication is supported and recommended. There is no provision for prompting the logged on user for credentials or saving those credentials.