Breaking news from around the world
Get the Bing + MSN extension
Now Available in Community - MBAS 2019 Presentation Videos
Catch the most popular sessions on demand and learn how Dynamics 365, Power BI, PowerApps, Microsoft Flow, and Excel are powering major transformations around the globe. | View Gallery
2019 release wave 2 Discover the latest updates to Dynamics 365Release overview guides and videos Release Plan | Early Access Availability
Ace your Dynamics 365 deployment with packaged services delivered by expert consultants. | Explore service offerings
Connect with the ISV success team on the latest roadmap, developer tool for AppSource certification, and ISV community engagements | ISV self-service portal
The FastTrack program is designed to help you accelerate your Dynamics 365 deployment with confidence.
FastTrack Program | Finance TechTalks | Customer Engagement TechTalks | Talent TechTalks | Upcoming TechTalks
What I've done so far was:
1) Adding an application in Azure Active Directory.
2) Adding Identity Provider with clientId and secret from point 1) to D365.
3) Adding application in D365 in Azure Active Directory applications form with user that has full system access.
4) Creating a test method for fetching an existing cart from RetailServer.
AuthenticationContext authenticationContext = new AuthenticationContext(tenantAuthority, false);
AuthenticationResult authResult = null;
authResult = await authenticationContext.AcquireTokenAsync(retailserverAddress, new ClientCredential(clientID, clientSecret));
ClientCredentialsToken clientCredentialsToken = new ClientCredentialsToken(authResult.AccessToken);
Microsoft.Dynamics.Commerce.RetailProxy.RetailServerContext retailServerContext = Microsoft.Dynamics.Commerce.RetailProxy.RetailServerContext.Create(new Uri(retailserverAddress + "/Commerce"), OUN, clientCredentialsToken);
managerFactory = Microsoft.Dynamics.Commerce.RetailProxy.ManagerFactory.Create(retailServerContext);
Microsoft.Dynamics.Commerce.RetailProxy.ICartManager cartManagerTest = managerFactory.GetManager<Microsoft.Dynamics.Commerce.RetailProxy.ICartManager>();
Microsoft.Dynamics.Commerce.RetailProxy.Cart cartFromProxy = await cartManagerTest.Read(cartWithLine.Id);
What is important is that I do not want to extend or modify CRT/RS/D365 code. Is there any way to achive this?
Right now all my calls seem to be made as anonymous and therefore fail to be executed even when Azure Active Directory application user has full access.
An exception of type: 'Microsoft.Dynamics.Commerce.Runtime.UserAuthorizationException' occurred while executing Microsoft.Dynamics.Commerce.Runtime.Services.Messages.CheckAccessServiceRequest request by Microsoft.Dynamics.Commerce.Runtime.Services.UserAuthenticationService. Error resource id: 'Microsoft_Dynamics_Commerce_Runtime_AuthorizationFailed', Exception: Microsoft.Dynamics.Commerce.Runtime.UserAuthorizationException: Assigned role is not allowed to perform this operation.
at Microsoft.Dynamics.Commerce.Runtime.Services.CommerceAuthorization.CheckAccess(ICommercePrincipal principal, RetailOperation operationId, RequestContext context, String allowedRoles, Boolean deviceTokenRequired, Boolean nonDrawerOperationCheckRequired)
at Microsoft.Dynamics.Commerce.Runtime.Services.UserAuthenticationService.CheckAccess(CheckAccessServiceRequest request)
at Microsoft.Dynamics.Commerce.Runtime.Services.UserAuthenticationService.Execute(Request request)
at Microsoft.Dynamics.Commerce.Runtime.CommerceRuntime.Execute[TResponse](Request request, RequestContext context, IRequestHandler handler, Boolean skipRequestTriggers).
I would greatly appreciate any help as I refuse to believe that this is impossible.
Retail Server supports Service to Service authentication, it is described in
Support for Service to Service authentication in Retail Server
>… What is important is that I do not want to extend or modify CRT/RS/D365 code. Is there any way to achive this? ...
Retail Server exposes many but not all operations for Service to Service authentication, if the ones you need are not available for that type of authentication you should create an extension and use proper CommerceAuthorization attribute in your controller's method, there is no any other way.
Business Applications communities