Choose your path Increase your proficiency with the Dynamics 365 applications that you already use and learn more about the apps that interest you. Up your game with a learning path tailored to today's Dynamics 365 masterminds and designed to prepare you for industry-recognized Microsoft certifications.
Visit Microsoft Learn
2020 release wave 1Discover the latest updates and new features to Dynamics 365 planned through September 2020
Release overview guides and videos Release Plan | Preview 2020 Release Wave 1 TimelineWatch the 2020 Release Wave 1 virtual launch event
Ace your Dynamics 365 deployment with packaged services delivered by expert consultants. | Explore service offerings
Connect with the ISV success team on the latest roadmap, developer tool for AppSource certification, and ISV community engagements | ISV self-service portal
The FastTrack program is designed to help you accelerate your Dynamics 365 deployment with confidence.
FastTrack Program | Finance TechTalks | Customer Engagement TechTalks | Upcoming TechTalks
This may be the wrong place for this - please let me know if it is, and I'll post in a more appropriate location.
Can I flow the logged-in user credentials to a Web API that is running in my customer's tenant in Azure?
I'm building a Web API in Azure using .Net Core 2.1. I have a web app that will access this API, and plug-ins from various systems will access it as well - Dynamics AX, Dynamics CRM, Dynamics 365, etc. This application will be installed into the tenants of other customers. So the caller is the plug-in, not the other way around. The plug-ins will be installed into the customer's instance of the Dynamics systems.
Right now, the API is secured using Oath2, with a client ID/password - in other words, not using the credentials of the calling user. That's because I can't get the credentials of the user in an Oath2 form without requiring them to log in again.
Note that my team controls the web app and the plug-ins.
Is there any way, in a plugin like I mentioned above, where I can get the user's credentials in a way that I could pass to the API without requiring another login?
I would prefer to use AAD/OpenID because:
1) I really don't like the idea of a shared secret
2) we are thinking about allowing our customers to write to the API as well
3) My customer would like to enforce a 'Named User' licensing model. Right now, I'm relying on the plug-ins to send me the name of the user. If we allow #2, the customer could write code that always sends me the same name, bypassing the Named User licensing requirements.
All of the examples (for every plug-in type) show getting a token by using a shared secret.
You can better use the Azure forum to ask this question. This is not related to Microsoft Dynamics (as you already expected). azure.microsoft.com/.../community
Business Applications communities