web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / Authentication possibi...
Microsoft Dynamics CRM (Archived)

Authentication possibilties from plugins or activities code

(0) ShareShare
ReportReport
Posted on by SergeyT 310

Hi guys.

We are working on integrating CRM online with custom web api services. There is some quite sensitive data flying between them.

We use https and basic authentication with store credentials in custom configuration entity. We aren't really happy with storing credentials inside CRM for obvious security consideration.

What we would like to use is some oauth\jwt S2S approach from plugins\activities. Looks like MS has already some S2S token authentication for integration with Sharepoint, Exchange etc, but that S2S authentication isn't available for custom code.

There are plenty examples of how to use S2S auth to access CRM from custom services by registering application user in Azure AD. But I couldn't really find any way to acquire any token or identity inside plugins\activities code. Something like:

var tokenService = executionContext.GetExtension<ITokenService>();
var token = tokenService.GetOAuthToken();


On receiving side I would validate that token come from specific tenant Azure AD.

Could you share your experience for authenticating CRM calls in your custom services?

*This post is locked for comments

I have the same question (0)
  • Suggested answer
    PranavShroti Profile Picture
    PranavShroti 4,510 on at

    Hi

    We have done it in a little different way, using custom code which is hosted on Azure as web service.

    1. We have created Azure App for "AnyThing"

    2. Created Secret Key for the App

    3. Consuming App Id and Secret Key

    4. Creating HttpClient request

    5. Calling client.PostAsync method.

    Regards,

    Pranav

    If found useful, please mark the answer as verified

  • SergeyT Profile Picture
    SergeyT 310 on at

    >3. Consuming App Id and Secret Key

    Basically it sounds like you have hardcoded yours secrets into assembly. I don't like this approach for several reasons. Secrets must be checked in or stored in build configuration. Secrets are same for all environments, otherwise there are different build for different environments. Pluginassembly entity may be queried with content attribute and than easily disassembled.

    If you store your app id and secret key in entity usually it isn't secured enough. It should be allowed to read it only from SYSTEM user.

    But that brings us back to stored secret.

    In on-prem Dynamics 365 usually runs under service account who is service principal for Dynamics 365 services and we can manage permissions based on this.

    Can we get something like this using Dynamics 365 online and Azure AD and have specific principal inside plugins and activities? I see MS guys has that abilities for integration with their services. It would be great if they exposed that kind of service for ISV developers.

  • PranavShroti Profile Picture
    PranavShroti 4,510 on at

    I should have made myself clear in the first go.

    App Id and Secret are not hardcoded in assembly, thats not a good practice, what we have done is- kept these in a config file and they are getting picked up from there.

    Regards

    Pranav

  • pksorensen Profile Picture
    pksorensen 10 on at

    Hi Sergey - did you ever find a better solution. I am exploring the same my self.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Stars!

Meet the Microsoft Dynamics 365 Contact Center Champions

We are thrilled to have these Champions in our Community!

Congratulations to the March Top 10 Community Leaders

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
JS-09031509-0 Profile Picture

JS-09031509-0 3

#2
AS-17030037-0 Profile Picture

AS-17030037-0 2

#2
Mark Eckert Profile Picture

Mark Eckert 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans