You’re offline. This is a read only version of the page.
15
Problem:
How to set up oauth authentication for on-prem multitenant solution web services?
I tried the example from microsoft documentation -> Using OAuth to Authorize Business Central Web Services. It did not work with Visual Studio 2017 and 2019 and it is not describing how to do it for the multitenant environment.
We have different environment already set up and the web client is working fine with AccessControl credential type. We use one service instance for multiple tenants not service instance per tenant.
I did register my console app as described in the documentation (although the documentation looks already old, because the steps are not exactly the same in the Azure Portal anymore).
I did manage to get the bearer token using Postman, but I am not able to call standard Chart of Accounts OdataV4 rest web service.
I receive an error message:
Hi Jaan,
Would you be so kind as to share your scripts? I'm trying to set up AAD authentication to our on-prem BC from our third party middleware solution but am running into this issue. Looking for any clues to narrow down where the issue might be.
Thanks in advance!
Cheers
Great work and thank you for offering to share the scripts.
Hi Jakob,
I managed to get web services with OAuth working with BC 17.1.
These 2 blog posts were helpful.
I have also Powershell scripts to ease the setup.
I did not test it with multitenant environment, but I am quite sure it will work, if you manage to do the app registration and service instance setup correctly.
you can send me email if you are interested in the scripts.
Hi Jaan,
just wanted to let you know that we are having the exact same issue. I didn't find your post before so I created my own:
community.dynamics.com/.../odata-access-using-aad-oauth-tokens-on-bc14-onprem
We also have a support ticket running with Microsoft.
@Marco If it helps, you can close my request and link to this post (but keep the post for documentation)
Hi Jaan,
I'm facing the same issue in BC17.6. It has something to do with the scope that you include in the token-generation, but I can't figure out the correct one, nor if we need to create one in the Azure App Registration There's a support ticket running at MS but no solution yet. Did you manage to get it working?
Hello,
You may want to test the scenario with BC170 instead of BC140 to see if it does work there. For some of the functionality in BC140, OAUTH support is not yet added. In December CU there is support for OAUTH in V170.
Thanks.
I did not manage to the single tenant scenario also working as described in the microsoft documenation. I received the same error message.
in our case the tenant is appended in the end of the url. -> nav.domain.com:port/.../Company('Cronus AG')/Chart_of_Accounts?tenant=tenant1 (or tenant2)
And I am quite sure it is not the problem with the url, because it works with basic authentication (username and web service access key) with exactly the same configuration.
If we do not find any solution for the OAuth issue, then we have to go for the basic authentication, but we would like to use the state of the art authentication mechanism if it is actually supported.
There are very well documented example for the AppSource version of business central, but it does not help us either.
Hello,
Does it work with a single tenant and BC140. If yes, then use a rewrite rule so that the url becomes:
nav.domain.com:port/.../Services or nav.domain.com:port/.../
...where nav...is the alternate ID stamped on the tenant.
Thanks.
#1
Sohail Ahmed
1,063
#2
YUN ZHU
1,002
Super User 2025 Season 1
#3
Mansi Soni
780
Share
Report
All responses (
Answers (
