web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Small and medium business | Business Central, N... / BC 14 Onprem multitena...
Small and medium business | Business Central, N...
Answered

BC 14 Onprem multitenant oauth for web services

(1) ShareShare
ReportReport
Posted on by Jaan 15

Problem: 

How to set up oauth authentication for on-prem multitenant solution web services?

I tried the example from microsoft documentation -> Using OAuth to Authorize Business Central Web Services. It did not work with Visual Studio 2017 and 2019 and it is not describing how to do it for the multitenant environment.

We have different environment already set up and the web client is working fine with AccessControl credential type. We use one service instance for multiple tenants not service instance per tenant.

I did register my console app as described in the documentation (although the documentation looks already old, because the steps are not exactly the same in the Azure Portal anymore).

I did manage to get the bearer token using Postman, but I am not able to call standard Chart of Accounts OdataV4 rest web service.

I receive an error message:

DX10231: Audience validation failed. Delegate returned false, securitytoken: '[PII is hidden]'
I have a feeling, that the issue is related to console app registration and permissions delegation to the business central server app registered in Azure.
Has somebody done something like this?
I have the same question (0)
  • Suggested answer
    Marco Mels Profile Picture
    Marco Mels on at

    Hello,

    Does it work with a single tenant and BC140. If yes, then use a rewrite rule so that the url becomes:

    nav.domain.com:port/.../Services or nav.domain.com:port/.../

    ...where nav...is the alternate ID stamped on the tenant.

    Thanks.

  • Jaan Profile Picture
    Jaan 15 on at

    I did not manage to the single tenant scenario also working as described in the microsoft documenation. I received the same error message.

    in our case the tenant is appended in the end of the url. -> nav.domain.com:port/.../Company('Cronus AG')/Chart_of_Accounts?tenant=tenant1 (or tenant2)

    And I am quite sure it is not the problem with the url, because it works with basic authentication (username and web service access key) with exactly the same configuration.

    If we do not find any solution for the OAuth issue, then we have to go for the basic authentication, but we would like to use the state of the art authentication mechanism if it is actually supported.

    There are very well documented example for the AppSource version of business central, but it does not help us either.

  • Verified answer
    Marco Mels Profile Picture
    Marco Mels on at

    Hello,

    You may want to test the scenario with BC170 instead of BC140 to see if it does work there. For some of the functionality in BC140, OAUTH support is not yet added. In December CU there is support for OAUTH in V170.

    Thanks.

  • Benny Van Lyssebettens Profile Picture
    Benny Van Lyssebettens 35 on at

    Hi Jaan,

    I'm facing the same issue in BC17.6. It has something to do with the scope that you include in the token-generation, but I can't figure out the correct one, nor if we need to create one in the Azure App Registration There's a support ticket running at MS but no solution yet. Did you manage to get it working?

  • Jakob Theiner Profile Picture
    Jakob Theiner 52 on at

    Hi Jaan,

    just wanted to let you know that we are having the exact same issue. I didn't find your post before so I created my own:

    community.dynamics.com/.../odata-access-using-aad-oauth-tokens-on-bc14-onprem

    We also have a support ticket running with Microsoft.

    @Marco If it helps, you can close my request and link to this post (but keep the post for documentation)

  • Jaan Profile Picture
    Jaan 15 on at

    Hi Jakob,

    I managed to get web services with OAuth working with BC 17.1.

    www.1clickfactory.com/.../

    www.1clickfactory.com/.../

    These 2 blog posts were helpful.

    I have also Powershell scripts to ease the setup.

    I did not test it with multitenant environment, but I am quite sure it will work, if you manage to do the app registration and service instance setup correctly.

    you can send me email if you are interested in the scripts.

  • Verified answer
    Marco Mels Profile Picture
    Marco Mels on at

    Great work and thank you for offering to share the scripts.

  • Jaan Profile Picture
    Jaan 15 on at

    @Jakob and @Benny: I sent you a private message with the scripts.

  • Mathew_cooper Profile Picture
    Mathew_cooper 5 on at

    Hi Jaan,

    Would you be so kind as to share your scripts? I'm trying to set up AAD authentication to our on-prem BC from our third party middleware solution but am running into this issue. Looking for any clues to narrow down where the issue might be.

    Thanks in advance!

    Cheers

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Small and medium business | Business Central, NAV, RMS

#1
OussamaSabbouh Profile Picture

OussamaSabbouh 3,229

#2
Jainam M. Kothari Profile Picture

Jainam M. Kothari 1,867 Super User 2025 Season 2

#3
YUN ZHU Profile Picture

YUN ZHU 1,153 Super User 2025 Season 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans