Authorization of ANY Type - Please Help!

(0) Share

Report

Posted on by HPC Keith

I have had nothing but issues when trying to develop my application to connect to D365 Business Central. I have absolutely no issue connecting to our various environments via PostMan, but replicating that in C# doesn't seem to work. I have read every document on the Microsoft Docs site related to authenticating (Open, Basic, etc.) and none of them are up-to-date. None of them address the issue of someone attempting to create an application (let's say something simple like a console application) and have it connect to the D365 BC ODATA services. The only documentation I could find was for a locally-hosted instance. When you attempt to add a connected service in VS2019 for D365, it returns a 401 Unauthorized.

Can anyone show me documentation on any authentication method for a web service to connect to D365 Business Central without user interaction? This will be for development and production use, so whatever is suggested has to work for both.

Categories:

Dynamics 365 Business Central

All responses (8)

Answers (1)

ajkauffmann 117 on at

Like (3)

Report

RE: Authorization of ANY Type - Please Help!

Deprecation of basic authentication has been postponed, it will be supported until 2022 wave 1. See also www.kauffmann.nl/.../

If you can work with user interaction, then you can definitely go with OAuth. If the application needs to run without user interaction, then use basic auth for now, and wait for Microsoft to enable the OAuth client credentials flow. That should happen before basic auth is deprecated.
Verified answer

Daniel Goehler on at

Like (3)

Report
RE: Authorization of ANY Type - Please Help!

Thank you. Don't worry Basic Auth will remain until April 2022 (BC 2022 Wave 1): https://docs.microsoft.com/en-us/dynamics365/business-central/dev-itpro/upgrade/deprecated-features-w1#accesskeys

Microsoft postponed this because currently there is no other service-to-service communication possible right now.

I can provide a ready to go example for Basic Auth.

<TenantId>, <Username> (without @domain) and <WebServiceKey> (from the User Card in BC) as well as the company name or company guid should be replaced. I still no quite sure, so I added an API Url and an OData V4 Url:

using System; using System.IO; using System.Net; namespace ConsoleApp { class Program { static void Main(string[] args) { //Uri restUri = new Uri(@"https://api.businesscentral.dynamics.com/v2.0//Sandbox/ODataV4/Company('CRONUS DE')/TopCustomerOverview"); //Odata V4 Uri restUri = new Uri("https://api.businesscentral.dynamics.com/v2.0//Sandbox/api/v2.0/companies(d6a06f5d-0d04-473a-9edb-b79a792d84aa)/customers"); // Business Central API HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create(restUri); NetworkCredential credential = new NetworkCredential("", ""); CredentialCache credentialCache = new CredentialCache { { restUri, "Basic", credential } }; request.PreAuthenticate = true; request.Credentials = credentialCache; try { WebResponse webResponse = request.GetResponse(); using (Stream webStream = webResponse.GetResponseStream() ?? Stream.Null) using (StreamReader responseReader = new StreamReader(webStream)) { string response = responseReader.ReadToEnd(); Console.Out.WriteLine(response); } } catch (Exception e) { Console.Out.WriteLine("-----------------"); Console.Out.WriteLine(e.Message); } } } }

Regarding OAuth: You should been able to remove request.PreAuthenticate = true; and request.Credentials = credentialCache; and add request.Headers.Add("Authorization", authenticationResult.CreateAuthorizationHeader()); as well as the rest from https://docs.microsoft.com/en-us/dynamics365/business-central/dev-itpro/webservices/authenticate-web-services-using-oauth#add-code-to-console-application.

Let me know if you have more questions.
HPC Keith 85 on at

Like (1)

Report

RE: Authorization of ANY Type - Please Help!

Thank you Daniel for the response. We are using cloud hosted by Microsoft (D365), so we should be forced to use OAuth in the foreseeable future since Basic authentication will not be supported sometime this year. Any help with that would be greatly appreciated.
HPC Keith 85 on at

Like (0)

Report

RE: Authorization of ANY Type - Please Help!

Basic authentication will no longer be available later this year. No point is implementing something that will be short-lived. But thank you for the response.
HPC Keith 85 on at

Like (0)

Report

RE: Authorization of ANY Type - Please Help!

I can do that and I have and yes, it works. BUT, that uses basic authentication which is not supported and will be deprecated sometime this year. So, according to the documentation, since our instance is cloud, we need to go with OAuth. I have yet to make any OAuth code work. If you know of a resource that could help me connect, that would be great.
Suggested answer

ajkauffmann 117 on at

Like (3)

Report

RE: Authorization of ANY Type - Please Help!

Skipping the discussion about which is better to use, OData endpoint or API endpoint....

In VS Code, when you add an OData Connected Service, you need to provide credentials if the service requires that.

This is not very clear, documentation can be found here: docs.microsoft.com/.../accessing-endpoints-with-auth

In this case, the best option is to use basic authentication.

To do this, follow these steps:

1. From the user card in BC, get the username (the part before the domain name) and the web service access key.

2. Put them together with a colon in between: <username>:<web service access key>

3. Base64 encode this string. I use https://www.base64encode.org/ for this

4. In Visual Studio, in the Configure endpoint page, specify this address: (with https before it, left out because of automatic formatting)

api.businesscentral.dynamics.com/v2.0/[tenant]/[environment]/ODataV4/$metadata

whereas [tenant] = domain name of the user and [environment] = production or sandbox or any other named environment.

5. Select "Include Custom Http Headers"

6. Add this header:

Authorization: Basic <base64 encoded string from step 3>

And click Next.

Now you should get to the next page where you can select which webservice(s) you want to use.
Daniel Goehler on at

Like (1)

Report

RE: Authorization of ANY Type - Please Help!

Hmm, Business Central has serval versions, four Web Service APIs (SOAP, OData V3, OData V4 and an API [from API Pages]) and two deployment types OnPrem (or Self Hosted Private Cloud) and Cloud (Hosted by Microsoft). Depending on deployment type there are different authorization types like Basic, Windows and OAuth for an OnPrem and Basic (available till Wave 1 2020) and OAuth for Cloud. Could you be more specific?
Suggested answer

Sergisoft 20 on at

Like (3)

Report

RE: Authorization of ANY Type - Please Help!

Have yout tried using the "Code" option on Postman and then select C# - RestSharp?

It generates code based on the call that works on Postman, so you should have no issues: