web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Finance | Project Operations, Human Resources, ... / QueryService throws &q...
Finance | Project Operations, Human Resources, ...
Suggested Answer

QueryService throws "No Security Token Exception" though a token was acquired

(0) ShareShare
ReportReport
Posted on by HoangHA 10

Hi,

Following the SoapConsole application on https://github.com/microsoft/Dynamics-AX-Integration, I was able to configure and successfully get data from the UserSessionService. However, as I tried to adapt the source code to call the QueryService, it throws an UnauthorizedAccessException

Here's the sampled routine that I wrote:

static void Main(string[] args)
{
    // Confirmed to work using by both debugging and successfully call UserSessionService
    string token = OAuthHelper.GetAuthenticationHeaderWithSecret();
    var binding = new BasicHttpBinding(BasicHttpSecurityMode.Transport); 
    var queryClient = new QueryServiceClient(binding, new EndpointAddress(OAuthHelper.soapQueryServiceEndpoint));
    var channel = queryClient.InnerChannel;

    DataSet dataSet;
    Paging paging = null;
    using (OperationContextScope operationContextScope = new OperationContextScope(channel)){
        HttpRequestMessageProperty httpRequestMessage = new HttpRequestMessageProperty();
        httpRequestMessage.Headers.Add(OAuthHelper.oauthHeader, token);
        OperationContext.Current.OutgoingMessageProperties[HttpRequestMessageProperty.Name] = httpRequestMessage;

        /* Next line throws:
        System.ServiceModel.FaultException
        HResult=0x80131501
        Message=Fault was thrown by the service for request 00000000-0000-0000-0000-000000000000. Exception details:
        Type: System.UnauthorizedAccessException
            Message: No security token is provided in request
        Source=mscorlib
        StackTrace:
            at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
            at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
            at QueryServiceTest.QueryServiceRef.IQueryService.ExecuteStaticQuery(ExecuteStaticQueryRequest request)
            at QueryServiceTest.Program.Main(String[] args) in C:\Users\Administrator\source\repos\QueryServiceTest\QueryServiceTest\Program.cs:line 42
        */

        ExecuteStaticQueryResponse resp = ((IQueryService)channel).ExecuteStaticQuery(new ExecuteStaticQueryRequest("CusTable", paging));

        dataSet = resp.ExecuteStaticQueryResult;

    }    /* Next do things with DataSet returned by the query ...*/

}

Can anyone tell me what I did wrong? I'm using the OneBox VM for testing

I have the same question (0)
  • mhdshb1 Profile Picture
    mhdshb1 1,250 on at

    Hi,

    Make sure the username, password,ActiveDirectoryTenant are correct in the ClientConfiguration class under AuthenticationUtility.

    and the username have the correct security roles. Since it is for development add system administrator security role.

     public static ClientConfiguration OneBox = new ClientConfiguration()
        {
            // You only need to populate this section if you are logging on via a native app. For Service to Service scenarios in which you e.g. use a service principal you don't need that.
            UriString = "https://usnconeboxax1aos.cloud.onebox.dynamics.com/",
            UserName = "XXXXXX",            
            // Insert the correct password here for the actual test.
            Password = "XXXXX",

            // You need this only if you logon via service principal using a client secret. See: https://docs.microsoft.com/en-us/dynamics365/unified-operations/dev-itpro/data-entities/services-home-page to get more data on how to populate those fields.
            // You can find that under AAD in the azure portal
            ActiveDirectoryResource = "https://usnconeboxax1aos.cloud.onebox.dynamics.com", // Don't have a trailing "/". Note: Some of the sample code handles that issue.
            ActiveDirectoryTenant = "https://login.microsoftonline.com/XXXX", // Some samples: https://login.windows.net/yourtenant.onmicrosoft.com, https://login.windows.net/microsoft.com
            ActiveDirectoryClientAppId = "XXXXXX",
            // Insert here the application secret when authenticate with AAD by the application
            ActiveDirectoryClientAppSecret = "",

            // Change TLS version of HTTP request from the client here
            // Ex: TLSVersion = "1.2"
            // Leave it empty if want to use the default version
            TLSVersion = "",
        };

    Regards,

    M

  • HoangHA Profile Picture
    HoangHA 10 on at

    Hi M, thanks for your reply

    Maybe I was not very clear with my prior post as I'm using the VM for D365 F&O. The authentication flow using username and password for this version requires an interactive OAuth session, which is only supported by later version of the ADAL library, not the one provided with the project. As such, I'm using the service principal flow using the app secret. The successful attempt at calling the UserSessionService showed that I correctly delegated admin permission to the client app using said secret so I suspect the token was not assigned correctly to the client somehow. I would love it if you can give me an example even with the username/password flow.

    Best regards

  • Suggested answer
    HoangHA Profile Picture
    HoangHA 10 on at

    After going through the documentation from Microsoft again at docs.microsoft.com/.../services-home-page, I have determined that it is impossible to call this the SOAP-based query  using the method outlined in the integration example. Said method would only work for custom SOAP Services.

  • Suggested answer
    mhdshb1 Profile Picture
    mhdshb1 1,250 on at

    Hi,

    Oh so you customized the OAuthHelper and added GetAuthenticationHeaderWithSecret ? 

    Yeah so soap based query service has been replaced by Odata as mentioned in https://docs.microsoft.com/en-us/dynamics365/fin-ops-core/dev-itpro/data-entities/services-home-page#list-of-services

    You can check the ODataConsoleApplication 

    Regards,

    M

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Finance | Project Operations, Human Resources, AX, GP, SL

#1
Martin Dráb Profile Picture

Martin Dráb 451 Most Valuable Professional

#2
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 428 Super User 2025 Season 2

#3
BillurSamdancioglu Profile Picture

BillurSamdancioglu 239 Most Valuable Professional

Last 30 days Overall leaderboard

Featured topics

End-of-life Announcement for Microsoft Dynamics GP

Product updates

Dynamics 365 release plans