web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / ADFS, IFD/on premise: ...
Microsoft Dynamics CRM (Archived)

ADFS, IFD/on premise: How to access Dynamics oData REST endpoint, after authenticating using SOAP, passing cookies

(0) ShareShare
ReportReport
Posted on by Community Member

I've been trying for days to authenticate to my Dynamics IFD/on-premise back-end, secured by ADFS. You can read all about it here. With great help from Jason Lattimer I was able to authenticate.

Which means now I can send along a SOAP security header to all my SOAP requests. The problem is, I need to use the oData REST endpoint.

I read here that you can " ... use the HttpWebRequest class to perform SOAP requests to perform the authentication part of this integration ...  " and "Once you get authenticated and obtain the cookies you are free to fire REST calls off by simply providing the cookies along with the request."

Well, I am using Java, not .NET but I assumed the premise is the same. So with HttpClient I grab the cookies from the WhoAmI request (the first request, asking for a security token, doesn't return any cookies) and re-send them to an oData call. And it doesn't work, I get the login page. I think it's because there is only 1 cookie present, ReqClientId.

When you do a normal login to Dynamics in the browser, I've noticed that there are 4 cookies present:

  • MSISAuth
  • MSISAuth1
  • ReqClientId
  • MSISSignOut

I suppose the problem is, I need the MSISAuth cookies. Perhaps I'm wrong. But they are not returned. Is there any way to get them, apart from doing a browser login?

Alternatively I'd love to use oAuth instead of SOAP to perform authentication. But I'm not sure how to go about it or if it's even possible. I've seen on the net that it is, but so far haven't seen and good code examples, it's all very theoretical and abstract.

 

*This post is locked for comments

I have the same question (0)
  • Community Member Profile Picture
    Community Member on at

    I've been trying to that for a few days now and it appears to me that you simply CAN'T access the OData endpoint using a simple token from the OAuth authentication. Your approach of doing SOAP authentication and passing in cookies seems to be the last resort for now. I'm using an online instance and a mix of Scala/Java/cURL.

  • Community Member Profile Picture
    Community Member on at

    Did you find a solution to your problem? I am in the same boat !!

  • Community Member Profile Picture
    Community Member on at

    Nope, sure didn't. In the end the client decided to make some rest endpoints (developed in .Net) available to us, which in turn access the Dynamics back end. Much simpler for them because they are using .Net. Much simpler for us because we no longer have to try accessing Dynamics directly via ADFS.

    Sorry I can't be of more help. I sincerely don't know if a solution even exists.

  • Community Member Profile Picture
    Community Member on at

    Thanks for replying. We actually found the solution. We have split the process into two parts. One part gets a kerberos ticket and calls the IP for the security token. It then takes the response token and gets the MSIAuth session cookies from the RP. Then we save this cookie in a cookie store and reuse it when ever we have to make a call to CRM.

  • Community Member Profile Picture
    Community Member on at

    Wow. Kerberos? But this is all still using ADFS right? And oAuth?

    It would be great if you could post all or part of your solution here. Might save many people (perhaps even me in the future) hours and hours of banging their heads against the wall.

  • Community Member Profile Picture
    Community Member on at

    I was hoping you might share how you managed to get a Rest Connection (odata) to Dynamics behind a ADFS WS-Fed authentication. I am able to do it by cheating a little, but it requires me to turn off CORS protection in the browser? Is that similar to what you are doing? I have provided the code for what i am doing and it can get it to work on most peoples computers. What yo are not seeing is how i collect the password. it shows as blank in this code. Please let me know if you are doing something similar.

    I am also using AngularJS, jQuery and AngularJS-MD as support libraries.

    function connectToDynamics(){
		var actions = [];
		$http.get('<My Root Web Site for Dynamics >').then(function (resp){
			var reference = $.parseHTML(resp.data);
			actions = $(reference).find('form');// Collecting the ADFS redirect link
			
		});
		
		//Auto Connect to Dynamics
		
		var ctx = {
			headers:{
				Accept: 'image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*'
				,'Content-Type': 'application/x-www-form-urlencoded'
				,'Access-Control-Allow-Origin' : '*'
			}
		};
		var userName = _spPageContextInfo.userLoginName;
		var passWord = '';
		$http.post(action[1].action,'UserName='+ userName +'&Password='+ encodeURIComponent( passWord ) +'&AuthMethod=FormsAuthentication',ctx).then(function(resp){ // This is posting to the ADFS with the User Name and password for Auth
			if (resp.data.search('!DOCTYPE') == (-1)){
				var xml = $.parseXML(resp.data);
				
				var action = $(xml).find("form")[0].attributes['action'].value;
				var wa,wresult,wctx;
				
				var inputs = $(xml).find("input");
				for (var i in inputs)
				{
					if (inputs[i].attributes != undefined){
						if (inputs[i].attributes['name'] != null){
							switch (inputs[i].attributes['name'].value){
								case "wa" : wa =  inputs[i].attributes['value'].value;break;
								case "wresult" : wresult =  inputs[i].attributes['value'].value;break;
								case "wctx" : wctx =  inputs[i].attributes['value'].value;break;
								default : break;
							}
						}
					}		  				
				}			
				$http.post(action, 'wa='+wa+'&wresult='+ encodeURIComponent(wresult)+'&wctx='+encodeURIComponent(wctx), ctx).then(function(resp){ // this is posting back all the WS Fed tokens so that i will get the final MSISAuth cookies that will allow me to access Dynamics from Sharepoint online (or any other XSS page)
					$scope.dynamicsDataReady = true;
				});
			}
			else{
				$scope.dynamicsDataReady = true;
			}
		});			
    }


Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
SA-08121319-0 Profile Picture

SA-08121319-0 4

#1
Calum MacFarlane Profile Picture

Calum MacFarlane 4

#3
Alex Fun Wei Jie Profile Picture

Alex Fun Wei Jie 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans