2016 Web API OAuth Non-interactive Authentication

(1) Share

Report

Posted on by albernhagen

We are evaluating usage of Web API for our Dynamics CRM 2016 Online integrations. I am attempting to configure a local console application to interface with CRM data using the Web API with OAuth authentication. I have the authentication supposedly working (at least to get th e access token), but anytime I attempt to access data (via a Microsoft OData client or straight Web API HTTP requests), I always receive a 401, despite the inclusion of my access token in the authorization header. I have registered my application similarly to this guide using a trial instance of CRM Online:

http://mscrmshop.blogspot.in/2016/01/crm-web-api-and-cors-support.html

Below is my code (the last line with execute() receives the 401). Your help is appreciated. Thanks!

string resource = "https://myorganization.crm.dynamics.com"; 
string clientId = "guid of my client id defined in azure";

 string clientSecret = "secret value from azure";

 

 

 // Authenticate the registered application with Azure Active Directory.

 //  get this URL from azure directory endpoints modal

 AuthenticationContext authContext =

     new AuthenticationContext("https://login.microsoftonline.com/my tenant id guid", false);

 

 ClientCredential clientCredentials = new ClientCredential(clientId, clientSecret);

 AuthenticationResult authResult = authContext.AcquireToken(resource, clientCredentials);

 string accessToken = authResult.AccessToken;

 

 

 

 

 UnitTestProject2.Microsoft.Dynamics.CRM.System system = new Microsoft.Dynamics.CRM.System(new Uri("https://myorganization.api.crm.dynamics.com/api/data/v8.0/"));

 

 // Register to handle the SendingRequest event.

 // Note: If this must be done for every request to the data service, consider

 // registering for this event by overriding the OnContextCreated partial method in 

 // the entity container, in this case NorthwindEntities. 

 system.SendingRequest2 += (sender, eventArgs) =>

 {

     eventArgs.RequestMessage.SetHeader("Authorization", "Bearer " + accessToken);

 };

 

 

 Console.Write(system.Accounts.Execute().First().Name);

*This post is locked for comments

I have the same question (0)

All responses (9)

Answers (0)

Community Member on at

Like (1)

Report

I am in exactly the same situation. Got a good access token from Azure AD using client credentials and are 401ed at the resource access request.

What would be useful to know is whether there's some kind of error log where we can see what goes wrong where. The 401 alone is not helping much I guess.

Was this reply helpful? Yes No
Suggested answer

razdynamics 17,308 User Group Leader on at

Like (0)

Report

HI Guys is this still an issue ?

Was this reply helpful? Yes No
albernhagen on at

Like (0)

Report

Hello -- yes, this is still an issue. I heard today from a Microsoft engineer that Web API does not support authentication via client credentials at this time as that grant type isn't enabled. It sounds like consuming Web API isn't possible from a non-interactive client at this time, unfortunately.

Was this reply helpful? Yes No
Community Member on at

Like (0)

Report

Hello albernhagen,

Did you find any solution to above problem. I have similar use case to establish server to server authentication and API calls without interactive browser login. This gives 401 after getting access token.

Thanks & Regards!

Was this reply helpful? Yes No
Suggested answer

Gopalan Bhuvanesh 11,401 on at

Like (0)

Report
I do not think you can access Dynamics CRM without logging (using your CRM username and password)

Have you included Dynamics CRM Online to the Required Permissions list when you register your application (for Implicit Grant)?

In the manifest file, did you Modify the line “oauth2AllowImplicitFlow”: false to “oauth2AllowImplicitFlow”: true.

Was this reply helpful? Yes No
Community Member on at

Like (0)

Report

Hey Gopalan, I have included these three application in permissions:

Was this reply helpful? Yes No
Community Member on at

Like (0)

Report

I'm exactly in the same situation, I think until now it is not possible to log on to crm webapi (get access_token) using OAuth 2 and ADAL v3 .net with ClientCredentials (_clientId, _clientSecret)

Could anyone confirm this ?

Was this reply helpful? Yes No
Community Member on at

Like (0)

Report

I donot think that its possible only via client credentials. The reason behind is -

every request to CRM is role based. Since CRM doesnt know on behalf of which user the request is made, it will give an exception. The ideal way is to use the Oauth granttype = password request. In this you will be required to pass the username and password to get the token along with client id and clientsecret.

Hope this answers the question.

Was this reply helpful? Yes No
Suggested answer

Community Member on at

Like (0)

Report

Use a request like this to get the token

POST Url: https://login.windows.net/domain.onmicrosoft.com/oauth2/token

Body:

resource=https%3a%2f%2fdomain.api.crm.dynamics.com&client_id=appid&grant_type=password&username=user%40domain.onmicrosoft.com&password=******&scope=openid&client_secret=clientsecret

All the body parameters have to be urlencoded

The token is in the response body and its key is access_token

Was this reply helpful? Yes No