Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / Using xrm.tooling for ...
Microsoft Dynamics CRM (Archived)

Using xrm.tooling for silent login

(0) ShareShare
ReportReport
Posted on by Rickard Norström

Hi,

Is there any way to use Xrm.Tooling to do a silent login using only an org URL and not the service URL of a specific service (i.e. the web api or ye olde org service). There's been talk that the tooling should smoothly transition to the web api for connecting to the CR... eehh.. CE.

I've successfully authenticated to AAD with an application user and a certificate, the thing I'd like to do is to use the Xrm.Tooling for the integration since it's what Microsoft seems to be promoting at the moment. At the same time I don't want to point to a specific service endpoint but rather to the CRM instance since we don't know which endpoint will be here next week.

Is this possible?

Regards

*This post is locked for comments

  • Rama Koneru Profile Picture
    Rama Koneru on at
    RE: Using xrm.tooling for silent login

    Thanks Matt! Yes, we will be using the .Net ADAL library to generate the JWT token as shown in the previous responses by calling the AcquireTokenAsync method.

  • MattB-MSFT Profile Picture
    MattB-MSFT on at
    RE: Using xrm.tooling for silent login

    It is safe to use this,  Yes.

    I will see about updating the doc's when I have time...

    Note: you must hand back a JWT Token that AAD will recognize.

    MattB-MSFT

  • Rama Koneru Profile Picture
    Rama Koneru on at
    RE: Using xrm.tooling for silent login

    docs.microsoft.com/.../microsoft.xrm.tooling.connector.crmserviceclient.authoverridehook

    The document states Internal Use only. Is it safe to use this approach?

  • Radu Chiribelea Profile Picture
    Radu Chiribelea 6,667 on at
    RE: Using xrm.tooling for silent login

    Hi Matt,

    Thank you for your quick reply. It would be nice if this will be available, together with the AppId & Client Secret auth. As a side question, I know the goal is to deprecate the SOAP endpoints and use the Web API. How will this impact the CrmServiceClient? Will it be shifted to the REST endpoint or will it be deprecated with the Organization Service? Will we still be able to use it after the SOAP endpoint is removed?

    Thanks,

    Radu

  • MattB-MSFT Profile Picture
    MattB-MSFT on at
    RE: Using xrm.tooling for silent login

    It is not a “bug”,  though there is an issue in the nuget package that allows you to update to the 3.x version of ADAL that we have fixed.

    In the spirit of full disclosure

    We rely on ADAL assemblies to provide authentication support.  ADAL’s policy is that they target various major versions of ADAL at different feature sets.  In this case, ADAL 2.x is not compatible at all with ADAL 3.x.  ( IE rework several parts of your code to use the new methods and approaches to solving problems )

    Given that we support a large number of clients and use these assemblies in our own platform, moving to ADAL 3.x is a fairly large, customer breaking, endeavor that we are trying to determine how to support.

    We have resisted creating 2 versions of the SDK, one using 2.x and one using 3.x to this point that differ only in the version of ADAL used, and we have resisted creating our own ‘interpretation layer’ to allow dynamic loading / injection of the ADAL assembly as they differ significantly enough that it’s a could become a maintenance issue.

    So short of it is that we support ADAL 2.x,  if your project requires 3.x then you should box us into our own appdomain ( because the 2 versions of ADAL are completely incompatible ) and use the External Auth call back to support it.

    We will address this in the future, but we do not have anything to say on it just yet

    MattB

  • Radu Chiribelea Profile Picture
    Radu Chiribelea 6,667 on at
    RE: Using xrm.tooling for silent login

    Hi Matt,

    This seems to work only if you have the Microsoft.IdentityModel.Clients.ActiveDirectory build 2.22.302111727 nuget package installed. If you upgrade that then the CrmServiceClient fails to connect. I tried with build 3.19.8 Is this a known bug?

    [quote][/quote]

    As a point...

    the Xrm.Tooling.Connector natively support Certificate based Auth. 

    You don't need to use the externalAuth mode to do it. 

    Example: 

    string ConnectionStr = "AuthType=Certificate;url=<url>;thumbprint=<CertThumbPrint>;AppId=<appID>;RequireNewInstance=true;SkipDiscovery=true";
    CrmServiceClient cli1 = new CrmServiceClient(ConnectionStr);

    if you don't want to use a connection string, you can also do it with a constructor . 

    CrmServiceClient client = new CrmServiceClient(null, StoreName.My, "<CertThumbPrint>", new Uri("<ServiceURLBase>/XRMServices/2011/Organization.svc"), false, null, <appID>, null, null);
    if (client.IsReady) { ... }

    MattB.

    Thanks,

    Radu

  • Rickard Norström Profile Picture
    Rickard Norström on at
    RE: Using xrm.tooling for silent login

    Thanks Matt.

    Thar you're not using the entire URL is actually quite funny :)

    /Rickard

  • MattB-MSFT Profile Picture
    MattB-MSFT on at
    RE: Using xrm.tooling for silent login

    We actually do not use the "/XRMServices/2011/Organization.svc" part of the URI :)   We generate the actually connect using the given config of the CrmServiceClient and the Schema and SafeDNSHost name of the URL.  You should be fine passing just the InstanceURL to it.

    Our docs and examples provide the full link as that is what most folks are familiar with.

    Right now, CrmServiceClient uses both the OData Endpoint and the SOAP endpoint depending on what its doing.

    MattB

  • Rickard Norström Profile Picture
    Rickard Norström on at
    RE: Using xrm.tooling for silent login

    Thanks again Matt. One question though, why do we need to add the "/XRMServices/2011/Organization.svc"-part in the connection? How long will that endpoint be the one that is used, I would feel a bit more at peace if I only had to provide the instance URL.

    Regards

  • MattB-MSFT Profile Picture
    MattB-MSFT on at
    RE: Using xrm.tooling for silent login

    Not yet,  We are planning to add AppID / Client Secret support in the future...   we just have not sorted out how we want to do it yet frankly as its just another form of user acct / pw at the end of the day and certificate auth is much more secure and safer.  also rollover is innately supported and such.

    That said, I would expect us to add support toward the fall for Client Secret login ( No promises though )

    MattB.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

December Spotlight Star - Muhammad Affan

Congratulations to a top community star!

Top 10 leaders for November!

Congratulations to our November super stars!

Tips for Writing Effective Suggested Answers

Best practices for providing successful forum answers ✍️

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,269 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,198 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans