Saturday, April 18, 2020

CrmServiceClient: Authenticate an Active Directory Account (ADFS) with CRM Online / Dynamics 365

After going through tons of articles and experimenting with numerous console applications, I managed to establish a connection to CRM Online/Dynamics 365 environment by using an ADFS account using the following code:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
var conString = @"AuthType=OAuth;Username=xxxx@domain.local; Password=xxxxxUrl=https://orgname.crm4.dynamics.com;AppId=2ad88395-b77d-4561-9441-d0e40824f9bc;RedirectUri=app://5d3e90d6-aa8e-48a8-8f2c-58b45cc67315";  
CrmServiceClient service = new CrmServiceClient(conString);  
if (service.IsReady)  
{  
    //sample request
    QueryExpression accounts = new QueryExpression("account")
    {
       ColumnSet = new ColumnSet(true)
    };  
    service.RetrieveMultiple(accounts);  
}  

The AppId and RedirectUri hard coded above are for CRM Online and do not change across the environments.

It was a local domain account which was federated with the CRM Online instance. With AuthType other than OAuth, it was redirecting to the MEX endpoint of ADFS on the local network which was failing with the following error:

"An unsecured or incorrectly secured fault was received from the other party"

Using the above approach, the CrmServiceClient class automatically handles the authentication with ADFS and we can use the normal CRUD operations of IOrganizationService.

Hope this helps!

No comments:

Post a Comment