Effective Feb 4, 2020 - Use of the WS-Trust (Web-Service Trust) authentication security protocol while connecting to Common Data Service has been deprecated. This change affects applications that utilize Microsoft.Xrm.Sdk.Client.OrganizationServiceProxy and Microsoft.Xrm.Tooling.Connector.CrmServiceClient classes for the authentication type of "Office365".

The WS-Trust protocol is a security protocol that is inherently insecure by current encryption standards. In addition to this, the WS-Trust protocol does not support the modern forms of Multi-Factor Authentication and conditional access controls to customer data.

In this blog, considering the above change, we will learn how a developer can make use of the capabilities of the Azure Active Directory to secure and protect access to their applications and customers in Common Data Service.

PRE-REQUISITES

  1. A valid Dynamics-365 CE (CRM) Instance
  2. MS Visual Studio (version 2017 or above)
  3. Azure Active Directory Application
  4. Application ID, Client Secret
  5. CE Application User with an appropriate security role assigned

STEPS

  • Note down the string values of the following parameters:
  1. Azure Active Directory Application ID
  2. Azure Active Directory Tenant ID
  • Client Secret Key
  • Open a C# Console Application and add CrmSdk.XrmTooling.CoreAssembly NuGet Package.
  • Here, we will first form the Connection String to pass it to the CrmSeviceClient, keeping ‘ClientSecret’ our Authentication Type.
  • The connection string must look like the following.

Format

String connectionString = "AuthType=ClientSecret; url=; ClientId=; ClientSecret=”; 

Example

string connectionString = "AuthType=ClientSecret; url=https://11apr.crm8.dynamics.com/;ClientId=91916602-0067-46c4-bcf4-b2a3ffa3108b; ClientSecret=A.Z8e7X.REAEv3Tm4:.w0s0ptRwgn?2m";

  • Once the correct connection string is formed, we will pass it in a constructor of CrmServiceClient.

CrmServiceClient crmServiceClient = new CrmServiceClient (connectionString); //Connecting to the D-365 CE instance

  • Run the following code and check for yourself if you can connect to your D365 organization.

Note: Please provide your own parameters in the code

using Microsoft.Xrm.Tooling.Connector;

using System;

namespace CrmServiceClient_Blog

{

    internal class Program

    {

        private static void Main(string[] args)

        {

            string connectionString = "AuthType=ClientSecret; url=https://11apr.crm8.dynamics.com/;ClientId=91916602-0067-46c4-bcf4-b2a3ffa3108b; ClientSecret=A.Z8e7X.REAEv3Tm4:.w0s0ptRwgn?2m";

            CrmServiceClient crmServiceClient = new CrmServiceClient(connectionString); //Connecting to the D-365 CE instance

            if (crmServiceClient != null && crmServiceClient.IsReady)

            {

                Console.ForegroundColor = ConsoleColor.Green;

                Console.WriteLine("
Connected Successfully!");

                Console.Read();

            }

            else

            {

                Console.WriteLine("
Could NOT connect to D365 CE instance. Please make sure the Connection String is correct.");

                Console.Read();

            }

        }

    }

}

UNIT TESTING

  • After we run the above code, we can see that the connection to our D365 instance is successfully established.
  • crmServiceClient object of the CrmServiceClientclass gets the following important values that can be used in any operations in the code.

{Microsoft.Xrm.Tooling.Connector.CrmServiceClient}

ActiveAuthenticationType

ClientSecret

Authority

"https://login.microsoftonline.com/9dc73af2-e3c5-4b7d-b8c0-f19f12279496/oauth2/authorize/"

ConnectedOrgFriendlyName

"Abhi27"

ConnectedOrgId

{d034d5b0-612f-4714-93f7-52da4f85c718}

ConnectedOrgUniqueName

"orgdd23abb7"

ConnectedOrgVersion

{9.1.0.16832}

CrmConnectOrgUriActual

{https://11apr.crm8.dynamics.com/XRMServices/2011/Organization.svc/web?SDKClientVersion=9.0.44.892}

CurrentAccessToken

"eyJ … vA "

CONCLUSION

So, this is a detailed blog, shared by Dynamics 365 development company team, where you can see how developers can establish secure connections in Dynamics 365 CE (CRM) environments using the ClientSecret authentication type? Once connected, the developer can perform regular operations from the C# code.

Connect to D365 CE with multi-factor Authentication using C# sharp的更多相关文章

  1. 连接mysql问题 mysqlnd cannot connect to MySQL 4.1+ using old authentication

    第一篇:PHP5.3开始使用MySqlND作为默认的MySql访问驱动,而且从这个版本开始将不再支持使用旧的用户接口链接Mysql了,你可能会看到类似的提示: #2000 - mysqlnd cann ...

  2. 项目报错 exception 'MongoConnectionException' with message 'Failed to connect to: 127.0.0.1:27017: Authentication failed on database 'www' with username 'www': auth failed' in

    出现这个错误,在官方文档也找到了解释,原来在2.6版本做了很大的改进,其改进涉及到核心.存储.网络.查询和安全性等多方面,自然,其用户登录认证机制也发生了改变,db.system.users的sche ...

  3. mysqlnd cannot connect to MySQL 4.1+ using old authentication

    报这个错误主要是因为mysql使用了老的密码格式,而程序要求使用新的格式导致的,解决办法: SET old_passwords = 0; UPDATE mysql.user SET Password ...

  4. [信息安全] 4.一次性密码 && 身份认证三要素

    [信息安全]系列博客:http://www.cnblogs.com/linianhui/category/985957.html 在信息安全领域,一般把Cryptography称为密码,而把Passw ...

  5. UBUNTU下MONGODB出现PHP Fatal error: Uncaught exception 'MongoConnectionException' with message 和 Authentication failed on database 'admin' with username

    MONGO 远程连接服务器,出现: PHP Fatal error: Uncaught exception Stack trace:# /var/www/data/update_data.php(): ...

  6. odoo12之应用:一、双因子验证(Two-factor authentication, 2FA)(HOTP,TOTP)附源码

    前言 双因子认证:双因子认证(2FA)是指结合密码以及实物(信用卡.SMS手机.令牌或指纹等生物标志)两种条件对用户进行认证的方法.--百度百科 跟我一样"老"的网瘾少年想必一定见 ...

  7. Dynamics 365 CE将自定义工作流活动程序集注册到磁盘并引用其他类库

    我是微软Dynamics 365 & Power Platform方面的工程师罗勇,也是2015年7月到2018年6月连续三年Dynamics CRM/Business Solutions方面 ...

  8. 更好地使用Atom支持基于Jupyter的Python开发

    有关于使用Atom进行Python开发的网上资料比较少,最近发现使用Atom结合Hydrogen插件进行Python开发,尤其是数据挖掘相关的工作,整体体验要好于Vscode,Vscode虽然说也有连 ...

  9. SSL加速卡调研的原因及背景

    SSL加速卡调研的原因及背景 SSL加速卡调研的原因及背景 网络信息安全已经成为电子商务和网络信息业发展的一个瓶颈,安全套接层(SSL)协议能较好地解决安全处理问题,而SSL加速器有效地提高了网络安全 ...

  10. ethereum/EIPs-1078 Universal login / signup using ENS subdomains

    https://github.com/ethereum/EIPs/blob/master/EIPS/eip-1078.md eip title author discussions-to status ...

随机推荐

  1. Java 向上转型

    向上转型: 对象的向上转型,其实就是多态写法: 父类名称 对象名 = new 子类名称(); 注意:向上转型一定是安全的,从小范围转向大范围.(从小范围的猫,向上转化为更大范围的动物)

  2. 使用supervisor 管理 laravel 框架中的进程

    前言:在laravel中,经常要在项目根目录下执行 php artisan queue:work  来执行队列中的任务,由此,我们想到用supervisor来管理这个进程 Supervisor是用Py ...

  3. Python中用requests处理cookies的3种方法

    在接口测试中,大多数项目的接口是需要登录后进行操作的,经常用到requests库进行模拟登录及登录后的操作,下面是我不断踩坑后总结出来的关于登录凭证cookies的3种操作方法. 一. 用 reque ...

  4. Go语言互斥锁(sync.Mutex)和读写互斥锁(sync.RWMutex)

    暴力锁 package main import ( "fmt" "sync" "time" ) /* Go语言包中的 sync 包提供了两种 ...

  5. 记——flask实现全文搜索

    参考: flask入门和进阶十(实现全文搜索)已解决:https://blog.csdn.net/chengmo123/article/details/100552287 一.首先安装flask-wh ...

  6. Alfred 好用工具分享

    好用的mac工具分享 1.带历史记录的剪切板 根据快捷键切换选择保存的数据 2.创建热键工作流程 将常用的工具变为热键,快捷切换 如何创建: 设置热键 单击右键 创建actions 打开app 然后将 ...

  7. 解决动态class展示问题

    由于部分涉及到隐私,就打马赛克了 比如这个小问题,我有这个动态的class,里面是十几个类似btn的按钮,然后每个btn下面又有子多选框,一开始是我点击那个下面的子级他的父级就被选中,默认选中第一个父 ...

  8. 通过Jsoup,爬取车辆品牌,车系,LOGO等

    @Test public void test4() throws IOException { for (int i = 65; i <= 90; i++) { String value = St ...

  9. 基础vue的一些知识补充

    一.:disabled 该属性能接受布尔值,可以用于元素的使用.当值为true时,该元素将无法被使用,如button的disabled属性被设置为true后,将无法被点击,input的disabled ...

  10. AVD文件转移到非系统盘

    AVD文件默认是生成在C:\Users\用户名\.android\avd目录下面的,而AVD文件非常大,可以用下面的方法将AVD文件转移到其他盘中. 1. 将每个模拟器对应的***.avd文件夹的内容 ...