Effective Feb 4, 2020 - Use of the WS-Trust (Web-Service Trust) authentication security protocol while connecting to Common Data Service has been deprecated. This change affects applications that utilize Microsoft.Xrm.Sdk.Client.OrganizationServiceProxy and Microsoft.Xrm.Tooling.Connector.CrmServiceClient classes for the authentication type of "Office365".

The WS-Trust protocol is a security protocol that is inherently insecure by current encryption standards. In addition to this, the WS-Trust protocol does not support the modern forms of Multi-Factor Authentication and conditional access controls to customer data.

In this blog, considering the above change, we will learn how a developer can make use of the capabilities of the Azure Active Directory to secure and protect access to their applications and customers in Common Data Service.

PRE-REQUISITES

  1. A valid Dynamics-365 CE (CRM) Instance
  2. MS Visual Studio (version 2017 or above)
  3. Azure Active Directory Application
  4. Application ID, Client Secret
  5. CE Application User with an appropriate security role assigned

STEPS

  • Note down the string values of the following parameters:
  1. Azure Active Directory Application ID
  2. Azure Active Directory Tenant ID
  • Client Secret Key
  • Open a C# Console Application and add CrmSdk.XrmTooling.CoreAssembly NuGet Package.
  • Here, we will first form the Connection String to pass it to the CrmSeviceClient, keeping ‘ClientSecret’ our Authentication Type.
  • The connection string must look like the following.

Format

String connectionString = "AuthType=ClientSecret; url=; ClientId=; ClientSecret=”; 

Example

string connectionString = "AuthType=ClientSecret; url=https://11apr.crm8.dynamics.com/;ClientId=91916602-0067-46c4-bcf4-b2a3ffa3108b; ClientSecret=A.Z8e7X.REAEv3Tm4:.w0s0ptRwgn?2m";

  • Once the correct connection string is formed, we will pass it in a constructor of CrmServiceClient.

CrmServiceClient crmServiceClient = new CrmServiceClient (connectionString); //Connecting to the D-365 CE instance

  • Run the following code and check for yourself if you can connect to your D365 organization.

Note: Please provide your own parameters in the code

using Microsoft.Xrm.Tooling.Connector;

using System;

namespace CrmServiceClient_Blog

{

    internal class Program

    {

        private static void Main(string[] args)

        {

            string connectionString = "AuthType=ClientSecret; url=https://11apr.crm8.dynamics.com/;ClientId=91916602-0067-46c4-bcf4-b2a3ffa3108b; ClientSecret=A.Z8e7X.REAEv3Tm4:.w0s0ptRwgn?2m";

            CrmServiceClient crmServiceClient = new CrmServiceClient(connectionString); //Connecting to the D-365 CE instance

            if (crmServiceClient != null && crmServiceClient.IsReady)

            {

                Console.ForegroundColor = ConsoleColor.Green;

                Console.WriteLine("
Connected Successfully!");

                Console.Read();

            }

            else

            {

                Console.WriteLine("
Could NOT connect to D365 CE instance. Please make sure the Connection String is correct.");

                Console.Read();

            }

        }

    }

}

UNIT TESTING

  • After we run the above code, we can see that the connection to our D365 instance is successfully established.
  • crmServiceClient object of the CrmServiceClientclass gets the following important values that can be used in any operations in the code.

{Microsoft.Xrm.Tooling.Connector.CrmServiceClient}

ActiveAuthenticationType

ClientSecret

Authority

"https://login.microsoftonline.com/9dc73af2-e3c5-4b7d-b8c0-f19f12279496/oauth2/authorize/"

ConnectedOrgFriendlyName

"Abhi27"

ConnectedOrgId

{d034d5b0-612f-4714-93f7-52da4f85c718}

ConnectedOrgUniqueName

"orgdd23abb7"

ConnectedOrgVersion

{9.1.0.16832}

CrmConnectOrgUriActual

{https://11apr.crm8.dynamics.com/XRMServices/2011/Organization.svc/web?SDKClientVersion=9.0.44.892}

CurrentAccessToken

"eyJ … vA "

CONCLUSION

So, this is a detailed blog, shared by Dynamics 365 development company team, where you can see how developers can establish secure connections in Dynamics 365 CE (CRM) environments using the ClientSecret authentication type? Once connected, the developer can perform regular operations from the C# code.

Connect to D365 CE with multi-factor Authentication using C# sharp的更多相关文章

  1. 连接mysql问题 mysqlnd cannot connect to MySQL 4.1+ using old authentication

    第一篇:PHP5.3开始使用MySqlND作为默认的MySql访问驱动,而且从这个版本开始将不再支持使用旧的用户接口链接Mysql了,你可能会看到类似的提示: #2000 - mysqlnd cann ...

  2. 项目报错 exception 'MongoConnectionException' with message 'Failed to connect to: 127.0.0.1:27017: Authentication failed on database 'www' with username 'www': auth failed' in

    出现这个错误,在官方文档也找到了解释,原来在2.6版本做了很大的改进,其改进涉及到核心.存储.网络.查询和安全性等多方面,自然,其用户登录认证机制也发生了改变,db.system.users的sche ...

  3. mysqlnd cannot connect to MySQL 4.1+ using old authentication

    报这个错误主要是因为mysql使用了老的密码格式,而程序要求使用新的格式导致的,解决办法: SET old_passwords = 0; UPDATE mysql.user SET Password ...

  4. [信息安全] 4.一次性密码 && 身份认证三要素

    [信息安全]系列博客:http://www.cnblogs.com/linianhui/category/985957.html 在信息安全领域,一般把Cryptography称为密码,而把Passw ...

  5. UBUNTU下MONGODB出现PHP Fatal error: Uncaught exception 'MongoConnectionException' with message 和 Authentication failed on database 'admin' with username

    MONGO 远程连接服务器,出现: PHP Fatal error: Uncaught exception Stack trace:# /var/www/data/update_data.php(): ...

  6. odoo12之应用:一、双因子验证(Two-factor authentication, 2FA)(HOTP,TOTP)附源码

    前言 双因子认证:双因子认证(2FA)是指结合密码以及实物(信用卡.SMS手机.令牌或指纹等生物标志)两种条件对用户进行认证的方法.--百度百科 跟我一样"老"的网瘾少年想必一定见 ...

  7. Dynamics 365 CE将自定义工作流活动程序集注册到磁盘并引用其他类库

    我是微软Dynamics 365 & Power Platform方面的工程师罗勇,也是2015年7月到2018年6月连续三年Dynamics CRM/Business Solutions方面 ...

  8. 更好地使用Atom支持基于Jupyter的Python开发

    有关于使用Atom进行Python开发的网上资料比较少,最近发现使用Atom结合Hydrogen插件进行Python开发,尤其是数据挖掘相关的工作,整体体验要好于Vscode,Vscode虽然说也有连 ...

  9. SSL加速卡调研的原因及背景

    SSL加速卡调研的原因及背景 SSL加速卡调研的原因及背景 网络信息安全已经成为电子商务和网络信息业发展的一个瓶颈,安全套接层(SSL)协议能较好地解决安全处理问题,而SSL加速器有效地提高了网络安全 ...

  10. ethereum/EIPs-1078 Universal login / signup using ENS subdomains

    https://github.com/ethereum/EIPs/blob/master/EIPS/eip-1078.md eip title author discussions-to status ...

随机推荐

  1. docker镜像原理(二)

    一.docker镜像定义 如果我们想要定义mysql5.7镜像应该怎么做? 获取基础镜像,选择一个发行版平台(unbtu.centos) 在centos镜像中安装mysql5.7软件 导出镜像,可以命 ...

  2. 【JavaScript】setAttribute在添加事件时失效解决办法

    HTML的表格行高亮,用JavaScript设置时总是在FireFox和谷歌浏览器中成功,但是在IE6,IE7中失败.最后发现是IE系列对DOM的setAttribute方法支持不好.如用: 1 tr ...

  3. unity 资源打包,MD5值计算注意点

    仅作记录: unity3d在修改资源时,有些类型的资源修改的是源文件,比如:fbx,mp3,.jpg,.png等.这些资源是外部资源导入unity3d中,untiy3d导入编译时,生成相应的meta文 ...

  4. c语言学习---void 数据类型

    这样的语法是错误的: void a = 10;  void表示无类型, 这样定义一个变量a, 编译器是无法知道给a分配多大的内存空间的 #include<stdio.h> #include ...

  5. mybatis自增主键的获取

    实体类 package org.example.entity; public class User { private Integer id; private String name; private ...

  6. createrepo 命令详解

    createrepo 命令用于创建yum源(软件仓库),即为存放于本地特定位置的众多rpm包建立索引,描述各包所需依赖信息,并形成元数据. 语法: createrepo [option] <di ...

  7. 在cesium中导出图片

    <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title> ...

  8. miscmisc --攻防世界

    题目: (1)解压后将图片放入16进制编辑器,搜索字符串flag发现 图片应该还包含其他文件 (2)使用foremost进行分离,得到压缩包,打开压缩包又有一张图片 (3) 图片同样使用编辑器查看,也 ...

  9. 在element plus中使用checkbox 多选框实现大区省市区选择回选

    1.产品拿来淘宝后台页面,希望我们的快递发货也用这一套 长这样: 2.后端说提供的数据是树形结构,大区id不要传,传省的id,勾选哪个传哪个 3.element  ui的树形插件和级联选择器在数据上是 ...

  10. Angular前端调用asp.net core web api后端,报跨域问题

    在 ASP.NET Core 中启用跨域请求 (CORS) https://docs.microsoft.com/en-us/aspnet/core/security/cors?view=aspnet ...