如何将服务器服务连接到Dynamics Online [英] How do I connect a server service to Dynamics Online

问题描述

我正在修改内部管理应用程序以连接到我们的在线托管Dynamics 2016实例。

I am modifying an internal management application to connect to our online hosted Dynamics 2016 instance.

在遵循一些在线教程之后，我一直在使用 Microsoft.Xrm.Sdk.Client 中> OrganizationServiceProxy 。

Following some online tutorials, I have been using an OrganizationServiceProxy out of Microsoft.Xrm.Sdk.Client from the SDK.

这似乎需要一个用户名和密码才能连接，这很好用，但是我想以某种方式连接，不需要特定用户的帐户详细信息。我认为我所见过的OAuth示例不适合，因为没有UI，也没有实际的人向其显示OAuth请求。

This seems to need a username and password to connect, which works fine, but I would like to connect in some way that doesn't require a particular user's account details. I don't think the OAuth examples I've seen are suitable, as there is no UI, and no actual person to show an OAuth request to.

public class DynamicsHelper
{
    private OrganizationServiceProxy service;

    public void Connect(string serviceUri, string username, string password)
    {
            var credentials = new ClientCredentials();
            credentials.UserName.UserName = username;
            credentials.UserName.Password = password;

            var organizationUri = new Uri(serviceUri);
            this.service = new OrganizationServiceProxy(organizationUri, null, credentials, null);
    }
}

是否可以使用应用程序令牌或API密钥？

Is there a way to connect with an application token or API key?

推荐答案

我发现要成功完成此操作，您需要设置以下所有内容：

I've found that to do this successfully, you'll need to setup all of the following:

1. 在Azure AD中创建应用程序注册：
   
   
   
   
   • 授予它API动态权限，特别是作为组织用户访问Access Dynamics 365
   
   
   • 为其提供虚拟Web重定向URI，例如 http：// localhost / auth
   
   
   • 生成客户端机密并将其保存以供以后使用
   
   

对于第4步，您需要打开一个新的隐身模式窗口，构造au rl使用以下模式，然后在步骤2中使用您的用户帐户凭据登录：

For step 4, you'll want to open an new incognito window, construct a url using the following pattern and login using your user account credentials in step 2:

https://login.microsoftonline.com/<your租户ID> / oauth2 / authorize？client_id =<客户端ID>& response_type = code& redirect_uri =<从步骤1重定向uri>& response_mode = query& resource = https：//<组织名称>。 < region> .dynamics.com& state =<随机值>

完成此操作后，您应该会看到Dynamics应用程序用户具有应用程序ID和应用程序ID URI。

When this is done, you should see that your Dynamics application user has an Application ID and Application ID URI.

现在使用ClientId和ClientSecret以及其他一些组织特定的变量，您可以通过Azure Active Directory（AAD）进行身份验证）以获取oauth令牌并构建 OrganizationWebProxyClient 。我还没有找到执行此操作的完整代码示例，但是出于个人目的，我开发了以下代码。请注意，您获取的令牌的有效期为1小时。

Now with your ClientId and ClientSecret, along with a few other organization specific variables, you can authenticate with Azure Active Directory (AAD) to acquire an oauth token and construct an OrganizationWebProxyClient. I've never found a complete code example of doing this, but I have developed the following for my own purposes. Note that the token you acquire has an expiry of 1 hr.

internal class ExampleClientProvider
{
    // Relevant nuget packages:
    // <package id="Microsoft.CrmSdk.CoreAssemblies" version="9.0.2.9" targetFramework="net472" />
    // <package id="Microsoft.IdentityModel.Clients.ActiveDirectory" version="4.5.1" targetFramework="net461" />

    // Relevant imports:
    // using Microsoft.IdentityModel.Clients.ActiveDirectory;
    // using Microsoft.Crm.Sdk.Messages;
    // using Microsoft.Xrm.Sdk;
    // using Microsoft.Xrm.Sdk.Client;
    // using Microsoft.Xrm.Sdk.WebServiceClient;

    private const string TenantId = "<your aad tenant id>";                 // from your app registration overview "Directory (tenant) ID"
    private const string ClientId = "<your client id>";                     // from your app registration overview "Application (client) ID"
    private const string ClientSecret = "<your client secret>";             // secret generated in step 1
    private const string LoginUrl = "https://login.microsoftonline.com";    // aad login url
    private const string OrganizationName = "<your organization name>";     // check your dynamics login url, e.g. https://<organization>.<region>.dynamics.com
    private const string OrganizationRegion = "<your organization region>"; // might be crm for north america, check your dynamics login url    

    private string GetServiceUrl()
    {
        return $"{GetResourceUrl()}/XRMServices/2011/Organization.svc/web";
    }

    private string GetResourceUrl()
    {
        return $"https://{OrganizationName}.api.{OrganizationRegion}.dynamics.com";
    }

    private string GetAuthorityUrl()
    {
        return $"{LoginUrl}/{TenantId}";
    }

    public async Task<OrganizationWebProxyClient> CreateClient()
    {
        var context = new AuthenticationContext(GetAuthorityUrl(), false);
        var token = await context.AcquireTokenAsync(GetResourceUrl(), new ClientCredential(ClientId, ClientSecret));

        return new OrganizationWebProxyClient(new Uri(GetServiceUrl()), true)
        {
            HeaderToken = token.AccessToken,
            SdkClientVersion = "9.1"
        };
    }

    public async Task<OrganizationServiceContext> CreateContext()
    {
        var client = await CreateClient();
        return new OrganizationServiceContext(client);
    }

    public async Task TestApiCall()
    {
        var context = await CreateContext();

        // send a test request to verify authentication is working
        var response = (WhoAmIResponse) context.Execute(new WhoAmIRequest());
    }
}

这篇关于如何将服务器服务连接到Dynamics Online的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！