401- 使用 REST API Dynamics CRM 和 Azure AD 进行未经授权的身份验证 [英] 401- Unauthorized authentication using REST API Dynamics CRM with Azure AD

问题描述

我正在尝试使用 Azure AD oAuth 2 身份验证访问 Dynamics CRM Online REST API.为此，我遵循了以下步骤:

- 我已经在 Azure 中注册了一个 web 应用程序和/或 web api
- 将 Dynamics CRM 的权限配置为具有委派权限以组织用户身份访问 CRM Online"
- 并创建了一个有效期为 1 年的密钥并保留生成的客户端 ID.

在 Azure 上配置 Web 应用程序后，我在 .NET/C# 中创建了一个控制台应用程序，它使用 ADAL 发出简单请求，在本例中检索帐户列表:

I'm trying to access a Dynamics CRM Online REST API with Azure AD oAuth 2 Authentication. In order to do so I followed these steps:

- I've registered a web application and/or web api in Azure
- Configured the permissions to Dynamics CRM to have Delegated permissions "Access CRM Online as organization user"
- And created a Key with a 1 year expiration and kept the Client ID generated.

After the web app was configured on Azure I have created a Console application in .NET/C# that uses ADAL to make a simple request, in this case to retrieve a list of accounts:

    class Program
{
    private static string ApiBaseUrl = "https://xxxxx.api.crm4.dynamics.com/";
    private static string ApiUrl = "https://xxxxx.api.crm4.dynamics.com/api/data/v8.1/";
    private static string ClientId = "2a5dcdaf-2036-4391-a3e5-9d0852ffe3f2";
    private static string AppKey = "symCaAYpYqhiMK2Gh+E1LUlfxbMy5X1sJ0/ugzM+ur0=";

    static void Main(string[] args)
    {
        AuthenticationParameters ap = AuthenticationParameters.CreateFromResourceUrlAsync(new Uri(ApiUrl)).Result;

        var clientCredential = new ClientCredential(ClientId, AppKey);

        var authenticationContext = new AuthenticationContext(ap.Authority);
        var authenticationResult = authenticationContext.AcquireToken(ApiBaseUrl, clientCredential);

        var httpClient = new HttpClient();
        httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", authenticationResult.AccessToken);

        var result = httpClient.GetAsync(Path.Combine(ApiUrl, "accounts")).Result;         
    }
}

我成功检索了访问令牌，但是当我尝试对 CRM 执行 httprequest 时，我总是收到 401 - 未授权状态代码.我错过了什么?

I retrieve an access token successfully but when I try to do a httprequest to CRM I always get a 401 - Unauthorized status code. What am I missing?

推荐答案

1 年零 2 个月后，同样的代码完美运行.正如许多人所说，Dynamics 365 同时开始支持服务器到服务器 (S2S) 身份验证.我当时没有采取的唯一步骤是创建一个应用程序用户.有关如何使此身份验证工作的详细信息，请查看此网站:https://msdn.microsoft.com/en-us/library/mt790170.aspx

1 year and 2 months later, this same code works perfectly. As many have stated, Dynamics 365 started to support Server-to-Server (S2S) authentication in the meantime. The only step that I had to make that I didn't back then was to create an application user. For more information about how to make this authentication work check this website: https://msdn.microsoft.com/en-us/library/mt790170.aspx

这篇关于401- 使用 REST API Dynamics CRM 和 Azure AD 进行未经授权的身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！