Hello team,

Hopefully this will be the beginning of a series of posts regarding Azure Functions and Dynamics 365, however, anything can happen and in the next coming months, my workload will increase significantly so let’s see.

I have to be honest one of the main reasons for writing this post, authentication, in particular, is because I always forget how to do it, then spend a day trying to figure it out, then months later I need to do it again and I have lost the code… you know the story 😊

So hence this post today, watch out for the tag [incaseIforget] in the blog for more posts like this.

In case you want the short version, here is the link to the code snippet only:

https://crmandcoffee.wordpress.com/2019/01/30/code-snippet-dynamics-365-web-api-and-azure-function-v2-authentication-using-application-user/

Connecting to Dynamics 365

Since we are going to use the Web API let’s forget about:

  • Using the SDK DLLs (Bye bye Entity).
  • Claims Based Authentication or AD

OAuth2 is the way forward

https://docs.microsoft.com/en-us/dynamics365/customer-engagement/developer/connect-customer-engagement-web-services-using-oauth

I am not going to explain how OAuth2 works, click on the link above if you want to find more but basically, we need to get an Access Token that we can send in our Http Requests so Dynamics knows who we are and that we have access.

One thing I want to comment in the link above:

msnote

This is not 100% true, we will be using ADAL 3.0 in this example.

msnotes2

The following link has all the information regarding that:

https://docs.microsoft.com/en-us/dynamics365/customer-engagement/developer/walkthrough-register-dynamics-365-app-azure-active-directory

The key thing after is to get the Application ID as we will be using in the next part.

Using S2S authentication, how to create an application user in Dynamics

On the note above you can see that one of the reasons to go with ADAL v2 is that v3 requires a sign-in screen to capture user account information. We can work around that if what we use is an Application User.

Which is a new type of user that we can associate with an application registered in AD, so how do we create one?

    1. Change the view to Application users

appuser1

    1. Select New
    2. Give it a Name and copy the Application ID of your App in Azure to the Application ID field.
    3. Don’t worry about the other 2 fields they will be automatically populated.
    4. Click on Save and don’t forget to give it a Security Role!

appuser2

 

Getting the Client Secret for the Client Credentials in Azure

Before we have a look at the code I would like to remind everyone where to get the client secret key.

Once you have your Application correctly configured in Azure AD, remember to go into it and select Keys.

azuresettingskey1

This is where you will create the key to use in the code.

Warning: You can’t get the value again, it will ONLY be displayed ONCE after saving it! So make sure you copy it!

And with this we got everything to use the code snippet below, I have put it on a different page so it’s easier to access it directly.

https://docs.microsoft.com/en-us/dynamics365/customer-engagement/developer/walkthrough-register-dynamics-365-app-azure-active-directory

Hope this was helpful!

Thanks,

Mario