Ever since MFA have been enabled for environments, I find quite a few requests on how can we connect to our Dynamics 365/ CDS environments from custom build external applications. I have even customers calling up and asking for a resolution since the console jobs are failing all of a sudden.
Now we have two scenarios here as well. One is basically WPF or console applications where is it OK to have an interactive dialog where the user shall enter the required two factor authentication details to finally connect. And the other are console jobs which are being used a schedulers and should not mandate a user intervention.
Let’s explore both these options. For both these examples I am going to use CrmServiceClient which is available in Microsoft.Xrm.Tooling Nuget packages.
Option 1: Login with Authentication prompt to the user
This one is infact quite easy. All you need to do is to use the connection string in below format.
<connectionStrings>
<add name=”MyCDSConnection”
connectionString=”
AuthType=OAuth;
Username=[your username];
Url=[environment url];
AppId=51f81489-12ee-4a9e-aaae-a2591f45987d;
RedirectUri=app://58145B91-0C36-4500-8554-080854F2AC97;
LoginPrompt=Auto”/>
</connectionStrings>
Few things that you must remember here.
- AuthType must be – OAuth. Office365 wont work here.
- You can use the AppId and redirect uri mentioned here and it shall work. You don’t need to configure this as APP in azure active directory. However if you plan to use some other AppId, make sure you register the APP, get the Application Id and the redirect URI accordingly.
- LoginPrompt=Auto
- No need to provide the password which has been a perennial problem so far
With this connection string in place, when the below line of code hits.
var connString = ConfigurationManager.ConnectionStrings[“MyCDSConnection”].ConnectionString;
var client = new CrmServiceClient(connString);
The user shall be prompted with login dialog where they need to enter the two factor authentication details. Post successful authentication, your code should work seamlessly.
Option 2: Headless Authentication (without user prompt)
Since the user prompt won’t be there, you shall need use a connection string with client id and client secret.
<add name=”MyCDSServer” connectionString=” AuthType=ClientSecret; url=https://contosotest.crm.dynamics.com; ClientId={AppId}; ClientSecret={ClientSecret} />
It is mandatory for you to register an APP against Azure active directory and get the application id and application secret. And the app should have permission to access CDS API’s. Not only that, the APP should be granted admin consent as well.
Hope this helps!
Debajit Dutta
(Dynamics MVP)
For consultation/ corporate training visit www.xrmforyou.com or reach out to us at info@xrmforyou.com
Our product offerings:
CRM-Sharepoint Attachment uploader and metadata manager (http://www.xrmforyou.com/sharepoint-integrator.html)
Notes Manager (https://debajmecrm.com/add-metadata-to-your-notes-and-attachments-in-dynamics-notes-metadata-manager-from-xrmforyou-com/)
Role based views for Dynamics 365 (http://www.xrmforyou.com/role-based-views.html)
Record Cloner for Dynamics 365 (http://www.xrmforyou.com/record-cloner.html)
Hi,
Thanks for the article; Can you please put an example for Headless option as the connection string seems confusing. For example; what is MyCDSServer?
Hi Thanks for reading my blog. MsCDSServer is the connection string key and nothing else.
-Debajit