I have created WebApi and hosted it to Azure server, now I want to get data from Microsoft Dynamics CRM into this API with logged in Office 365 users credentials.
So when I call the WebApi from office 365 it takes Office 365 logged in user's credentials and get data from CRM of same user.
For getting Dynamics 365 data you need the access token which as you mentioned is granted by office 365 OAuth server. Assuming that you already registered your app in Azure active directory and gained your client Id and secret key, you need also give permission to your app to access Dynamics 365 (using Required permissions in Setting panel of app registration).
After setting up your app in Azure AD, then you can redirect your user to office 365 login page (OAuth 2.0 Authorization Endpoint) for getting the access token. there are different methods to do it. In my experience I used getting token using Authentication code, but generally you need to compose a url to login page with following param:
'https://login.windows.net/' + tenant + '/oauth2/authorize?response_type=code&client_id=<client_id>&redirect_uri=<redirect_uri>&state=<state>&resource=<resource>'
In case of Authentication code it returns a code which you can use to acquire token. Microsoft developed some drivers which does it for you. If you use node.js you can check out adal, for sure they have something similar for dot.net.
After getting your access token, you just need to call your Dynamics 365 (resource) to get the data.
Related
I have an SPA based application, in which the UI uses Azure AD based authentication, in which the user is presented with a login page by Azure AD and the user logs in to get a token. I am getting the token successfully. Now the UI will call a Web API. This Web API needs to make a call to Office 365 API. I have office 365 tenant and the credentials (User2) are different from the credential the user is used to login from the UI. In this case how should I authenticate User2 to connect to Office 356 API and how should I pass the token to O365 API?
I googled for any sample but I could not find anything worth.
I have a scenario is one where the user has signed into CRM and triggers some functionality that calls a third party API to retrieve data that is not in CRM.
This API is a registered application in the Same Azure Active Directory as where the CRM resides. CRM single sign on is enabled.
I am trying to find an example of C# code which retrieves the authorization code via a CRM plugin. So far, I have managed to retrieve the token using a client secret as described in this article:
Retrieving token without the ADAL client library
I have implemented a basic call with the parameters defined in this article:
Requesting an Authorization code
But I need to pass the user session to make it work. It currently throws an error
A silent sign-in request was sent but no user is signed in. The cookies used to represent the user's session were not sent in the request to Azure AD. This can happen if the user is using Internet Explorer or Edge, and the web app sending the silent sign-in request is in different IE security zone than the Azure AD endpoint (login.microsoftonline.com).
Any help appreciated.
AFAIK, it is not suitable to interact with Azure AD using the Oauth code grant flow in the Microsoft Dynamics 365 plug-in since it required users interaction. And it is not able to send the session in the Microsoft Dynamics 365 plug-in to authenticate using ADAL library.
If you only want to access the Microsoft Dynamics 365 organization service in the CRM plug-in, there is no need to use the ADAL library to authenticate again.
It is only required that plug-in code create an instance of the service through the ServiceProvider.GetService method.
// Obtain the organization service reference.
IOrganizationServiceFactory serviceFactory = (IOrganizationServiceFactory)serviceProvider.GetService(typeof(IOrganizationServiceFactory));
IOrganizationService service = serviceFactory.CreateOrganizationService(context.UserId);
More detail about context of Microsoft Dynamics 365 Plug-in development, please refer the link below:
Understand the data context passed to a plug-in
I need to integrate my web application (multi-tenant SaaS product) into my users' Dynamics CRM so it can pull their data.
I have learnt that Azure Active Directory apps can take care of such integrations (OAuth) but I cannot figure out how my users can grant my app access to their Dynamics CRM data.
Apparently, every user of mine should create an Azure AD app (with access to their Dynamics CRM account) and then my Azure AD app should be authorised to make requests on behalf of their AD app.
I have no idea how I can make this process work.
Any advice would be much appreciated.
For Dynamics CRM versions 2016 and 365, data can be accessed via the Web API.
When using the Web API by sending, for example, an HTTP GET request, a request header must be present in the format: { 'Authorization': 'Bearer' + token } where token is an OAuth 2 Bearer Token.
To obtain a token, I'd suggest using the Azure AD authentication Library (ADAL).
To authenticate with Dynamics CRM via ADAL, you'll have to register your web application under Azure Active Directory along with Dynamics CRM. Registering your app will give you a client ID which is required by the OAuth 2.0 authorisation flow. This post is very useful.
If your app will have administrative privilege, then it will have access to other user's data. There are several things you should make sure of when configuring OAuth, check this:
http://phuocle.net/crm/dynamics-365-online-s2s-authentication-full-explain.aspx
so to highlight the most important things from my perspective:
you should have a special user for handling that
this user should not have any license assigned - so you have to sign a license for him, a take it back after done configuring him
user should have a custom role (can be role copied from System Administrator)
I need the token in order to use office api discovery service (https://api.office.com/discovery/) to find SharePoint root url.
Is it possible to get access to Azure AD token from add-ins (Outlook/Office)?
Edit(To make things more clear):
As I'm building a multi-tenant Azure hosted app that should be launched via add-ins, I will have to force users to log-in in popup and give consent for application. Login is mandatory since in office add-in's we cannot find out who the logged in user is.
You can follow the documentation here on how to retrieve an authorization token - https://graph.microsoft.io/en-us/docs/platform/rest from Azure AD for the use of finding the root URL - also you can use the Microsoft Graph, which is the newer version of the Discovery service (more details about it again at the link provided).
Similar to the question here Accessing Office 365 user mail data with admin authorisation only
Currently i am implementing an application that will access a set of mailboxes on Office365 using a service account.
There is an MSDN blog post announcing oauth support for Office 365 http://blogs.msdn.com/b/exchangedev/archive/2014/03/25/using-oauth2-to-access-calendar-contact-and-mail-api-in-exchange-online-in-office-365.aspx
Can our app use the technique in that link and get authorization from the administrator for the set of mailboxes using the service account for this "group" of mailboxes ?
If you're using OAuth with the new REST APIs, an administrator can consent on behalf of their entire Office 365 organization. They cannot consent only on behalf of a subset of users.