Connect to Dynamics CRM SDK Service using CrmServiceClient with ClientSecret Authentication Type

As per latest changes in Dynamics 365 SDK development in Console Application it is not recommended to use User Name or Password with in App.config and authenticate via AuthType Office365. Here I am explaining about new Client Secret approach where you will register your Dynamics 365 Application in Azure and authenticate via Client Id and Client Secret.

For getting Client Id and Client Secret your Dynamics 365 application needs to be registered in Azure. Please follow the below steps to register your App in Azure.

  1. Go to Portal.Azure.com and navigate to App registrations and click on New registration. Please note your login should have CRM and Azure licenses and you have access to create App registration in Azure and have admin access in CRM app.

2. In the Register an application page, enter your application’s registration information:

  • In the Name section, enter a meaningful application name that will be displayed to the users.
  • Select Accounts in any organizational directory option from Supported account types section.
  • Set the Redirect URI which is optional.
  • Click on Register to create the application.

3. On the app Overview page, hover over Application (client) ID value, and select the Copy to clipboard icon to copy the value as you’ll need to specify this in your application’s authentication code or app.config file where appropriate.

4. Select Manifest tab, in the manifest editor, set the allowPublicClient* property to true and click on Save.

5. Select API permissions tab, click on Add a permission.

6. Search for and choose Common Data Service under the APIs my organization uses tab.

7. Click on Delegated permissions and check the options and click on Add permissions.

This completes the registration of your application in Azure Active Directory

8. Now, we will create Client Secret. Click on Certificates & secrets and click on New client Secret.

9. Provide Description and Select Expires as Never and click on Add.

10. A new Client secret is created, copy the value. Please note once page is reloaded Client secret value cannot be copied, hence you need to copy as soon as it is created. Otherwise, you have to create new Client secret value and use it.

11. Once you have the Client Id and Client Secret, It is the time to create the Application user in Dynamics 365. Navigate to Dynamics CRM –> Settings –> Security –> Users –> Select Application Users View and click on New button

12. Provide the mandatory fields User Name, Application Id(Azure Client Id), Full Name and Primary Email and SAVE the record. Please note this user does not need to have Dynamics License.

13. Once user is created, provide System Administrator access by click on Manage Roles.

14. Once above steps are successfully completed, you need to go to your Console Application to authenticate CRM Via Client Secret. For that, the Console Application Target Application Target Framework should be 4.6.2. If you still using framework 4.5.2, update the framework of your application.

15. Right click on References of the Application and click on Manage NuGet Packages.

16. Browse the Packages and search for Microsoft.CrmSdk.XrmTooling.CoreAssembly and click on Install Package. At the time this article the latest version is 9.1.0.64. Please make sure you are installing the latest.

17. Use the below method to Authenticate Using Auth Type Client Secret. Here Uri is CRM Organization.svc URL, clientId and clientSecret are created above in Azure. You can maintain these values in app.config file. Also, generally you can maintain Azure Keyvalut for storing ClientId and Client Secret values.

Important Note: The Security Protocol used here is Tls1.2 which you have to provide manually in 4.5.2 framework which is still applicable in 4.6.2 even though it is already integrated. Otherwise, the token will be Null.

      public static IOrganizationService ConnectXrmServiceInstance(Uri organizationUri, out string clientId, out string clientSecret)
        {
           
            try
            {
                string connectionString = string.Format("AuthType = ClientSecret; url ={0}; ClientId ={1}; ClientSecret ={2}", organizationUri, clientId, clientSecret);

                Console.WriteLine("connectionString" + connectionString);

                ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

                var conn = new CrmServiceClient(connectionString);

                orgService = conn.OrganizationWebProxyClient != null ? conn.OrganizationWebProxyClient : (IOrganizationService)conn.OrganizationServiceProxy;
            }
            catch (Exception ex)
            {
                Console.WriteLine("Error while connecting to CRM " + ex.Message);
                Console.ReadKey();
            }

            return orgService;
        }

Thats it! You have authenticated Dynamics CRM using Client Secret and you can use orgService for different CRM operations. Kudos!

Please leave me feedback if you feel this is helpful!

Thanks!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create your website with WordPress.com
Get started
%d bloggers like this: