Connect to D365 CE with multi-factor Authentication using C# sharp

Effective Feb 4, 2020 - Use of the WS-Trust (Web-Service Trust) authentication security protocol while connecting to Common Data Service has been deprecated. This change affects applications that utilize Microsoft.Xrm.Sdk.Client.OrganizationServiceProxy and Microsoft.Xrm.Tooling.Connector.CrmServiceClient classes for the authentication type of "Office365".

The WS-Trust protocol is a security protocol that is inherently insecure by current encryption standards. In addition to this, the WS-Trust protocol does not support the modern forms of Multi-Factor Authentication and conditional access controls to customer data.

In this blog, considering the above change, we will learn how a developer can make use of the capabilities of the Azure Active Directory to secure and protect access to their applications and customers in Common Data Service.

PRE-REQUISITES

A valid Dynamics-365 CE (CRM) Instance
MS Visual Studio (version 2017 or above)
Azure Active Directory Application
Application ID, Client Secret
CE Application User with an appropriate security role assigned

STEPS

Note down the string values of the following parameters:

Azure Active Directory Application ID
Azure Active Directory Tenant ID

Client Secret Key
Open a C# Console Application and add CrmSdk.XrmTooling.CoreAssembly NuGet Package.
Here, we will first form the Connection String to pass it to the CrmSeviceClient, keeping ‘ClientSecret’ our Authentication Type.
The connection string must look like the following.

Format

String connectionString = "AuthType=ClientSecret; url=; ClientId=; ClientSecret=”;

Example

string connectionString = "AuthType=ClientSecret; url=https://11apr.crm8.dynamics.com/;ClientId=91916602-0067-46c4-bcf4-b2a3ffa3108b; ClientSecret=A.Z8e7X.REAEv3Tm4:.w0s0ptRwgn?2m";

Once the correct connection string is formed, we will pass it in a constructor of CrmServiceClient.

CrmServiceClient crmServiceClient = new CrmServiceClient (connectionString); //Connecting to the D-365 CE instance

Run the following code and check for yourself if you can connect to your D365 organization.

Note: Please provide your own parameters in the code

using Microsoft.Xrm.Tooling.Connector;

using System;

namespace CrmServiceClient_Blog

{

internal class Program

{

private static void Main(string[] args)

{

string connectionString = "AuthType=ClientSecret; url=https://11apr.crm8.dynamics.com/;ClientId=91916602-0067-46c4-bcf4-b2a3ffa3108b; ClientSecret=A.Z8e7X.REAEv3Tm4:.w0s0ptRwgn?2m";

CrmServiceClient crmServiceClient = new CrmServiceClient(connectionString); //Connecting to the D-365 CE instance

if (crmServiceClient != null && crmServiceClient.IsReady)

{

Console.ForegroundColor = ConsoleColor.Green;

Console.WriteLine(" Connected Successfully!");

Console.Read();

}

else

{

Console.WriteLine(" Could NOT connect to D365 CE instance. Please make sure the Connection String is correct.");

Console.Read();

}

UNIT TESTING

After we run the above code, we can see that the connection to our D365 instance is successfully established.
crmServiceClient object of the CrmServiceClientclass gets the following important values that can be used in any operations in the code.

{Microsoft.Xrm.Tooling.Connector.CrmServiceClient}

ActiveAuthenticationType	ClientSecret
Authority	"https://login.microsoftonline.com/9dc73af2-e3c5-4b7d-b8c0-f19f12279496/oauth2/authorize/"
ConnectedOrgFriendlyName	"Abhi27"
ConnectedOrgId	{d034d5b0-612f-4714-93f7-52da4f85c718}
ConnectedOrgUniqueName	"orgdd23abb7"
ConnectedOrgVersion	{9.1.0.16832}
CrmConnectOrgUriActual	{https://11apr.crm8.dynamics.com/XRMServices/2011/Organization.svc/web?SDKClientVersion=9.0.44.892}
CurrentAccessToken	"eyJ … vA "

CONCLUSION

So, this is a detailed blog, shared by Dynamics 365 development company team, where you can see how developers can establish secure connections in Dynamics 365 CE (CRM) environments using the ClientSecret authentication type? Once connected, the developer can perform regular operations from the C# code.