I have a web application that needs to speak with Dynamic CRM 365 Web API. The Dynamic CRM is configured as a Relying Party on ADFS. The server is Windows Server 2016 and everything is on premise and not on Azure.
What i did to acquire a valid token are the following:
1) In ADFS went to Application Groups and add an new Server Application, took the ClientID and also generate a Client Secret for my web application.
2) Add new new user in Active Directory the webAppUser
3) Add this user as an Application User in CRM with Application ID the ClientID i got earlier when i registered my web app to ADFS. Also created a new Role with full permissions on Entity Account and assign this role to this Application User
4) I'm using the below code to retrieve a bearer token and add it to my HttpClient Authorization header.
public class CrmWebApiClient
{
private HttpClient _httpClient;
public CrmWebApiClient()
{
_httpClient = new HttpClient();
_httpClient.BaseAddress = new Uri("https://crmbaseaddress.com");
}
internal async Task Initialize()
{
try
{
var authority = "https://adfsServerUrl/adfs/";
var authContext = new AuthenticationContext(authority,false);
var credentials = new ClientCredential(clientID,clientSecret);
var authResult = await authContext.AcquireTokenAsync("https://crmbaseaddress.com", credentials);
_httpClient.DefaultRequestHeaders.Authorization =
new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
}
catch (Exception ex)
{
var error = ex;
}
}
internal async Task<string> GetValuesAsync()
{
var result = string.Empty;
try
{
result = await _httpClient.GetStringAsync("api/data/v8.1/accounts");
}
catch (Exception ex)
{
var error = ex;
}
return result;
}
}
5) I manage to get a token but when i call the CRM's Web Api i still get 401 Unauthorized.
Can you please help me? Am i on the right path? Should i do anything more?
At the end i had to use a system user and send it's credentials in my oAUth request using the code below in order to acquire a valid token: