Geek Answers Handbook

C # ADAL AcquireTokenAsync () without popup

We are writing a WCF service that should integrate with Dynamics CRM 2016 Online. I am trying to authenticate using ADAL using the AcquireTokenAsync() method. The problem is that it displays a pop-up window asking the user for credentials. Naturally, our application is a service, this is not what we want. We were looking for an authentication method without this popup.

There is a class called AuthenticationContextIntegratedAuthExtensions , which should help with the use of "username / password". It has a single AcquireTokenAsync method that suppresses the popup, but we have not found a way to pass it a password. When you run only the username, it throws an exception, which basically says "password was not."

Does anyone know how to get around this? It doesn't even have to be ADAL. Just something to get an OAuth token.

+6
source share
3 answers
 private static string API_BASE_URL = "https://<CRM DOMAIN>.com/"; private static string API_URL = "https://<CRM DOMAIN>.com/api/data/v8.1/"; private static string CLIENT_ID = "<CLIENT ID>"; static void Main(string[] args) { var ap = AuthenticationParameters.CreateFromResourceUrlAsync( new Uri(API_URL)).Result; var authContext = new AuthenticationContext(ap.Authority, false); var userCredential = new UserCredential("<USERNAME>", "<PASSWORD>"); var result = authContext.AcquireToken(API_BASE_URL, CLIENT_ID, userCredential); var httpClient = HttpWebRequest.CreateHttp(Path.Combine(API_URL, "accounts")); httpClient.Headers.Add(HttpRequestHeader.Authorization, "Bearer:" + result.AccessToken); using (var sr = new StreamReader(httpClient.GetResponse().GetResponseStream())) { Console.WriteLine(sr.ReadToEnd()); } }

Note. I am using an older version of ADAL ( 2.19.208020213 ), because it appears that the password was deduced from the UserCredential constructor.

EDIT: Recent versions of ADAL have a UserPasswordCredential that can be used instead of UserCredential (and was probably added as soon as Password was removed from UserCredential )

EDIT 2: CRM now supports Server to Server Authentication , which allows you to create an application user.

+4
source

What is it worth not using ADAL

 var postData = new List<KeyValuePair<string, string>> { new KeyValuePair<string, string>("resource", cred.ResourceId), new KeyValuePair<string, string>("grant_type", "client_credentials"), new KeyValuePair<string, string>("client_id", cred.ClientId), new KeyValuePair<string, string>("client_secret", cred.ClientSecret), }; using (var client = new HttpClient()) { string baseUrl = "https://login.windows.net/YourAADInstanceName.onmicrosoft.com/oauth2/"; client.BaseAddress = new Uri(baseUrl); client.DefaultRequestHeaders.Accept.Clear(); client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); var content = new FormUrlEncodedContent(postData); HttpResponseMessage response = await client.PostAsync("token", content); string jsonString = await response.Content.ReadAsStringAsync(); var responseData = JsonConvert.DeserializeObject<Token>(jsonString); return responseData; }
+2
source

Well, I eventually found a solution for this.

If you registered your application using Azure AD (as a web application / web API, not your own application), you will receive the client ID and secret key for this application.

The code for obtaining a token without a pop-up window is as follows:

 AuthenticationParameters ap = AuthenticationParameters.CreateFromResourceUrlAsync( new Uri(resource+"/api/data/v8.1")).Result; AuthenticationContext ac = new AuthenticationContext(ap.Authority); AuthenticationResult r = await ac.AcquireTokenAsync(ap.Resource, new ClientCredential(clientId,clientSecret));

the resource is the base URL of your Dynamics CRM deployment.

Authentication parameters are detected at runtime, as suggested in this MSDN article .

0
source

More articles:


All Articles