Consume Dynamics CRM Web API secured through ADFS (Ws-Federation)

2
votes

I have been trying to figure this out the whole day without any luck.

We have a dynamics CRM environment secured through ADFS with an IFD configuration. The setup uses the WS-Federation protocol (through a WS-Federation passive endpoint), no SAML assertion endpoint is configured. I'm trying to consume the web api exposed by Dynamics CRM but I cannot figure out how to authenticate before submitting the request (I imagine I should retrieve the SAML token somehow, but without a SAML endpoint I cannot understand how..). Every attempt ended up with a 401 response that includes and the Http headers WWW-Authenticate: Negotiate and WWW-Authenticate: NTLM.

How could I retrieve the token programmatically and send it attached with the request? Is this even possible or should we change something in the ADFS setup?

I couldn't find any useful article/tutorial that clarifies it, any suggestion would be really appreciated.

1
c#crmmicrosoft-dynamicsadfsws-federation
Hi @fabrizio moroni were you able to figure this out? We found hosted deployments straightforward with NTLM but with WS-Fed and no SAML config you're stuck. At the moment we're waiting to hear back about getting a client app Id, but wanted to check if you'd figured out a way around that per msdn.microsoft.com/en-gb/library/gg327838.aspx)Michael
no, unfortunately we haven't found any solution. We went back using the SOAP endpoint that even tough should have been deprecated in the last version is still out there and was suggested from our consultant as the preferred integration method. Oauth support seems to be the default in a cloud deployment, which is not our case.fabrizio moroni

1 Answers

0
votes

Have a read of the following articles, there is too much to re-paste here but I believe that should get you going in the right direction.

Authenticate to Microsoft Dynamics 365 with the Web API

When you use the Web API for Dynamics 365 (online) or an on-premises Internet-facing deployment (IFD) you must use OAuth as described in Connect to Microsoft Dynamics 365 web services using OAuth.