Dynamics 365 CE And Azure Function - Part Three

This article is about server to server authentication between Azure function and Dynamics 365.

Introduction

This is our third article in the Dynamics 365 and Azure series. In the first article, we discussed the basic introduction of Azure Functions and the way to set an Azure Functions app. In our second article, we discussed how we can connect to Dynamics 365 organization using a hard-coded username and password. Today, we are going to discuss how we can get rid of hard-coded credentials and use a server to server authentication. Please go through the previous articles here -
Details

To implement a Server for Server Authentication, we need the following three things.
 
 
 
First, we need to get a tenant id. So, log into the Azure portal and navigate to Azure Active Directory -> Properties and note down the Directory ID which is our tenant id.
 
 
 
Once we get our tenant id, now we need to get application id and key details. We need an application id to set up the application user in Dynamics 365. To get these details, we need to register the app in Azure Active Directory. For that, navigate to Azure Active Directory and click on "New application registration".
 
 
 
Provide your app details and click on "Create".
 
 
 
Once the application registration is done, note down the Application ID
 
 
 
Go to Dynamics 365 organization and navigate to Settings->Security-> Users and change the view to Application Users. Click on the "New" button to add an application user. Make sure the Application User form is selected, use application id that you copied from the Azure portal, provide an email address, and create application user. Once a user is created, add the required security role for this user.
 
 
 
Next, we need a never expiring key for our application. Click on Settings -> Keys and add a "never expires" key.
 
 
 
Now, we have all the required information ready. We can use these details in our following code of Azure Function trigger.
  1. private static OrganizationWebProxyClient GetCRMService() {  
  2.     var aadInstance = "https://login.microsoftonline.com/";  
  3.     var organizationUrl = "https://yourDynamicsCRM.crm.dynamics.com";  
  4.     var tenantId = "aeb....";  
  5.     var applicationId = "c86...";  
  6.     var key = "7jNY.....";  
  7.     var clientcred = new ClientCredential(applicationId, key);  
  8.     var authenticationContext = new AuthenticationContext(aadInstance + tenantId);  
  9.     var authenticationResult = authenticationContext.AcquireTokenAsync(organizationUrl, clientcred);  
  10.     var requestedToken = authenticationResult.Result.AccessToken;  
  11.     var sdkService = new OrganizationWebProxyClient(new Uri(organizationUrl + @ "/xrmservices/2011/organization.svc/web?SdkClientVersion=8.2"), false);  
  12.     sdkService.HeaderToken = requestedToken;  
  13.     return sdkService;  
  14. }  
Now, we can update our code to use OrganizationWebProxyClient method like the following.
  1. OrganizationWebProxyClient service = GetCRMService();  
We also need to add the following references to use OrganizationWebProxyClient in our Azure Function trigger.
  1. using Microsoft.Xrm.Sdk.WebServiceClient;   
Using this way, we can avoid using hard-coded credentials and use server to server authentication. Stay tuned for more Dynamics 365 content!!