Dynamics CRM web api 401获取Oauth令牌后未经授权

时间:2017-02-22 13:52:09

标签: c# azure oauth dynamics-crm dynamics-crm-2016

我无法向Dynamics CRM 2016网络API发出HTTP GET请求以获取概念验证。

我已按照this walk-through创建了一个在Azure Active Directory上设置的多租户Web应用程序,该应用程序已被授予组织用户对Dynamics CRM的访问权限。

我使用this example code来获取访问令牌。这似乎有效,为我提供了看似有效的令牌。

我使用令牌执行简单的GET请求,该令牌因401 Unauthorized而失败。代码:

class Test
{
    public async Task RunAsync()
    {
        var resource = "https://<snip>.crm4.dynamics.com/api/data/v8.1/";
        var authParams = AuthenticationParameters.CreateFromResourceUrlAsync(new Uri(resource))
            .Result;
        var authorityUrl = authParams.Authority;
        var resourceUrl = authParams.Resource;

        var clientId = "<snip>";
        var client_secret = "<snip>";
        var clientCredential = new ClientCredential(clientId, client_secret);

        var authContext = new AuthenticationContext(authorityUrl, false);
        var token = authContext.AcquireToken(resourceUrl, clientCredential);

        var response = await CallApiAsync($"{resourceUrl}api/data/v8.1/accounts?$select=name&$top=3", token.AccessToken);
        var content = await response.Content.ReadAsStringAsync();

        Console.WriteLine(response.RequestMessage);
        Console.WriteLine(response.Headers);
        Console.WriteLine(response.ReasonPhrase);
        Console.WriteLine(content);
    }

    private async Task<HttpResponseMessage> CallApiAsync(string uri, string token)
    {
        using (var httpClient = new HttpClient())
        {
            httpClient.DefaultRequestHeaders.Authorization =
                new AuthenticationHeaderValue("Bearer", token);
            httpClient.DefaultRequestHeaders.Add("Accept", "application/json");
            httpClient.DefaultRequestHeaders.Add("OData-MaxVersion", "4.0");
            httpClient.DefaultRequestHeaders.Add("OData-Version", "4.0");

            return await httpClient.GetAsync(uri);
        }
    }
}

请求:

Method: GET, RequestUri: 'https://<snip>.crm4.dynamics.com/api/data/v8.1/accounts?$select=name&$top=3', Version: 1.1, Content: <null>, Headers:
{
  Authorization: Bearer <snip>
  Accept: application/json
  OData-MaxVersion: 4.0
  OData-Version: 4.0
}

响应:

REQ_ID: <snip>
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Tue, 21 Feb 2017 15:08:39 GMT
Set-Cookie: crmf5cookie=<snip>;secure; path=/
Server: Microsoft-IIS/8.5
WWW-Authenticate: Bearer authorization_uri=https://login.windows.net/<snip>/oauth2/authorize,resource_id=https://<snip>.crm4.dynamics.com/
X-Powered-By: ASP.NET

Unauthorized
HTTP Error 401 - Unauthorized: Access is denied

我觉得我错过了一些明显的东西?

1 个答案:

答案 0 :(得分:3)

没有使用CRM组织用户。查看此Server to Server Auth教程。您需要创建一个应用程序用户。 Tip of the Day for Server to Server Auth上有一些评论。

在服务器到服务器身份验证之外,您可以authenticate as a CRM user using creds this way

相关问题
最新问题