我正在尝试利用某些RetailServer功能创建一个外部应用程序。在我的情况下,C1授权是强制性的。值得注意的是,没有客户或用户可以访问此应用程序,它将仅用作自动化形式。
到目前为止,我所做的是:
1)在Azure Active Directory中添加应用程序。
2)将来自第1)点的带有clientId和密码的身份提供者添加到D365。
3)以具有完全系统访问权限的用户的身份在Azure Active Directory应用程序窗体的D365中添加应用程序。
4)创建一种用于从RetailServer提取现有购物车的测试方法。
代码:
AuthenticationContext authenticationContext = new AuthenticationContext(tenantAuthority, false);
AuthenticationResult authResult = null;
authResult = await authenticationContext.AcquireTokenAsync(retailserverAddress, new ClientCredential(clientID, clientSecret));
ClientCredentialsToken clientCredentialsToken = new ClientCredentialsToken(authResult.AccessToken);
Microsoft.Dynamics.Commerce.RetailProxy.RetailServerContext retailServerContext = Microsoft.Dynamics.Commerce.RetailProxy.RetailServerContext.Create(new Uri(retailserverAddress + "/Commerce"), OUN, clientCredentialsToken);
Microsoft.Dynamics.Commerce.RetailProxy.ManagerFactory managerFactory;
managerFactory = Microsoft.Dynamics.Commerce.RetailProxy.ManagerFactory.Create(retailServerContext);
Microsoft.Dynamics.Commerce.RetailProxy.ICartManager cartManagerTest = managerFactory.GetManager<Microsoft.Dynamics.Commerce.RetailProxy.ICartManager>();
Microsoft.Dynamics.Commerce.RetailProxy.Cart cartFromProxy = await cartManagerTest.Read(cartWithLine.Id);
重要的是,我不想扩展或修改CRT / RS / D365代码。有没有办法做到这一点?
现在,我所有的呼叫似乎都是匿名的,因此即使Azure Active Directory应用程序用户具有完全访问权限,也无法执行。
错误:
An exception of type: 'Microsoft.Dynamics.Commerce.Runtime.UserAuthorizationException' occurred while executing Microsoft.Dynamics.Commerce.Runtime.Services.Messages.CheckAccessServiceRequest request by Microsoft.Dynamics.Commerce.Runtime.Services.UserAuthenticationService. Error resource id: 'Microsoft_Dynamics_Commerce_Runtime_AuthorizationFailed', Exception: Microsoft.Dynamics.Commerce.Runtime.UserAuthorizationException: Assigned role is not allowed to perform this operation.
at Microsoft.Dynamics.Commerce.Runtime.Services.CommerceAuthorization.CheckAccess(ICommercePrincipal principal, RetailOperation operationId, RequestContext context, String[] allowedRoles, Boolean deviceTokenRequired, Boolean nonDrawerOperationCheckRequired)
at Microsoft.Dynamics.Commerce.Runtime.Services.UserAuthenticationService.CheckAccess(CheckAccessServiceRequest request)
at Microsoft.Dynamics.Commerce.Runtime.Services.UserAuthenticationService.Execute(Request request)
at Microsoft.Dynamics.Commerce.Runtime.CommerceRuntime.Execute[TResponse](Request request, RequestContext context, IRequestHandler handler, Boolean skipRequestTriggers).
我将不胜感激,因为我拒绝相信这是不可能的。