1. 首页
  2. 问答
  3. 动态CRM web api 401获取Oauth令牌后未经授权

动态CRM web api 401获取Oauth令牌后未经授权

2017-02-22 146 views
1

我无法向我们的Dynamics CRM 2016 Web API发出HTTP GET请求以进行概念验证。动态CRM web api 401获取Oauth令牌后未经授权

我按照this walk-through创建了一个在Azure Active Directory上设置的多租户Web应用程序,该应用程序已被授予Dynamics CRM作为组织用户的访问权限。

我使用this example code为了获得访问令牌。这似乎工作,给我看起来像一个有效的令牌。

我使用令牌执行简单的GET请求,该令牌失败,出现401 Unauthorized。代码:

class Test 
{ 
    public async Task RunAsync() 
    { 
     var resource = "https://<snip>.crm4.dynamics.com/api/data/v8.1/"; 
     var authParams = AuthenticationParameters.CreateFromResourceUrlAsync(new Uri(resource)) 
      .Result; 
     var authorityUrl = authParams.Authority; 
     var resourceUrl = authParams.Resource; 

     var clientId = "<snip>"; 
     var client_secret = "<snip>"; 
     var clientCredential = new ClientCredential(clientId, client_secret); 

     var authContext = new AuthenticationContext(authorityUrl, false); 
     var token = authContext.AcquireToken(resourceUrl, clientCredential); 

     var response = await CallApiAsync($"{resourceUrl}api/data/v8.1/accounts?$select=name&$top=3", token.AccessToken); 
     var content = await response.Content.ReadAsStringAsync(); 

     Console.WriteLine(response.RequestMessage); 
     Console.WriteLine(response.Headers); 
     Console.WriteLine(response.ReasonPhrase); 
     Console.WriteLine(content); 
    } 

    private async Task<HttpResponseMessage> CallApiAsync(string uri, string token) 
    { 
     using (var httpClient = new HttpClient()) 
     { 
      httpClient.DefaultRequestHeaders.Authorization = 
       new AuthenticationHeaderValue("Bearer", token); 
      httpClient.DefaultRequestHeaders.Add("Accept", "application/json"); 
      httpClient.DefaultRequestHeaders.Add("OData-MaxVersion", "4.0"); 
      httpClient.DefaultRequestHeaders.Add("OData-Version", "4.0"); 

      return await httpClient.GetAsync(uri); 
     } 
    } 
}

请求:

Method: GET, RequestUri: 'https://<snip>.crm4.dynamics.com/api/data/v8.1/accounts?$select=name&$top=3', Version: 1.1, Content: <null>, Headers: 
{ 
    Authorization: Bearer <snip> 
    Accept: application/json 
    OData-MaxVersion: 4.0 
    OData-Version: 4.0 
}

响应:

REQ_ID: <snip> 
Strict-Transport-Security: max-age=31536000; includeSubDomains 
Date: Tue, 21 Feb 2017 15:08:39 GMT 
Set-Cookie: crmf5cookie=<snip>;secure; path=/ 
Server: Microsoft-IIS/8.5 
WWW-Authenticate: Bearer authorization_uri=https://login.windows.net/<snip>/oauth2/authorize,resource_id=https://<snip>.crm4.dynamics.com/ 
X-Powered-By: ASP.NET 

Unauthorized 
HTTP Error 401 - Unauthorized: Access is denied

我觉得我失去了一些东西明显?

来源

2017-02-22 ImDarrenG

回答

3

没有使用CRM组织用户。看看这个Server to Server Auth教程。您需要创建一个应用程序用户。在Tip of the Day for Server to Server Auth这里有更多的评论。

服务器之外的服务器身份验证您可以authenticate as a CRM user using creds this way

来源

2017-02-22 16:16:16

+0

感谢这是进步:)使用后一种方法,我现在在'AcquireToken(resourceUrl,clientId,userCredential)'上得到一个异常':'AADSTS70002:请求主体必须包含以下参数:'client_secret或client_assertion'。任何进一步的帮助将不胜感激?似乎没有接受客户端凭证和用户凭证的过载 – ImDarrenG

+0

将身份验证用作CRM用户,并将Azure AD中的应用程序设置为本地而不是Web API,从而使其工作。 – ImDarrenG

+0

请检查我的答案http://stackoverflow.com/a/43164164/1063168 – PhuocLe

相关问题

 相关问题