使用Azure AD凭据连接CRM Web服务
[英]Using Azure AD Credientials to Connect with CRM Webservices
问题描述
I have a .NET MVC application that is going to work together with CRM 2016 Online. 
我有一个.NET MVC应用程序,它将与CRM 2016 Online一起使用。 I added the Azure AD authentication to the project and it works fine so that users can log into it with the same accounts they use for CRM. 我向项目添加了Azure AD身份验证,它可以正常工作,以便用户可以使用与CRM相同的帐户登录到该项目。 If they are already logged, then there is no login screen. 如果它们已经被登录,则没有登录屏幕。
The problem is I want to use these credentials to Fetch data from CRM, either by the Organization Service or Web Api. 问题是我想通过组织服务或Web Api使用这些凭据从CRM提取数据。
How can I use the log in information I already have and pass it to the Service? 如何使用已有的登录信息并将其传递给服务? Any code samples on this anywhere? 任何地方都有代码示例吗?
Seems like the ADAL would be the way to go. 好像ADAL就是要走的路。 I tried this code here https://msdn.microsoft.com/en-us/library/gg327838.aspx 我在这里尝试了此代码https://msdn.microsoft.com/en-us/library/gg327838.aspx
// Authenticate the registered application with Azure Active Directory.
AuthenticationContext authContext =
new AuthenticationContext("https://login.windows.net/common", false);
AuthenticationResult result = authContext.AcquireToken(resource, clientId, new
Uri(redirectUrl));
There was no AuthenticationContext. 没有AuthenticationContext。 I added the ADAL NuGet-package to get this. 我添加了ADAL NuGet软件包来获取此包。 But fail! 但是失败! There is no AcquireToken method in AuthenticationContext. AuthenticationContext中没有AcquireToken方法。 There is one called AcquireTokenASync, which has totally different parameters. 有一个名为AcquireTokenASync的参数完全不同。 So I'm stuck here too! 所以我也被困在这里!
If this would work, could it use the Azure AD login I already have done, or would it popup a new login screen? 如果可以,它将使用我已经完成的Azure AD登录,还是会弹出一个新的登录屏幕?
1 个解决方案
解决方案1
0 2016-05-26 20:15:22
This might not be a perfect fit for your situation but you could. 这可能不适合您的情况,但可以。
- Run your MVC app under a service account. 在服务帐户下运行您的MVC应用。
- Use the service account credentials to access CRM. 使用服务帐户凭据访问CRM。
- When someone is logged into your MVC app, I presume you will have something like their email address or domain name available. 假定有人登录到您的MVC应用程序时,我想您将可以使用诸如电子邮件地址或域名之类的东西。
- As the service account search CRM for
systemuserrecords matching the email address or domain name.作为服务帐户,搜索CRM为systemuser匹配的电子邮件地址或域名记录。 You need to find the system user record Id.您需要找到系统用户记录ID。 - Create another
IOrganizationService, but pass the the user record Id you found in CRM.创建另一个IOrganizationService,但传递您在CRM中找到的用户记录ID。 - Effectively your service account is now impersonating the user logged into the MVC app. 实际上,您的服务帐户现在可以模拟登录到MVC应用程序的用户。 Anything you do will be done as the impersonated user. 您所做的任何事情都将以模拟用户的身份完成。
Impersonate another user 模拟其他用户
// Retrieve the system user ID of the user to impersonate.
OrganizationServiceContext orgContext = new OrganizationServiceContext(_serviceProxy);
_userId = (from user in orgContext.CreateQuery<SystemUser>()
where user.FullName == "Kevin Cook"
select user.SystemUserId.Value).FirstOrDefault();
// To impersonate another user, set the OrganizationServiceProxy.CallerId
// property to the ID of the other user.
_serviceProxy.CallerId = _userId;
Impersonate another user using the Web API 使用Web API模拟其他用户
POST [Organization URI]/api/data/v8.1/accounts HTTP/1.1
MSCRMCallerID: 00000000-0000-0000-000000000002
Accept: application/json
Content-Type: application/json; charset=utf-8
OData-MaxVersion: 4.0
OData-Version: 4.0
{"name":"Sample Account created using impersonation"}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.