获取Oauth令牌后未经授权的Dynamics CRM Web API 401
[英]Dynamics CRM web api 401 Unauthorized after obtaining Oauth token
问题描述
I am having trouble making an HTTP GET request to our Dynamics CRM 2016 web API for a proof-of-concept. 
我无法向我们的Dynamics CRM 2016 Web API发出HTTP GET请求以进行概念验证。
I have followed this walk-through to create a multi-tenant web app set up on Azure Active Directory, which has been granted access to Dynamics CRM as an organisation user. 我已按照此演练创建了一个在Azure Active Directory上设置的多租户Web应用程序,该应用程序已被授予作为组织用户的Dynamics CRM访问权限。
I used this example code in order to obtain an access token. 我使用此示例代码来获取访问令牌。 This appears to work, providing me with what looks like a valid token. 这似乎有效,为我提供了看起来像有效令牌的东西。
I do a simple GET request using the token, which fails with a 401 Unauthorized . 我使用令牌执行了一个简单的GET请求,该请求失败并显示401 Unauthorized 。 The code: 编码:
class Test
{
public async Task RunAsync()
{
var resource = "https://<snip>.crm4.dynamics.com/api/data/v8.1/";
var authParams = AuthenticationParameters.CreateFromResourceUrlAsync(new Uri(resource))
.Result;
var authorityUrl = authParams.Authority;
var resourceUrl = authParams.Resource;
var clientId = "<snip>";
var client_secret = "<snip>";
var clientCredential = new ClientCredential(clientId, client_secret);
var authContext = new AuthenticationContext(authorityUrl, false);
var token = authContext.AcquireToken(resourceUrl, clientCredential);
var response = await CallApiAsync($"{resourceUrl}api/data/v8.1/accounts?$select=name&$top=3", token.AccessToken);
var content = await response.Content.ReadAsStringAsync();
Console.WriteLine(response.RequestMessage);
Console.WriteLine(response.Headers);
Console.WriteLine(response.ReasonPhrase);
Console.WriteLine(content);
}
private async Task<HttpResponseMessage> CallApiAsync(string uri, string token)
{
using (var httpClient = new HttpClient())
{
httpClient.DefaultRequestHeaders.Authorization =
new AuthenticationHeaderValue("Bearer", token);
httpClient.DefaultRequestHeaders.Add("Accept", "application/json");
httpClient.DefaultRequestHeaders.Add("OData-MaxVersion", "4.0");
httpClient.DefaultRequestHeaders.Add("OData-Version", "4.0");
return await httpClient.GetAsync(uri);
}
}
}
The request: 要求:
Method: GET, RequestUri: 'https://<snip>.crm4.dynamics.com/api/data/v8.1/accounts?$select=name&$top=3', Version: 1.1, Content: <null>, Headers:
{
Authorization: Bearer <snip>
Accept: application/json
OData-MaxVersion: 4.0
OData-Version: 4.0
}
Response: 响应:
REQ_ID: <snip>
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Tue, 21 Feb 2017 15:08:39 GMT
Set-Cookie: crmf5cookie=<snip>;secure; path=/
Server: Microsoft-IIS/8.5
WWW-Authenticate: Bearer authorization_uri=https://login.windows.net/<snip>/oauth2/authorize,resource_id=https://<snip>.crm4.dynamics.com/
X-Powered-By: ASP.NET
Unauthorized
HTTP Error 401 - Unauthorized: Access is denied
I feel like I'm missing something obvious? 我觉得我缺少明显的东西吗?
1 个解决方案
解决方案1
3 已采纳 2017-02-22 16:16:16
There is no CRM organization user being used. 没有正在使用的CRM组织用户。 Check out this Server to Server Auth tutorial. 查看此服务器到服务器身份验证教程。 You'll need to create an application user. 您需要创建一个应用程序用户。 There is a little more commentary here on the Tip of the Day for Server to Server Auth . 关于服务器到服务器认证的每日提示,这里还有更多评论。
Outside of Server to Server Auth you can authenticate as a CRM user using creds this way . 在Server to Server Auth之外,您可以使用信用凭证以CRM用户身份进行身份验证 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.