stackoom
  简体   繁体   中英

How to get a SAML token from ADFS sever to pull data from dynamics CRM on-premises (non-sdk) in c#?

 原文  2019-08-04 02:49:13       c#/ dynamics-crm/ saml/ adfs

Question

I have tried to get a SAML token from ADFS to pull data from on-premises CRM (non-sdk), but I don't know how..I think I need to make a SOAP request to ADFS to get a SAML token by using postasync method, and then I think I need to put the token in a http header like below to pull data from CRM.

httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", TOKEN);

https://docs.microsoft.com/en-us/previous-versions/dynamicscrm-2016/developers-guide/gg327838(v=crm.8)

https://community.dynamics.com/crm/f/microsoft-dynamics-crm-forum/255985/crm2016-afds-authentication

https://gist.github.com/jlattimer/7b0ee146badfc57fc9c9

I have read those three links above (and other stuff), and tried them but it seems like the first two work only for sdk, not non-sdk. And, the github stuff didn't work for me, either. And I wonder if there is another way to generate a SOAP request instead of typing in everything like in the third link.

2 answers

solution1
 0  2019-08-05 15:05:33

There is two ways, which I know. In both ways you need to add your app as RPT to ADFS. Check this: https://docs.microsoft.com/ru-ru/windows-server/identity/ad-fs/operations/create-a-relying-party-trust Don't forget to enable saml protocol and set assertion consumer endpoint.

Solution one:

Just redirect all unauthorized users to https://your.adfs.instance/adfs/ls/IDpInitiatedSignon.aspx They will provide credentials and then will be asked to choose app for redirect. If you will specify app using Relay state in url there will be no choice. After that ADFS will send SAML response to endpoint, which was specified for RPT. If you use .NET, you can use WS-Fed module, which will automate this dataflow.

Solution two:

You can do the same on your backend. Thisis realization for .NET: https://blogs.msdn.microsoft.com/rodneyviana/2014/04/21/how-to-get-a-saml-protocol-response-from-adfs-using-c/

Also, you can make direct calls to ADFS, it'sa bit more native, but I don't guarantee that it will be SAML tokens. Here is example: Authentication in C# with Active Directory

UPD. I read your question again and not sure, that it is what you need.

solution2
 0 ACCPTED  2019-08-07 19:11:08

ADFS is an Identity Provider (IDP) and implements:

  • OpenID Connect
  • WS-Fed
  • SAML

Your client has to implement one of these three protocols.

You can't use SOAP.

For OpenID Connect (OIDC), you can use a REST API but that gives you a JWT, not a SAML token.

Once you have the access token via OIDC, you add it as ("Bearer", TOKEN) as you describe.

Good overview and samples .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to post data to Dynamics CRM in C# using Access Token Dynamically Pull Data from Dynamics CRM Online get related data from ms dynamics crm using XRM SDK Is it possible to inject claims into a SAML token using a custom c# module from an ADFS server? How to Convert a string received from dynamics CRM to Dictionary in C# How to get the option set from a field in an entity in CRM 2011 using crm sdk and C# How do I get a Refresh_Token from a ADFS 3.0 end point in C# MVC? How to get from ADFS a non-empty Recipient attribute in SAML Assertion How to move a WCF service layer from Azure to on-premises C# ADFS SAML token with Windows Auth / Current logged in user
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM