Last night I heard about this requirement from one of my close friends and frankly speaking when I initially heard about it, I though it should be pretty straight forward and we should have good amount of examples out there in the www. But on to my surprise I barely can see very few examples in bits and pieces, here and there; Moreover, many of these examples (including in MSDN) are referring to the old Azure Classic site to do the app registration which is much different than what we have in the current Azure portal.

Henceforth, thought like it would be helpful to write an end-to-end example on how do we connect to Dynamics 365 webapi from a console application. Let’s start !!

There are 2 major steps involved in the process.

• Register the application with your Azure subscription
• Build the Console Application – Use the Client Id & Authority URL to connect to WebApi and do your “stuff”.

Before going into the detailed steps at this point, I would like you to ensure that, you have azure subscription and your crm (preferably both of them in same tenant). If it is in different tenant you might have to follow slightly different process which I will try to cover in next blog. For this post, I have created a Crm Trail organization and I will be using the same trail edition for Azure as well.

Registering the Application

1. Login to https://portal.azure.com, on the left navigation click Azure Active directory and click Add button on the top menu

   

2. Provide your desired name for the App registration. Note that it is not necessary to be the same Console application which you are going to build to connect to CRM. You can use any name but should be unique in the app registrations.
3. Select the Application type as Native (definitely we are not building any WebApplication/Web Api)
4. Provide a redirect URL. So, this is the url in general once after authentication AD will redirect to. In our case because we are not building a web application/api (basically non windows native application), we are free to use any kind of url. It doesn’t need to be a real end point but should follow a proper URL pattern. Here is how I have created my App Registration. Btw, you have to keep a note of this URL – we need it while working on the console application.

   

5. Click on the Create at the bottom of the page which should show you a new line item in the App registrations.Clicking on the App will show you the properties and Application ID (Also known as Client Id) of the Application. Make a note of it as this is one of the key take away for building the console app.

   

6. Now that we have the Application registered, We have to grant permission to this application to access our CRM services. Scroll to the right of the window and click on “Required Permissions” and Click on Add as shown below

   

7. Click on  Select an API  > and then select the Dynamics CRM Online API from the list. Click Select

   

8. Under the Select Permissions, Select the “Access CRM Online as organization users” and click on Select. With this, we are officially allowing our app to communicate with our CRM as a specific user as mentioned in Console app

   

9. Click on Done to finish the process of granting permissions and now you should be able to see that the app is having permissions to Access CRM online

   

    

With this we are done with the App Registration part of it. Now let’s go for the Console application.

Build Console Application

1. Start the Visual studio and create new Console Application project (C# only please 🙂 )
2. First of all add Microsoft.IdentityModel.Clients.ActiveDirectory Nuget package to the solution. If you are not familiar on how to use Nuget, check out here
3. Declare the global variables which holds AuthenticationContext, token, redirecturl and client id as shown below

   /// <summary>
   /// Holds the Authentication context based on the Authentication URL
   /// </summary>
   static AuthenticationContext authContext;
   
   /// <summary>
   /// Holds the actual authentication token once after successful authentication
   /// </summary>
   static AuthenticationResult authToken;
   
   /// <summary>
   /// This is the API data url which we will be using to automatically get the
   ///  a) Resource URL - nothing but the CRM url
   ///  b) Authority URL - the Microsoft Azure URL related to our organization on to which we actually authenticate against
   /// </summary>
   static string apiUrl = "https://ansrikanth1.crm8.dynamics.com/api/data";
   
   /// <summary>
   /// Client ID or Application ID of the App registration in Azure
   /// </summary>
   static string clientId = "7d2f2ceb-01f9-4375-923d-39c2e134ead2";
   
   
   /// <summary>
   /// The Redirect URL which we defined during the App Registration
   /// </summary>
   static string redirectUrl = "ms-console-app://SecondApp"; 

4. Though we can always hard code Authority URL (which is actually the Azure Url related to the organization against which we have to authenticate), I like the way it is mentioned in this MSDN article where we can request the ResourceUrl from AuthenticationParmeters in runtime. This way we really don’t need to hard code the Resource & Authority URLs. Here is how we can do this

    // Get the Resource Url & Authority Url using the Api method. This is the best way to get authority URL
   // for any Azure service api.
   AuthenticationParameters ap = AuthenticationParameters.CreateFromResourceUrlAsync(new Uri(apiUrl)).Result;
   
   string resourceUrl = ap.Resource;
   string authorityUrl = ap.Authority;
   
   //Generate the Authority context .. For the sake of simplicity for the post, I haven't splitted these
   // in to multiple methods. Ideally, you would want to use some sort of design pattern to generate the context and store
   // till the end of the program.
   authContext = new AuthenticationContext(authorityUrl, false); 

5. Once after generating the AuthorityContext, Use AcquireTokenAsync method to request the token as shown below

   try
   {
   //Check if we can get the authentication token w/o prompting for credentials.
   //With this system will try to get the token from the cache if there is any, if it is not there then will throw error
   authToken = await authContext.AcquireTokenAsync(resourceUrl, clientId, new Uri(redirectUrl), new PlatformParameters(PromptBehavior.Never));
   }
   catch (AdalException e)
   {
   if (e.ErrorCode == "user_interaction_required")
   {
   // We are here means, there is no cached token, So get it from the service.
   // You should see a prompt for User Id & Password at this place.
   authToken = await authContext.AcquireTokenAsync(resourceUrl, clientId, new Uri(redirectUrl), new PlatformParameters(PromptBehavior.Auto));
   }
   else
   {
   throw;
   }
   }

   If you observe the code here, First we tried to get the token with out prompting for credentials. At this time, it will try to get the token from Cache. If it is not there then it will throw error with code as “User Interaction Required”, in which case we will actually call for token by making Credentials prompt auto.

6. Now that we got the access token as well, the left out part is using HttpClient and access the webapi.

   using (HttpClient httpClient = new HttpClient())
   {
   httpClient.Timeout = new TimeSpan(0, 2, 0);  // 2 minutes time out period.
   
   // Pass the Bearer token as part of request headers.
   httpClient.DefaultRequestHeaders.Authorization =
   new AuthenticationHeaderValue("Bearer", token);
   
   
   var data = await httpClient.GetAsync("https://ansrikanth1.crm8.dynamics.com/api/data/v8.2/accounts?$select=name");
   
   
   if (data.StatusCode == System.Net.HttpStatusCode.OK)
   {
   // If the status code is success... then print the api output.
   WriteLine(await data.Content.ReadAsStringAsync());
   }
   else
   {
   // Failed .. ???
   WriteLine($"Some thing went wrong with the data retrieval. Error code : {data.StatusCode} ");
   }
   ReadLine();
   
   } 

7. That’s it, we are done with the required coding part as well. For your quick reference, here is the full source code of the console app.

using Microsoft.IdentityModel.Clients.ActiveDirectory;
using System;
using System.Net.Http;
using System.Net.Http.Headers;
using static System.Console;

namespace ConnectToCrmWebApi
{
class Program
{
/// <summary>
/// Holds the Authentication context based on the Authentication URL
/// </summary>
static AuthenticationContext authContext;

/// <summary>
/// Holds the actual authentication token once after successful authentication
/// </summary>
static AuthenticationResult authToken;

/// <summary>
/// This is the API data url which we will be using to automatically get the
///  a) Resource URL - nothing but the CRM url
///  b) Authority URL - the Microsoft Azure URL related to our organization on to which we actually authenticate against
/// </summary>
static string apiUrl = "https://ansrikanth1.crm8.dynamics.com/api/data";

/// <summary>
/// Client ID or Application ID of the App registration in Azure
/// </summary>
static string clientId = "7d2f2ceb-01f9-4375-923d-39c2e134ead2";


/// <summary>
/// The Redirect URL which we defined during the App Registration
/// </summary>
static string redirectUrl = "ms-console-app://SecondApp";

static void Main(string[] args)
{
GetToken();

ReadLine();
}

internal static async void GetToken()
{
try
{
// Get the Resource Url & Authority Url using the Api method. This is the best way to get authority URL
// for any Azure service api.
AuthenticationParameters ap = AuthenticationParameters.CreateFromResourceUrlAsync(new Uri(apiUrl)).Result;

string resourceUrl = ap.Resource;
string authorityUrl = ap.Authority;

//Generate the Authority context .. For the sake of simplicity for the post, I haven't splitted these
// in to multiple methods. Ideally, you would want to use some sort of design pattern to generate the context and store
// till the end of the program.
authContext = new AuthenticationContext(authorityUrl, false);

try
{
//Check if we can get the authentication token w/o prompting for credentials.
//With this system will try to get the token from the cache if there is any, if it is not there then will throw error
authToken = await authContext.AcquireTokenAsync(resourceUrl, clientId, new Uri(redirectUrl), new PlatformParameters(PromptBehavior.Never));
}
catch (AdalException e)
{
if (e.ErrorCode == "user_interaction_required")
{
// We are here means, there is no cached token, So get it from the service.
// You should see a prompt for User Id & Password at this place.
authToken = await authContext.AcquireTokenAsync(resourceUrl, clientId, new Uri(redirectUrl), new PlatformParameters(PromptBehavior.Auto));
}
else
{
throw;
}
}

WriteLine("Got the authentication token, Getting data from Webapi !!");

GetData(authToken.AccessToken);

}
catch (Exception ex)
{
WriteLine($"Some thing unexpected happened here, Please see the exception details : {ex.ToString()}");
}
}

internal static async void GetData(string token)
{
using (HttpClient httpClient = new HttpClient())
{
httpClient.Timeout = new TimeSpan(0, 2, 0);  // 2 minutes time out period.

// Pass the Bearer token as part of request headers.
httpClient.DefaultRequestHeaders.Authorization =
new AuthenticationHeaderValue("Bearer", token);


var data = await httpClient.GetAsync("https://ansrikanth1.crm8.dynamics.com/api/data/v8.2/accounts?$select=name");


if (data.StatusCode == System.Net.HttpStatusCode.OK)
{
// If the status code is success... then print the api output.
WriteLine(await data.Content.ReadAsStringAsync());
}
else
{
// Failed .. ???
WriteLine($"Some thing went wrong with the data retrieval. Error code : {data.StatusCode} ");
}
ReadLine();

}
}
}
}

Now, It’s time to run the application and see how it works. When you first run the app, it should show you the login page as shown here.

Once after providing the password, for the first time it will prompt for approving the access permissions

That’s it, you should be able to see your data. Note that, I have just placed the raw JSON data as it is on the console window. It’s you to decide how you want to parse it or read it further on.

Some of the points to note:

• It is always suggestible to call the Authentication generation token every time we call the WebApi. If the token is expired, the method will automatically calls for new token.
• You can use native .NET JSON serializer or you can go for Newtonsoft serializer
• We can hard code the User credentials and avoid the prompt for credentials as well. I will write it in next blog. However, “they” say it is security issue and highly suggesting to avoid this method. Have to think once again !! 🙂

Hope this would helps you in your projects, share your thoughts/comments !!

Happy coding 🙂