Connect Dynamics 365 from Console C# Application in MFA Enabled Access using Client Secret and Azure Client ID
We can connect Dynamics 365 using User Name, Password and Dynamics 365 URL and Client ID if Multi factor Authentication (MFA) is not used. When Multi-Factor Authentication is enabled this connection will not work.
So for this we have to use Client Secrets for connection. Follow the steps below to connect MFA Enabled Dynamics 365 Organization from C# console Application.
NOTE : This method will work for both Non-MFA and MFA Enabled Dynamics 365
Step:1- Configure App Registration in Azure Active Directory
First we have to configure App Registration in Active Directory. Open Office.com and login using your organization credential. then click on the Left-Bottom corner All Apps icon. Then click on Admin App. or you can directly navigate to O365 Admin Center using organizational credential.
Once the screen opens Click on Left panel Show All option then choose Azure Active Directory or you can directly navigate to Azure AD by clicking https://aad.portal.azure.com/.
In this screen you have to click on Left Panel Azure Active Directory then chose App Registration.
Click on New Registration and provide the below values.
Name : ConsoleApp, Supported Account Type as Single Tenant, Redirect URI as http://localhost
Now click on Register. After registration note two things. This two ID we need in our code.
- Application (client) ID: ac0fdb5e-dbba-4587-be68-44c04eb189de
- Directory (tenant) ID: 9e650004-64c2-4599-b4ee-228d0f4ddb1c
Use the copy to clipboard option to copy the values.
Next we have to provide API permission to the APP. on same App page go to API Permissions option Click on Add Permission and in the list Select Dynamics CRM.
Then Select Delegated Permission. Select the User Impersonation permission. Then click Add Permission button.
Next We have to Grant Admin Consent for the permission. Click the Grant admin consent and click Yes.
Now the status will display as Granted. Now we are ready to process next step.
Next we have to generate a Client Secret for the App. In the App click on Certificates & Secrets. Click on New client Secret.
Provide a name and choose Expires as 24 months and click Add.
Now quickly copy the Secret ID and value. Because if you do not copy after sometime you will not get the value.
For me Secret Value : JgG5FJF0-PFA~9EkSz5-07–_etZlLVFaz and Secret ID is : 2c1241f3-ee00-474f-b765-b2bfe5697d80
This Secret Value is required in our code.
Step:2- Configure Application user in Dynamics 365 Admin Centre
Open the Dynamics 365 (https://yourorg.crm.dynamics.com/) Application and go to Advanced Settings and Choose Security and Select Users. Change the View to Application User and click on Add new User.
After clicking Add new choose the User section as Application user by selecting the arrow icon .
Now provide the Client ID we have copied from Azure Active Directory in the Application ID field and save the record. some other fields will be automatically populated on save.
After this above step of user addition assign a security role to the user by using an existing security role or you can create a new security role.
The best practice is to create a new security role and configure the privileges and access levels that the Application user can perform from Code. For this demo I have assigned as System Customizer Role.
Now we are ready to use App ID, Client Secret from Console Application.
Step:3- Create a console Application in C# and use Client ID and Client Secret for CRUD operation
Create console application and add required Microsoft assemblies using NuGet Package Manager.
Once added all Microsoft XRM assemblies modify the Program.cs class file to add below code.
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using Microsoft.Xrm.Sdk;
using Microsoft.Xrm.Sdk.Query;
using Microsoft.Xrm.Tooling.Connector;
namespace DataverseConsoleApp
{
class Program
{
static void Main(string[] args)
{
Console.WriteLine("Console App started");
IOrganizationService orgService;
orgService = GetOrganizationServiceClientSecret(
"c77c4ed4-d0a4-4c1f-b73f-1328ec49e21e",
"W2R8Q~cqlcQkXdBhdxA_8Xzt7Fq0OnhmkwiJ_ch~",
"https://devboxsoftchief.crm8.dynamics.com/");
Entity account = new Entity();
account.LogicalName = "account";
account["name"] = "Softchief Account";
var createacc = orgService.Create(account);
Console.ReadLine();
}
public static IOrganizationService GetOrganizationServiceClientSecret(string clientId, string clientSecret, string organizationUri)
{
try
{
var conn =
new CrmServiceClient($@"AuthType=ClientSecret;url={organizationUri};ClientId={clientId};ClientSecret={clientSecret}");
return conn.OrganizationWebProxyClient != null ? conn.OrganizationWebProxyClient : (IOrganizationService)conn.OrganizationServiceProxy;
}
catch (Exception ex)
{
Console.WriteLine("Error while connecting to CRM " + ex.Message);
Console.ReadKey();
return null;
}
}
}
}
Now it will Success. You can perform CRUD operation.
Hope this helps.