Calling Dynamics 365 CRM API from .NET Core 3.1 with MSAL.NET Authentication and Azure AD
By Ivan Krsul, CEO Artexacta S.R.L.
Introduction
Our objective is to call the Dynamics 365 CRM API from the .NET Core daemon console application using the new MSAL.NET Authentication.
Microsoft Authentication Library (MSAL, in the Microsoft.Identity.Client package) is the library that's used to sign-in users and request tokens for accessing an API protected by the Microsoft identity platform. Our application requests tokens by using the application's own identity instead of delegated permissions. The authentication flow in this case is known as a client credentials OAuth flow. For more information on how to use MSAL.NET with a client credentials flow, see this article: https://aka.ms/msal-net-client-credentials
Azure Application Registration
We want to be able to connect a .NET Core Console application to the Microsoft Dynamics 365 API. The Microsoft Dynamics 365 API requires that you register your application in the Azure Active Directory. Go to https://portal.azure.com and there go to the Azure Active Directory
In the Active Directory page, you will register your application. Click on the “App registrations” menu item.
Click on the “New Registration” item to create your new application
In the registration page, add the name of your application and select the first radio button, since this application is only going to work for this organization. We don’t need to put anything on the redirect URI, since this is going to be a daemon console app.
Our application will be a daemon console application (i.e. something that will not have a user interface) and hance we cannot use the credentials for an existing user. We will create a Client Secret that will be used by our application. Go to the “Certificate & secrets” section of the application configuration page and click on “New client secret”. Once you create a secret you will need to copy the secret value because this secret will no longer be displayed in the future:
Now we need to add permission to sign in and to access Dynamics CRM to this application. We go to the “API permissions” section and there we click on the “Add a permission” button to add permissions to “Microsoft Graph User. Read” and “Dynamics CRM user impersonation” as shown below.
To add permissions to Dynamics CRM, click on the “Add a permission” button and from the pop-up menu select Dynamics CRM. You can also go to “APIs my organization uses” and there search for “Dataverse”