Dynamics 365 OAuth2 CRM Web API Request based on ADFS 2016 and generate token based access to CRM.

Details

Note: Please click on the image to see more detail view.

1. In ADFS Management, right-click Application Groups. Then select Add Application Group.

 2. In the Add Application Group Wizard:

1.     Under Name, enter Test CRM web API.

2.     Under Client-Server applications, select the Server application accessing a Web API template.

3.     Select Next.

3.     Under Name, enter SOAPUItest application-Server application

- Copy the Client Identifier value. You'll use it later in the application's web.config file. It's the value for ida:ClientId.

- For Redirect URI, enter - Select Add, and then select Next.

 

NOTE:- Copy the Client Identifier

4.     On the Configure Application Credentials page:

1.     Select Generate a shared secret.

2.     Copy the secret. You'll use this secret later in the application's web.config file. It's the value for ida:ClientSecret.

3.     Select Next.

 

NOTE:- Copy the Secret

5.     On the Configure Web API page:

1.     For Identifier, Dev CRM endpoint url enter https://crmTest.com/TestDev/api/data/v8.1/

You'll use this value later in the application's web.config file. It's the value for ida:GraphResourceId.

2.     Select Add.

3.     Select Next.

 

6. On the Apply Access Control Policy page, select Permit everyone. Then select Next.

 

7. On the Configure Application Permissions page, make sure openid is selected. Then select Next.

 

8. On the Summary page, select Next.

9. On the Complete page, select Close.

10. Configure or edit the Application group, so open it again.

-Under Web API -> Select Test CRM web api-Web API

- Click on Edit

11.  On the top ribbon bar/tab select Issuance Transform Rules

Here we will mention the claim description which the Dynamics CRM requires So

-          Click on the Add Rule

12. Select Rule Tempalte will be opened.

-          Select Claim rule templates: from drop down choose Pass Through or Filter an Incoming Claim

-          Click Next

13. We will enter three claim rule: First is below:-

-          Claim rule name: Pass through Primary SID

-          Incoming claim Type: Primary SID

-          Click Finish

14. Now we will enter Scond Claim rule:-

-          Select Add rule

15. Repeat step 13.

Select Rule Tempalte will be opened.

-          Select Claim rule templates: from drop down choose Pass Through or Filter an Incoming Claim

-          Click Next

16. We will enter three claim rule: Second is below:-

                             -          Claim rule name: Pass through UPN

-          Incoming claim Type: UPN

-          Click Finish.

17. Now we will enter third Claim rule:-

-          Select Add rule

18. Make sure to select Transform an incoming Claim this type

      Select Rule Tempalte will be opened.

-          Select Claim rule templates: from drop down choose Transform an Incoming Claim

-          Click Next

19. We will enter three claim rule: Second is below:-

-          Claim rule name: Transform Windows account name to Name

-          Incoming claim Type: Windows account name

-          Outgoing claim type: Name

-          Click Finish

20. On the top ribbon bar/tab select Issuance Transform Rules you will see now three rules

      After adding three rules as in a screenshot:-

-          Click on the Apply

-          Click on the Ok

21. At the last step on the Test CRM web API Properties window:-

-          Click OK

The configuration is completed, check parameters client_id, client_secret, resource.

Test the API in the Fiddler.

grant_type=password&username=Enter username&password=Enter password&scope=openid&client_id=Enter client id here&redirect_uri=http://localhost/callback&client_secret=Enter secretid here&resource=https://crmTest.com/TestDev/api/data/v8.1/

Last, parse out the token and validate it, with the user's primarysid, upn and other information(https://jwt.io/)