微软动态CRM专家罗勇 ,回复330或者20190504可方便获取本文,同时可以在第一间得到我发布的最新博文信息,follow me!
根据官方建议,不要再使用Dynamics 365 Customer Engagement的SOAP终结点,也就是组织服务,而应该使用Web API. 那么Web API如何通过认证呢?这就是本文要讲的内容.
本文使用的Dynamics 365 Customer Engagement 版本 1612 (9.0.3.7) (DB 9.0.3.7) (本地),服务器操作系统是Windows Server 2016 Datacenter,特别说明的是Windows Server 2016以前的版本是不支持的,本文主要是 HOW TO DO A DYNAMICS 365 WEB API REQUEST USING OAUTH2 ACCESS TOKEN RETRIEVED FROM ADFS 2016 文章的内容的翻译与实践,也加上了自己的探索与思考.
首先打开 AD FS Management,选中左边的 Application Groups,然后点击右边的 Add Application Group ... 这个Action。
新建Application Group的名字我这里设置为 OAuth 2 Server Application,Template请选择 【Server Application accessing a web API】。
添加一个Redirect URI,记下这个页面的 Client Identifier 备用。
在下一步的界面中选中 【Generate a shared secret】,将自动生成后的secret复制下来备用,也就是点击旁边的 【Copy to clipboard】按钮,再点击【Next】按钮。
在Identifier中输入【https://demo.luoyong.me/api/data/v9.0/】然后点击旁边的【Add】按钮,再点击【Next】按钮。
这个页面保持不变,直接点击【Next】按钮。
默认情况下这里只选中了 【openid】,保持不变点击【Next】按钮。
创建完成后还需要修改其属性,双击,选择 Web API那个条目,然后点击【Edit】按钮。
切换到【Issuance Transform Rules】这个Tabpage,点击【Add Rule...】按钮,添加如后图所示的三个rule。
第一个rule如下:
添加的第二个rule如下:
添加的第三个rule如下:
然后就可以用来获取Access Token了,根据 Password Grant 的请求说明,我这里先用Fiddler来模拟,发起一个POST请求到 https://demo.luoyong.me:444/adfs/oauth2/token ,grant_type=password&client_id=06e7a1c2-f0e5-4782-a801-32ef21c7abf1&client_secret=Wf87BDgy9G1-_FidM_upf08KkfNoZb7D-SuXR7eH&username=crmadmin%40luoyong.me&password=Pass%40wordXXXXXX&resource=https%3A%2F%2Fdemo.luoyong.me%2Fapi%2Fdata%2Fv9.0%2F 。
请求返回的内容是JSON格式如下:
{
"access_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IlRMUW52dDNxa2YtYVNIVDFkV0t0bkFMLUZGQSJ9.eyJhdWQiOiJodHRwczovL2RlbW8ubHVveW9uZy5tZS9hcGkvZGF0YS92OS4wLyIsImlzcyI6Imh0dHA6Ly9kZW1vLmx1b3lvbmcubWUvYWRmcy9zZXJ2aWNlcy90cnVzdCIsImlhdCI6MTU2MTI2MjY2NSwiZXhwIjoxNTYxMjY2MjY1LCJ1cG4iOiJjcm1hZG1pbkBsdW95b25nLm1lIiwicHJpbWFyeXNpZCI6IlMtMS01LTIxLTMwNTg2MDQxMDktMjU4NzIzMTYtMTIyNjc2ODE3NS01MDAiLCJ1bmlxdWVfbmFtZSI6IkxVT1lPTkdcXGNybWFkbWluIiwiYXBwdHlwZSI6IkNvbmZpZGVudGlhbCIsImFwcGlkIjoiMDZlN2ExYzItZjBlNS00NzgyLWE4MDEtMzJlZjIxYzdhYmYxIiwiYXV0aG1ldGhvZCI6InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkUHJvdGVjdGVkVHJhbnNwb3J0IiwiYXV0aF90aW1lIjoiMjAxOS0wNi0yM1QwNDowNDoyNS4xOTVaIiwidmVyIjoiMS4wIn0.MPLyid3G26pKnZnoWuoIcZ9wCRNION1Ks4th90ul8KSeU0ZXQ491VBZfqbdww7du_l8nM-EvUsUMDHxp-HpgPb_YVqMSzEVhl13qmmXr1vAApBqISV7JUnsZe9E2bDN4pbty8kIjBnFgV-BM6SYlBwGEK6WCbZcCVorSE8sz6Q_HD80AFKiWvop9bHT5UU-jupFSn7nvCCuQinw1Co1ipBCEWL3iJS3v-umLPyy-Scmiyh2eVywAt3o8lfRGgr1rTcpQWlPOO36vPVQ9yN2j2EwnoPo-XJuIpIsb66CqyhAarZyMgnCidddps-YB_kx2kR0THX3AbURLVuS1VSeAFw",
"token_type":"bearer",
"expires_in":3600,
"resource":"https://demo.luoyong.me/api/data/v9.0/",
"refresh_token":"IpaVCVc-VCTx4P3bfnORIOFTai8E4eWGKlz4QsxpQnsAAQAAEVgUKdY2COgdNh7QF5tUdUerc1QeRtyCVwjkRuc9XsDoBC-k0In7NrvywbKLCOGAqavKh2NYUDuw-HqJgwpXXg5PdV7MMOTfsIuOjBlG3qGgYrm64MH6sNtHGIbGqZbEML5MFTD2OjjdK4cL2KTMy8Pr_pfPmrS6yOGYPu409EzBn9qkoRhBiR0UzEssOYT0kvmQAwSz5PUnoPsKp3DwPpRRW7Gy0Ww0GGDYYhDYKXgj1Yf2-MYnJCqryt8XD3t5yx9IgjJDEjv8kzApDGzIi6Bd1365ddtVMtvd_z2AwNeG3dA8kBREgrnAgtYwd3Zl8t9UeLfMLD-CLGkpDmm0DwAGAAA5i-4WbFH6mSgAoTYdW8-RdJICj1ojXFzBESwb5wcKLtWzJdthM8Cqs6CNC93_hPWBGu-zq3ygJgsgQluhsEItx7wDG7_jBH_Vp95_jWpCRZFJOAkj8da2yQSSxasjJAqK88yXANDn5LbuqQ08Rh5nK952zERlCX9uqNtig3E--fKUEk1v9r4I_Rz6wxxH_DY2TxvbVqlTwWG2M-dNS56yYJnSltUXY9rpPVpA5Pqkt9tyCJbKcmryCLSn276jeHd1iGFo6OJHwqoKQDHJypglBtUtkhtSOgbJLq1PU40lyjIduzatrnvCjzdewx921CWldFuAq2Z1s-n19I-OmVeb7RrtNxsKMP2MLQGLg9SXFutAAuO5UcigA7swqESVs0dM8cYz2okokL87fTcWpaWJSVKiR0s2ms6WtW2akmQN67fRGhg9MqoxGLsnh50TwpL5Est9MNKa-c7dllMCvXOR6xeUZmHVdE4Sd3DveuwyDruCJp8Ca0y5ozxy6IS8OcbBRnF3_PGuC9eg5zQnsvysJV5BJttfKJUd3_cWa5zWtnV896eEeXO-8m3PhTAdAeazQy_BB4ohs_-IqTSjZcScX57oTNLJ5i-8WCQtB85nk44yljsEuToeEwHuVhP7z7VDc3CUu0m__-ojA_GAqukN7ySiTPh9XM4AivGtY7j_SqcecD4i219vm7IRikbM3EqGyb5-R6pFsHaaUvh940dg_RAxAqmzBJn82AbTUUkqUtTuLig9VV1U52C9Xzk1cKOjdlbae4P1Snyn_ADK2QVv4C_8L8YCWZssbYBP1uG9WjsUmGNVlUVkAnUhSAp12uVfD_5sYt2peIBfDWO_4c9Lr2nsfXW8igNYa0Ex7-nVk5bQIhSWbRqPGTF6rMFtuJnH80WARIHxL3oWfuzDC9w8e-vObn890fTYuoizubfD4QIHOQZidYhc9o9gmWRfec_hbXBZfBoG6Euw58jdluwHvtfo1LxylLPK7AfGPvbl0Yd1pcOX-y8CfmoVZrkLGAkjGQ9zkmnBTUkNmp9UYAUU5XzMcxqNnZDN-uYgvnT-XK9mxNh_KYuevljS52RlgV4oTwO_PfkVeNtEahbuv6uAfwCR_XRVhR3GPINNnmrsf9IsMq3nwQlamXcKWKug2vXfZk4qZ3b9TBLhEcm4b_f952cfbXuF35AC06hE3TCqSMnqEQYE_5ngJ4ExI4-2bkK3lJz5Fm0iZNJNpOmNnc_hEK229BoqATlhQGDmaaZIURUw-i86xrUNmWltFSlbhUxDkwOTLq8r7Q8yr1hkCG8qzEKOgGipVj8smb8vmd6_udSVTANUViANbj5kpbRZOeepp4Y6YgfdjOKjzZjOTF0JqH7WK8mjzSv8Mx2NS1sAlpD3bxJLxZI9PTwDmAc-dTCwWNalVLiOlezTXeF3dGIiHNf4sfW2i4oGPaUL1i8Apfa1rmDAS-xqxZhZUHJ7s13a8pXhfNMCzjJAkhisJYSCxpxBMQvQ7ZA0DgOXZr6HP7BkSIhUzrQnl7x07Hue9HnSTKnO2nC2hihmbluFvFEB_rL0l3MtT_IJZkTKoZHcUeehyrbS9aiS9jG2sprOtp-AyFwv8CXjF0fBPKRC_VcX0zj-Vpr_QLnGqLtWDsPZynK_-kxuGS_AwG08YHQ6VGI2_qJ2S5d7TqxO3G72fl2-4RpA6FL5BHcFZeEQOGtKWMe6ErhRsYJ243_iwmzm5Q_Uzix9YeF9Rg7OzZpMj1l0L9NEskuyBfxdtH720NZacp7Wtafl2v08jyfAG0HtRBUlFLghjmGEXpoZ-bstO0Wa-7bKB-3PIjNaHj9NnLNQOcrgrbXOfPceDf-T0GlEwL6Wtbvw9fy2GwJZW2RgxnKO5uk-wleJzuqwNQ2AZGjyzniFwl9z67V61wLaSCK8HQtLbwQLZCX5d94fRGwQ5ZDiAqO8NtVNm7H7opRUaA0OzperiR_Eu_FD3QaF7s7KUV6oTSBeCMcoEIm2wLFHY7AI2DDm-jNkS8dCQ8UAKQqiWhZxIrhIYIyPO5tLVT9bXQI.GUvzkNLUD-GrSwBoCYDQIcLuwY2qGnqGuDAuhbfkid1DKK5p3Jk--shF-dNimJuLzfC29poRc7fRiH85xC8LQkuSjQc2_3pmKcwMGMTg4ypt3vrIfmbfANBh_qTa4sU456QbPCViSGdp4dnELkzq9b1y21CYRkKXrqe1BYsEqGKiq-0o3NexQEB2woTddo_Z6j2WE6Dfn9bda6O8Dq-83qFRyfVAMM8LknZn5WPRhCcoR7b5zsa1g52wyyLtAGkJqRmVnBdJa0wvM0Tc9iQwo-5FnBBoGDNBIbtYspMjhQeGhOiQe6Bq2FUivJ4zxYcbIYDpvZBvQBovQUgQP_rLDw",
"refresh_token_expires_in":28800,
"id_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IlRMUW52dDNxa2YtYVNIVDFkV0t0bkFMLUZGQSIsImtpZCI6IlRMUW52dDNxa2YtYVNIVDFkV0t0bkFMLUZGQSJ9.eyJhdWQiOiIwNmU3YTFjMi1mMGU1LTQ3ODItYTgwMS0zMmVmMjFjN2FiZjEiLCJpc3MiOiJodHRwczovL2RlbW8ubHVveW9uZy5tZS9hZGZzIiwiaWF0IjoxNTYxMjYyNjY1LCJleHAiOjE1NjEyNjYyNjUsImF1dGhfdGltZSI6MTU2MTI2MjY2NSwic3ViIjoibERQeWlZdGV5elhXLzRaYlRXTHJCTGtjNG1MWS9jbE9Tb1cwSkVrTzIxQT0iLCJwd2RfZXhwIjoiMzM2NzQ2OSIsInNpZCI6IlMtMS01LTIxLTMwNTg2MDQxMDktMjU4NzIzMTYtMTIyNjc2ODE3NS01MDAiLCJ1cG4iOiJjcm1hZG1pbkBsdW95b25nLm1lIiwidW5pcXVlX25hbWUiOiJMVU9ZT05HXFxjcm1hZG1pbiIsInByaW1hcnlzaWQiOiJTLTEtNS0yMS0zMDU4NjA0MTA5LTI1ODcyMzE2LTEyMjY3NjgxNzUtNTAwIiwiYXBwdHlwZSI6IkNvbmZpZGVudGlhbCIsImFwcGlkIjoiMDZlN2ExYzItZjBlNS00NzgyLWE4MDEtMzJlZjIxYzdhYmYxIiwiYXV0aG1ldGhvZCI6InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkUHJvdGVjdGVkVHJhbnNwb3J0IiwidmVyIjoiMS4wIn0.jFIqKwAlr1xDVoREAggQPfgGEupiqLo4Ns8wrYwu8AANB0gGZTZsSdR-j0_VvUaaT8ZFLoOCBGcefDvAE_8x8MldAqlVVipBZOcn_uZFR00v5ZulT1jU2JRv7Bilq78RhaQVS4WxU0U7IAHogJ35yB0aAaqq524k_aWrqajXhK1bIf1Ywz529YY8rhoB_PT4Xa7Ne8xICUtd1ljycmzBVUlODSMMhKRhMvWR-VPeiPvhaZ2jUixJS-3AOWdRvNmGozoQVJLn5B3IqmV3NJj6OEqkbij9RLYoPFmBGcN-ibVhJQcARUesJiNyK_vEpGzH48Dcma9j1zCASRRpbj24vw"
}
将这个acccess_token的内容放到 https://jwt.io/ 去解析,可以看到详情如下图:
然后我就可以用这个access token去调用Dynamics 365 Customer Engagement 的Web API了,可以看到调用成功:
