Dynamics CRM web api 401 获取 Oauth 令牌后未经授权
Dynamics CRM web api 401 Unauthorized after obtaining Oauth token
我在向我们的 Dynamics CRM 2016 网站发出 HTTP GET 请求时遇到问题 API 以进行概念验证。
我已经按照 this walk-through 创建了一个在 Azure Active Directory 上设置的多租户 Web 应用程序,该应用程序已被授予作为组织用户访问 Dynamics CRM 的权限。
我使用 this example code 来获取访问令牌。这似乎有效,为我提供了一个看起来像有效令牌的东西。
我使用令牌执行了一个简单的 GET 请求,该请求失败并显示 401 Unauthorized。代码:
class Test
{
public async Task RunAsync()
{
var resource = "https://<snip>.crm4.dynamics.com/api/data/v8.1/";
var authParams = AuthenticationParameters.CreateFromResourceUrlAsync(new Uri(resource))
.Result;
var authorityUrl = authParams.Authority;
var resourceUrl = authParams.Resource;
var clientId = "<snip>";
var client_secret = "<snip>";
var clientCredential = new ClientCredential(clientId, client_secret);
var authContext = new AuthenticationContext(authorityUrl, false);
var token = authContext.AcquireToken(resourceUrl, clientCredential);
var response = await CallApiAsync($"{resourceUrl}api/data/v8.1/accounts?$select=name&$top=3", token.AccessToken);
var content = await response.Content.ReadAsStringAsync();
Console.WriteLine(response.RequestMessage);
Console.WriteLine(response.Headers);
Console.WriteLine(response.ReasonPhrase);
Console.WriteLine(content);
}
private async Task<HttpResponseMessage> CallApiAsync(string uri, string token)
{
using (var httpClient = new HttpClient())
{
httpClient.DefaultRequestHeaders.Authorization =
new AuthenticationHeaderValue("Bearer", token);
httpClient.DefaultRequestHeaders.Add("Accept", "application/json");
httpClient.DefaultRequestHeaders.Add("OData-MaxVersion", "4.0");
httpClient.DefaultRequestHeaders.Add("OData-Version", "4.0");
return await httpClient.GetAsync(uri);
}
}
}
要求:
Method: GET, RequestUri: 'https://<snip>.crm4.dynamics.com/api/data/v8.1/accounts?$select=name&$top=3', Version: 1.1, Content: <null>, Headers:
{
Authorization: Bearer <snip>
Accept: application/json
OData-MaxVersion: 4.0
OData-Version: 4.0
}
回复:
REQ_ID: <snip>
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Tue, 21 Feb 2017 15:08:39 GMT
Set-Cookie: crmf5cookie=<snip>;secure; path=/
Server: Microsoft-IIS/8.5
WWW-Authenticate: Bearer authorization_uri=https://login.windows.net/<snip>/oauth2/authorize,resource_id=https://<snip>.crm4.dynamics.com/
X-Powered-By: ASP.NET
Unauthorized
HTTP Error 401 - Unauthorized: Access is denied
我觉得我错过了一些明显的东西?
没有正在使用的 CRM 组织用户。看看这个 Server to Server Auth tutorial. You'll need to create an application user. There is a little more commentary here on the Tip of the Day for Server to Server Auth.
在服务器到服务器身份验证之外,您可以 。
我在向我们的 Dynamics CRM 2016 网站发出 HTTP GET 请求时遇到问题 API 以进行概念验证。
我已经按照 this walk-through 创建了一个在 Azure Active Directory 上设置的多租户 Web 应用程序,该应用程序已被授予作为组织用户访问 Dynamics CRM 的权限。
我使用 this example code 来获取访问令牌。这似乎有效,为我提供了一个看起来像有效令牌的东西。
我使用令牌执行了一个简单的 GET 请求,该请求失败并显示 401 Unauthorized。代码:
class Test
{
public async Task RunAsync()
{
var resource = "https://<snip>.crm4.dynamics.com/api/data/v8.1/";
var authParams = AuthenticationParameters.CreateFromResourceUrlAsync(new Uri(resource))
.Result;
var authorityUrl = authParams.Authority;
var resourceUrl = authParams.Resource;
var clientId = "<snip>";
var client_secret = "<snip>";
var clientCredential = new ClientCredential(clientId, client_secret);
var authContext = new AuthenticationContext(authorityUrl, false);
var token = authContext.AcquireToken(resourceUrl, clientCredential);
var response = await CallApiAsync($"{resourceUrl}api/data/v8.1/accounts?$select=name&$top=3", token.AccessToken);
var content = await response.Content.ReadAsStringAsync();
Console.WriteLine(response.RequestMessage);
Console.WriteLine(response.Headers);
Console.WriteLine(response.ReasonPhrase);
Console.WriteLine(content);
}
private async Task<HttpResponseMessage> CallApiAsync(string uri, string token)
{
using (var httpClient = new HttpClient())
{
httpClient.DefaultRequestHeaders.Authorization =
new AuthenticationHeaderValue("Bearer", token);
httpClient.DefaultRequestHeaders.Add("Accept", "application/json");
httpClient.DefaultRequestHeaders.Add("OData-MaxVersion", "4.0");
httpClient.DefaultRequestHeaders.Add("OData-Version", "4.0");
return await httpClient.GetAsync(uri);
}
}
}
要求:
Method: GET, RequestUri: 'https://<snip>.crm4.dynamics.com/api/data/v8.1/accounts?$select=name&$top=3', Version: 1.1, Content: <null>, Headers:
{
Authorization: Bearer <snip>
Accept: application/json
OData-MaxVersion: 4.0
OData-Version: 4.0
}
回复:
REQ_ID: <snip>
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Tue, 21 Feb 2017 15:08:39 GMT
Set-Cookie: crmf5cookie=<snip>;secure; path=/
Server: Microsoft-IIS/8.5
WWW-Authenticate: Bearer authorization_uri=https://login.windows.net/<snip>/oauth2/authorize,resource_id=https://<snip>.crm4.dynamics.com/
X-Powered-By: ASP.NET
Unauthorized
HTTP Error 401 - Unauthorized: Access is denied
我觉得我错过了一些明显的东西?
没有正在使用的 CRM 组织用户。看看这个 Server to Server Auth tutorial. You'll need to create an application user. There is a little more commentary here on the Tip of the Day for Server to Server Auth.
在服务器到服务器身份验证之外,您可以