未经授权的错误:使用C#在Dynamics CRM中查询或保存联系人/销售线索

Question

我正在使用以下web api从Dynamics CRM查询数据

ServicePointManager.Expect100Continue = true;
                    ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
                    HttpClient client = new HttpClient(new HttpClientHandler() { Credentials = new NetworkCredential("xxxxx@mydomain.com", "!@Demo1$#2") });
                    client.BaseAddress = new Uri("https://xxxxx.crm.dynamics.com");
                    client.Timeout = new TimeSpan(0, 2, 0);
                    string contactAltUri = client.BaseAddress + "api/data/v9.0/accounts?$select=name&$top=3";
                    HttpResponseMessage createResponseAlt1 = await client.GetAsync(contactAltUri);

现在，在object createResponseAlt1中，我可以看到以下未经授权的错误。查询数据并将数据保存到Dynamics CRM的正确方式是什么？我有用户名，密码和Ms crm子域url。

{StatusCode: 401, ReasonPhrase: 'Unauthorized', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
{
  x-ms-service-request-id: 4b323404-cc13-407c-bb6d-56b61823ab84
  REQ_ID: 4b323404-cc13-407c-bb6d-56b61823ab84
  AuthActivityId: 85696c96-6803-4664-9391-d28f45d1766a
  NativeWebSession-Version: 2
  Date: Thu, 07 Mar 2019 13:42:36 GMT
  Set-Cookie: ApplicationGatewayAffinity=03da1c2a15fe28b54ffa99b7eab01d12cd9b55dfb1779b6cccce0809ec64f39a;Path=/;Domain=xxxxx.crm.dynamics.com
  Server: 
  WWW-Authenticate: Bearer authorization_uri=https://login.microsoftonline.com/e20b0aa3-6ec3-4272-a76a-aaa32e0f10d6/oauth2/authorize, resource_id=https://xxxxx.crm.dynamics.com/
  Content-Length: 0
}}

Answer 1

Step 1：在Azure Active directory (AAD)中注册应用程序以获取应用程序Id (也称为客户端Id)。Read more

步骤2：使用客户端Id通过OAuth获取身份验证令牌，因为CRM online需要使用AAD进行身份验证。这是我们必须遵循的方法。Read more

代码示例

        static string serviceUri = "https://yourorg.crmx.dynamics.com/";
        static string redirectUrl = "https://yourorg.api.crmx.dynamics.com/api/data/v9.0/";

        public static string GetAuthToken()
        {

            // TODO Substitute your app registration values that can be obtained after you
            // register the app in Active Directory on the Microsoft Azure portal.
            string clientId = "3oi467rf-2336-4039-b82i-7c5b859c7be0"; // Client ID after app registration
            string userName = "xyz@youOrg.onmicrosoft.com";
            string password = "Password";
            UserCredential cred = new UserCredential(userName, password);

            // Authenticate the registered application with Azure Active Directory.
            AuthenticationContext authContext = new AuthenticationContext("https://login.windows.net/common", false);
            AuthenticationResult result = authContext.AcquireToken(serviceUri, clientId, cred);
            return result.AccessToken;
        }
        public static void RetrieveAccounts(string authToken)
        {
            HttpClient httpClient = null;
            httpClient = new HttpClient();
            //Default Request Headers needed to be added in the HttpClient Object
            httpClient.DefaultRequestHeaders.Add("OData-MaxVersion", "4.0");
            httpClient.DefaultRequestHeaders.Add("OData-Version", "4.0");
            httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));

            //Set the Authorization header with the Access Token received specifying the Credentials
            httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", authToken);

            httpClient.BaseAddress = new Uri(redirectUrl);
            var response = httpClient.GetAsync("accounts?$select=name").Result;
            if (response.IsSuccessStatusCode)
            {
                var accounts = response.Content.ReadAsStringAsync().Result;
            }
        }

Reference