This blog post builds on from Part 1 in this blog post series (Using Microsoft Dynamics CRM Web API Endpoint from a Third-Party Web Application) and provides instructions on how to set up the OAuth Authorisation server (Microsoft Azure Active Directory). the OAuth Authorisation server will issue access tokens that are used to access Microsoft Dynamics CRM Web API endpoint.

We will be importing the Office 365 Active Directory that is provisioned when creating a Microsoft Dynamics CRM trial into a Microsoft Azure account, then creating and configuring a new web application within the Office 365 Active Directory.

Prerequisites

This article assumes you the reader have knowledge of administrating Microsoft Dynamics CRM.

Following the instructions in this blog post requires a free Microsoft Dynamics CRM trial and can be created here. Additionally, Microsoft Azure is required and can be created here for free. Don’t worry, we will be using the free features in Microsoft Azure so there will be no cost to you the reader.

An Office 365 administration user will be created during the registration of the Microsoft Dynamics CRM trial, make sure to remember the username and password.

My Office 365 Admin user name and password are dean.dalby@11Nov2016.onmicrosoft.com and password1, the real password is not password1, but for blogging reasons, I will be using password1. The Microsoft Dynamics CRM Web API endpoint for the newly created trial is https://11Nov2016.api.crm6.dynamics.com/api/data/v8.2/.

Although not required until part 4 of this blog series the source code for the demo ASP.NET MVC application can be found on code plex at https://crmdynamicsoauthwebapiexample.codeplex.com/.

Import Azure Active Directory into the Office 365 Active Directory

Unfortunately, Microsoft does not grant access to the Azure Activate Directory associated to trial Office 365 subscriptions such as the free Office 365 trial I am using for this blog post. To work around this, we will import the Azure Active Directory into our own Azure subscription as per the instructions below.

  1. Login into Azure Portal and click on the All Resources Icon in the right navigation bar.

navigation-bar

  1. Click on the Add button.

click-on-add-button

  1. Type in Active Directory in the search textbox
  2. Click on Active Directory.

click-on-active-directory

  1. Click on the Create button.

click-on-create-button

  1. A new tab will be opened with the classic azure portal, add directory dialog.
  2. Select Use Existing Directory from the Directory drop down.
  3. Check the I am ready to be signed out now check box.
  4. Click on the complete button (tick in the bottom right hand corner).

click-on-complete-button

  1. You will be logged out of the Azure Management Portal and a login screen will be displayed, as per the instructions in the Add Directory dialog enter the username and password for the Administrator of the Microsoft Dynamics CRM trial created as a prerequisite of this blog post.
  2. Click the Sign in button.

click-sign-in-button

  1. After signing in, a dialog will be displayed requesting confirmation to make the owner of the Azure subscription a global administrator of the Office 365 Trial Active Directory.
  2. Click Continue.

click-continue

  1. Click on the Sign out now button.

click-sign-out-button

  1. Sign back into your Azure account.
  2. The All items screen is displayed.

all-items-screen

 

Add a Web Application to the Office 365 Trial Active Directory

The below instructions describe how to add a new web application to the Office 365 Active Directory. While following these instructions a client id and a client secret is created, both will be required in future blog posts to generate an access token that will allows us to make Web API OData requests to CRM, so please be sure to record their values in a safe place.

  1. Navigate to the Azure Active Directory that was imported into your Azure Subscription in the previous section.
  2. Click on the Azure Active Directory associated with the Office 365 trial.

click-azure-active-directory

  1. Click on the Applications Tab
  2. Click on the Add button.

applications-tab-add-button

  1. Click on the Add an application my organization is developing link:

add-an-application

  1. Set the new application properties to;
    1. Name to Dynamics CRM OAuth Demo,
    2. Type to Web Application and/or Web API
  2. Click the next button (arrow in the bottom right corner).

tell-us-about-your-application

  1. Set the following application properties:
    1. Sign-On URL to https://www.getpostman.com/oauth2/callback
    2. APP ID URI to https://www.getpostman.com/oauth2/callback
  2. Click on the complete button (tick in the bottom right hand corner).

app-properties-complete-button

  1. The new application titled Dynamics CRM OAuth Demo will be added to the list of applications in the selected Azure Active Directory.
  2. Select the new application titled Dynamics CRM OAuth Demo.

oauth-demo

  1. The Application Configuration screen is displayed with the Client Id. Remember the client id as it will be used in the next blog to generate an access token.

application-configuration

 

Configure a Secret for the Dynamics CRM Web API Demo Application

To generate an access token, we need to configure a client secret. To do this we add a key to the Dynamics CRM OAuth Demo Application in Azure Active Directory. Below is a step by step guide to do this.

  1. Following on from the previous section, scroll down to the keys on the applications configuration screen
  2. Create a new key by selecting 2 years in the Select Duration drop down list.
  3. Click Save.

click-save

  1. Store the generated key (Client Secret) in a safe place because it will not be visible the next time the keys screen is displayed.

store-generated-key

Configure OAuth Implicit Flow for the Dynamics CRM Web API Demo Application

Enabling the implicit flow allows the access token to be sent back to the client without the need for an authorization request token. This makes the authorisation easier but less secure.

  1. Continuing from the previous section, on the applications configuration screen click on the manage manifest button, then click on the download Manifest button.

download-manifest-button

  1. Modify the line “oauth2AllowImplicitFlow”: false to “oauth2AllowImplicitFlow”: true.

oauth-allow-implicit-flow

  1. Save the file and upload it by clicking on Manage Manifest, then Upload Manifest.

 

Assign Dynamics CRM permissions to the Dynamics CRM Web API Demo Application

  1. Continuing from the previous section, on the applications configuration scroll down to the permissions to other applications section.
  2. Click on the Add application button.

click-add-application-button

  1. The permissions to other applications dialog is displayed.
  2. Select Dynamics CRM Online.
  3. Click the Add button.
  4. Click the Complete button (tick in the lower right corner of the dialog).

click-complete-button

  1. Dynamics CRM Online is added to the permissions to other applications list
  2. Check the Access CRM Online as organization user permission from the Delegated Permissions drop down list.
  3. Click save.

click-save-2

Summary

This blog post has demonstrated how to assign a new application permission to Microsoft Dynamics CRM Online using Azure Active Directory. A Client Id and Client Secreted was created in this blog post and will be used in next blogs post in this series to create an access token that is used when sending OData requests to the Dynamics CRM Web API endpoint.