There is required authentication before we can utilize the Dynamics CRM 2016 Web API for Microsoft Dynamics CRM Online 2016 Update and Microsoft Dynamics CRM 2016 (on-premise). There are three patterns in Web API Authentication:

With JavaScript in web resources

When you use the Web API with JavaScript within HTML web resources, form scripts, or ribbon commands you don’t need to include any code for authentication. In each of these cases the user is already authenticated by the application and authentication is managed by the application.

With on-premise deployments

When you use the Web API for on-premises deployments you must include the user’s network credentials.

With Microsoft Dynamics CRM Online or internet facing developments

When you use the Web API for CRM Online or an on-premises Internet-facing deployment (IFD) you must use OAuth as described in Connect to Microsoft Dynamics CRM web services using OAuth.

If you’re creating a single page application (SPA) using JavaScript you can use the adal.js library as described in Use OAuth with Cross-Origin Resource Sharing to connect a Single Page Application to Microsoft Dynamics CRM.

Source: MSDN

In this case, we will just focus on connecting Microsoft Dynamics CRM web services using OAuth.

Steps to Register CRM Online to Azure Active Directory

  1. Log on to the Microsoft Azure Management portal with your existing Azure account credentials. You must have an administrator permission. At this point, you can sign in with your existing Azure account with or without Office 365 subscription.
  2. Click Active Directory on the left column of the page. Click the target tenant directory in the directory list and go to step 9. Otherwise, proceed to the next steps.

register dynamics crm online with azure active directory

  1. At the bottom of the screen on the New menu, select App Services > Active Directory > Directory > Custom Create.

app. services

  1. In Add directory, select Use existing directory in the Directory drop-down selection.

add directory

  1. Check I am ready to be signed out, and then click on the check mark at the lower right corner.

add directory 2

  1. This brings you back to the Azure Management Portal. Log in with your Office 365 account information. Please note that in order to associate your Office 365 account with Azure AD, you’ll need an Office 365 business account with global administrator privileges.

microsoft azure

  1. Select continue, and then Sign out now.

use sms directory


use sms directory 2

  1. Close the browser and reopen the portal. Log on again with your existing Azure credentials. Go to Active Directory and your Office 365 account should now be visible.

active directory2

  1. Upon clicking the target tenant directory, navigate to Applications tab. You should see the subscribed applications (including Dynamics CRM Online) that are already included with the Office 365 account you have associated with the Azure account.

application tab

  1. At the bottom of the screen, click Add. A prompt will show, then select the option Add an application my organization is developing.

add button

  1. When prompted, enter a name for your application, pick a type: Web Application or Native Client Application, and then click the right arrow to continue. Click a question mark (?) for more information on the appropriate values for each input field. In this example, we will just choose Native Client Application.

native client application

  1. Set value for Redirect URI – The URI to which Microsoft Azure AD will redirect in response to an OAuth 2.0 request. The value does not need to be a physical endpoint, but must be a valid URI.

application information

  1. This will now create the native client application to be used for consuming Web API.

sms webapi

  1. Navigate to Configure tab and go to Permissions to other Applications. Click the Add Application button.

add application button

  1. Click the Dynamics CRM Online application to add in the list. Click check button.

permission to other applications

  1. Upon adding CRM application, click the dropdown and check the Access CRM Online as organization users.

organization users

  1. Click Save button to apply the changes.


Before you can use OAuth authentication to connect with the CRM web services, your application must first be registered with Microsoft Azure Active Directory. Azure Active Directory is used to verify that your application is permitted access to the business data stored in a CRM tenant.

Source: MSDN

In order to test whether the steps you followed are working, use the ClientID generated upon creation of the CRM Application in Azure.

client ID


static void


Upon executing the code, you should now be able to access and utilize the Dynamics CRM WebAPI.