Reputation: 2345
Dynamics CRM web api 401 Unauthorized after obtaining Oauth token
I am having trouble making an HTTP GET request to our Dynamics CRM 2016 web API for a proof-of-concept.
I have followed this walk-through to create a multi-tenant web app set up on Azure Active Directory, which has been granted access to Dynamics CRM as an organisation user.
I used this example code in order to obtain an access token. This appears to work, providing me with what looks like a valid token.
I do a simple GET request using the token, which fails with a 401 Unauthorized. The code:
class Test
{
public async Task RunAsync()
{
var resource = "https://<snip>.crm4.dynamics.com/api/data/v8.1/";
var authParams = AuthenticationParameters.CreateFromResourceUrlAsync(new Uri(resource))
.Result;
var authorityUrl = authParams.Authority;
var resourceUrl = authParams.Resource;
var clientId = "<snip>";
var client_secret = "<snip>";
var clientCredential = new ClientCredential(clientId, client_secret);
var authContext = new AuthenticationContext(authorityUrl, false);
var token = authContext.AcquireToken(resourceUrl, clientCredential);
var response = await CallApiAsync($"{resourceUrl}api/data/v8.1/accounts?$select=name&$top=3", token.AccessToken);
var content = await response.Content.ReadAsStringAsync();
Console.WriteLine(response.RequestMessage);
Console.WriteLine(response.Headers);
Console.WriteLine(response.ReasonPhrase);
Console.WriteLine(content);
}
private async Task<HttpResponseMessage> CallApiAsync(string uri, string token)
{
using (var httpClient = new HttpClient())
{
httpClient.DefaultRequestHeaders.Authorization =
new AuthenticationHeaderValue("Bearer", token);
httpClient.DefaultRequestHeaders.Add("Accept", "application/json");
httpClient.DefaultRequestHeaders.Add("OData-MaxVersion", "4.0");
httpClient.DefaultRequestHeaders.Add("OData-Version", "4.0");
return await httpClient.GetAsync(uri);
}
}
}
The request:
Method: GET, RequestUri: 'https://<snip>.crm4.dynamics.com/api/data/v8.1/accounts?$select=name&$top=3', Version: 1.1, Content: <null>, Headers:
{
Authorization: Bearer <snip>
Accept: application/json
OData-MaxVersion: 4.0
OData-Version: 4.0
}
Response:
REQ_ID: <snip>
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Tue, 21 Feb 2017 15:08:39 GMT
Set-Cookie: crmf5cookie=<snip>;secure; path=/
Server: Microsoft-IIS/8.5
WWW-Authenticate: Bearer authorization_uri=https://login.windows.net/<snip>/oauth2/authorize,resource_id=https://<snip>.crm4.dynamics.com/
X-Powered-By: ASP.NET
Unauthorized
HTTP Error 401 - Unauthorized: Access is denied
I feel like I'm missing something obvious?
Upvotes: 2
Views: 5890
Answers (1)
Reputation: 9386
There is no CRM organization user being used. Check out this Server to Server Auth tutorial. You'll need to create an application user. There is a little more commentary here on the Tip of the Day for Server to Server Auth.
Outside of Server to Server Auth you can authenticate as a CRM user using creds this way.
Upvotes: 3
Related Questions
- Trying Web API Dynamics 365 CRM - 403-Forbidden error
- How to authenticate Microsoft Dynamics CRM from office 365 login user in azure hosted web api?
- Getting back 401 from Dynamics 365 despite being issued valid token
- 401- Unauthorized authentication using REST API Dynamics CRM with Azure AD
- Microsoft Azure access_token not accepted in CRM requests
- Dynamics CRM 401 with token provided
- 401 when accessing Dynamics CRM 2016 Web APIs
- Dynamics CRM - Unable to authenticate to Web API to consume data?
- Dynamics CRM Web API Auth Error on Web Resource
- Dynamics CRM 365 - Invalid User Authorization The user authentication passed to the platform is not valid