Connect to Multi-factor Enabled D365 Dataverse/CDS Programmatically Using Certificates (Online 9.1)

As the continuation to my earlier blog post, Connect MFA Enabled D365 CDS Programamatically”, where we connected to D365 using ClientSecret programmatically, we will learn how we can use Certificates for the same. Certificate-based authentication is a more secure way to achieve s2s (server-to-server) authentication and establishing the connection to D365 Dataverse/CDS.

So, let’s get started. 

Step1 : Setup Certificates

We need self-signed or CA-issued certificate to proceed. Either you can generate the certificates as shown below using Azure Key Vault or use the previously generated certificate. I will list down steps to generate the same using Azure Key Vault (self signed)

  • Connect to Azure Admin Portal
    Login to https://portal.azure.com
    Click on Key Vaults
    Click on Create
    You can either use existing Resource group or create new. 

Follow steps and Create new Key Vault. 

  • Generate Certificate
    Click on Certificates under Settings of this newly created Key Vault
    Click on Generate/Import. (Generate is to create new certificate, while Import is to import previously created certificate)

Once the certificate is Enabled, Open the certificate and download it in both the formats (CER as well as PFX/PER format).

Step2: Get Application ID and upload Certificate using Azure Active Directory

  • Connect to Azure Admin Portal
    Login to https://portal.azure.com
    Click on Azure Admin Directory
    Click on App Registrations
    Click on New registration
  • Give an appropriate name of your app which is going to connect to D365 CDS programmatically. Click Register.
    Copy generated Application ID
  • Now click on Certificates and Secrets for your app.
    Click on ‘Upload Certificate’ and upload CER certificate you downloaded from step key vault.
    Once added, copy Thumbprint Value.

Step 3: Upload Certificate on Server or on your local certificate store

Import above generated certificate in step 1 to your server or local certificate store. Please use PFX/PEM format cert here. Also, if you are using previously generated certificate, then export that certificate without ‘Private Key’ and then import to your store.

Step 4 : Add Application User in D365 CDS environment

  • Login to D365 CDS environment
  • Go to Settings -> Security -> Users
  • Change the view to ‘Application Users’ and click New. Make sure the form is ‘Application User’ form.
  • Add details and Application Id generated in step 2 above.

Step 5 : Add connection string in your c# code as follows:

Format

String connectionString = “AuthType=Certificate; url=<your organization URL>; AppID=<your application id>; Thumbprint=<certificate thumbprint>”; 

Example

string connectionString = “AuthType=Certificate; url=https://cdsinctrial.crm.dynamics.com/main.aspx; AppID=40c95818-9306-437a-85c1-0db96ba277ae; Thumbprint=416E548D592BD93B2578TE80D72BCA9E055390BB”;

Code Snippet: (Change values as per your organization set up values)

Common Error:

  • Error: Microsoft.Powerplatform.Cds.Client.Utils.CdsConnectionException: Failed to connect to Common Data Service —> System.Exception: Failed to locate or read certificate from passed thumbprint. —> System.Exception: Failed to find certificate with thumbprint: XXXXXXXXXXXXXXXXXXXXXX.

  • Solution: Check if you have imported the certificate to your local certificate store.

References:

https://docs.microsoft.com/en-us/powerapps/developer/data-platform/xrm-tooling/use-connection-strings-xrm-tooling-connect

Hope this helps to achieve your goal. Please share your comments, or let us know if you have any questions. 

Like this article?

Share on facebook
Share on Facebook
Share on twitter
Share on Twitter
Share on linkedin
Share on LinkedIn
Share on pinterest
Share on Pinterest

Contact us

Do you love our content? Please use the contact form if you want to send us your feedback, comments, or other queries.
Other Options to Contact Us:

Nemely Products

shutterstock_1259077843
AppIcon_Colorful
CRM Alerts
The ultimate companion app for your mobile CRM users. CRM Alerts simplifies the work life for any CRM user that is doing sales-related activities with their mobile devices on a regular basis
shutterstock_710149132
Access Templates Icon 2
Access Templates
User security role and team assignment solution. Do you have a complex security model in your CRM system and having difficulty keeping track of which security roles and teams to assign to different user types? We have a solution for you!
NemelyProspectingHero
NemelyProspecting
Nemely Prospecting
Get relevant and up-to-date company information. With Nemely Prospecting, you can easily find and import company information directly from within your CRM.
Product Lifecycle Management by Nemely
PLM Icon
Product Lifecycle
Asset and contract management. Manage customer assets and related contracts in Dynamics CRM. It's a plug-and-play solution, completely customizable, uses latest technology, works on all devices, and more.
shutterstock_1233205321
Sharepoint Extended
Sharepoint Extended
Enhanced document management. Built on top of the native integration between Microsoft Dynamics and Sharepoint, our solution Sharepoint Extended extends the functionality with better user experience, default structures, and document template creation.
Nemely Essentials
Nemely Essentials Inverted
Nemely Essentials
Dynamics CRM for small businesses. With the power of Dynamics 365 under the hood, but with a clean and simplified user experience with clever time-saving functionalities, you really get the best of both worlds.
Legal Practice Management
Legal Icon
Legal Practice Management
Client Relationship Management for law firms. Our packaged solution for law firms, built on top of Microsoft Dynamics 365 and Project Operations, combines several processes related to the acquiring, compliance validation, onboarding, delivery, and invoicing of legal services.

Related Posts

Generate PDF Report in Dynamics CRM 365

Generate PDF Report in Dynamics CRM 365

There is plenty of material available to achieve this very commonly needed functionality to generate PDF of…
Refresh CRM Grid using JavaScript

Refresh CRM Grid using JavaScript

In Microsoft Dynamics 365, there are many occasions that you need to refresh either form or view…
Connect to D365 CE Programmatically without MFA/ On-Premise D365 CE

Connect to D365 CE Programmatically without MFA/ On-Premise D365 CE

As a developer, I regularly create connection to my D365 instance (On-Premise) and/or D365 CDS online(MFA and…