Authenticate Dynamics 365 in Azure Functions Version 3

I consider Azure functions as a powerful weapon in the armory in numerous scenarios, but not limited to the following:

  • Expose Dynamics 365 APIs to third-part apps in a well-wrapped manner.
  • Delegate some of the computation load from plugins to outside D365.
  • Create scheduled custom code to run on specific intervals.
  • Insufficient infrastructure to host custom services or APIs for integration.

Read more about Azure Functions here.

One challenge we face when creating a new azure function with Dynamics 365 is that the current runtime version which is 3, it uses .Net core(runtime version 2 also). It was much easier with version 1 as it uses the .Net framework and we can directly use D365 SDK for authentication and consuming 365 services. The power apps .Net core SDK is still under the alpha version and cannot be utilized for production purposes. One easy option here is to use ADAL and WEB API. In this post, let’s see how we can authenticate an application user in Azure functions V3.

Before we start, if you are not familiar with the following, please have a glance at the links provided,

  1. Create Application users in Dynamics
  2. Creating an Azure function
  3. Creating Azure functions from visual Studio / VS Code

Create your Azure function with the help of links added in point 3, and add following NuGet packages if they are not there in your function app.

Now use the following code to authenticate your Dynamics 365 application user.

using System;
using System.IO;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Azure.WebJobs;
using Microsoft.Azure.WebJobs.Extensions.Http;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Logging;
using Newtonsoft.Json;
using System.Net.Http;
using Microsoft.IdentityModel.Clients.ActiveDirectory;

namespace SampleFunctionApp
{
    public static class D365
    {
        [FunctionName("ConnecttoD365")]
        public static async Task<IActionResult> Run(
            [HttpTrigger(AuthorizationLevel.Function, "get", "post", Route = null)] HttpRequest req,
            ILogger log)
        {
            log.LogInformation("C# HTTP trigger function processed a request.");

            string name = req.Query["name"];

            string requestBody = await new StreamReader(req.Body).ReadToEndAsync();
            dynamic data = JsonConvert.DeserializeObject(requestBody);
            name = name ?? data?.name;
            #region Auth Code
            //
            string cloud = "https://login.microsoftonline.com";

            //This is the Domain!

            string tenantId = "**********";

            string authority = $"{cloud}/{tenantId}";

            // ApplicationID in the new UI

            string clientId = "*********";

            //Azure App secret Key

            string clientsecret = "******";

            ClientCredential clientcred = new ClientCredential(clientId, clientsecret);

            // Application ID of the Resource (could also be the Resource URI)

            string resource = "https://******.crm.dynamics.com/";

            AuthenticationContext ac = new AuthenticationContext(authority);
            AuthenticationResult result = null;
            var bearerToken = string.Empty;
            string ErrorMessege = string.Empty;
            try

            {
                //already having token
                result = await ac.AcquireTokenSilentAsync(resource, clientId);
                if (result != null)
                {
                    bearerToken = result.AccessToken;
                    log.LogInformation("Token Acquired:"+ bearerToken);
                }
            }

            catch (AdalException adalException)

            {//Acquire token
                if (adalException.ErrorCode == AdalError.FailedToAcquireTokenSilently

                || adalException.ErrorCode == AdalError.InteractionRequired)

                {

                    result = await ac.AcquireTokenAsync(resource, clientcred);
                    if (result != null)
                    {
                        bearerToken = result.AccessToken;
                        log.LogInformation("Token Acquired="+ bearerToken);

                    }
                }
                else
                {
                    log.LogWarning("Failed to acquire Bearer Token :-" + adalException.Message);
                    var AdalException = new { adalexception = "Failed to acquire Bearer Token :-" + adalException.Message };
                    return new BadRequestObjectResult(JsonConvert.SerializeObject(AdalException));
                    throw adalException;

                }

            }

            #endregion

            string responseMessage = string.IsNullOrEmpty(name)
                ? "This HTTP triggered function executed successfully. Pass a name in the query string or in the request body for a better response."
                : $"Hello, {name}. This HTTP triggered function executed successfully.";

            return new OkObjectResult(responseMessage);
        }
    }
}

The above function simply authenticates and write bearer to the log. Ensure you do not log this in your actual code.

In the next post, we will see how we can use this token to call D365 Web API from Azure Function App.

Hope this helps.

2 thoughts on “Authenticate Dynamics 365 in Azure Functions Version 3

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s