问题描述
到目前为止,我发现的所有信息都是,桌面应用程序需要在Microsoft Azure Active Directory中注册,并且有一个名为ADAL的库,它具有所有需要的内容.
All the information I have found so far is that the desktop app needs to be registered with Microsoft Azure Active Directory, and that there is a library called ADAL that has all that is needed.
https://msdn.microsoft.com/en-nz/library/gg327838.aspx
但是我要做的只是登录到已经在Dynamics顶部运行的第三方应用程序,然后使用REST方法读取该第三方应用程序提供的自定义数据.
But what I want to do is just log into a third-party app that is already running on top of Dynamics, and then use a REST method to read custom data that this third-party app provides.
这有可能吗?
如果需要加倍努力,我可以编写一个C#.NET DCOM包装器类,然后将其导入Delphi以获取对ADAL功能的访问权限,但第三方Dynamics 365应用程序的开发人员希望自己控制访问权限.
If push comes to shove, I could write a C#.NET DCOM wrapper class that I then import into Delphi to gain access to the ADAL functionality, but the developers of the third-party Dynamics 365 app want to control access themselves.
我看了Delphi Studio 10.2 Tokyo提供的RESTDemos项目示例,尽管它有许多OAuth 2.0示例(这是Dynamics 365所需要的),但它们不包含Dynamics 365本身.
I've looked at the RESTDemos project example supplied with Delphi Studio 10.2 Tokyo, and while it has a number of OAuth 2.0 examples (which is what Dynamics 365 needs), they don't include Dynamics 365 itself.
但是要查看可能需要什么,我创建了一个测试Google应用程序,经历了Google Tasks的登录过程,能够获取身份验证代码和访问令牌,然后获取任务列表,所以至少我知道应该使用的OAuth 2.0机制正在起作用.
But to see what might be needed, I have created a test Google app, gone through the sign-in process for Google Tasks, was able to fetch the auth-code and access-token, and then fetch a list of tasks, so at least I know that the OAuth 2.0 mechanism I am supposed to use is working.
已为我提供了CRM根服务地址,可以使用它们提供的凭据登录该地址,但这仅用于Dynamics 365 Web应用程序.我希望能够使用相同的凭据来访问其应用程序的API.
I have been given the CRM root service address, which I can log into using the credentials they provided, but that is just for the Dynamics 365 web application. I want to be able to use the same credentials to access the API of their app.
如果我将 api/data/v8.0/附加到他们给我的根URL上,则可以看到所有受支持的REST方法的列表.尝试使用像 api/data/v8.0/accounts/这样的消息会给我拒绝访问"消息,除非我实际上已经通过Microsoft登录页面登录到CRM系统.REST方法返回系统中的每个帐户.
If I append api/data/v8.0/ to the root URL they gave me, I can see a list of all the supported REST methods. Trying to use one, like api/data/v8.0/accounts/ gives me an "Access is denied" message unless I have actually logged into the CRM system via the Microsoft login page, at which point the REST method returns every account in the system.
Edit2:
通过进一步的调查,我发现我正在寻找的方法是为守护程序/服务器应用程序建议的方法.
From further investigations I have found that the method I am looking for is the one suggested for daemon/server applications.
要使其正常工作,我必须注册该应用程序,但必须注册到第三方Dynamics 365应用程序的AD域中.完成此操作后,我可以创建一个公共密钥,该公共密钥将允许我获取Azure令牌,而无需以特定的Dynamics 365用户身份登录.
For this to work, I do have to register the application but into the AD domain of the third-party Dynamics 365 app. Once this is done, I can create a Public Key that will allow me to get the Azure Token without needing to login as a particular Dynamics 365 User.
要使用的代码类似于以下内容:
The code to use is similar to below:
RESTClient.BaseURL := 'https://login.microsoftonline.com/';
RESTRequest.Method := TRESTRequestMethod.rmPOST;
RESTRequest.Resource := '/' + ATenantID + '/oauth2/token';
RESTRequest.Params.AddItem('grant_type', 'client_credentials', TRESTRequestParameterKind.pkGETorPOST);
RESTRequest.Params.AddItem('client_id', AClientID, TRESTRequestParameterKind.pkGETorPOST);
RESTRequest.Params.AddItem('client_secret', AClientSecret, TRESTRequestParameterKind.pkGETorPOST);
RESTRequest.Params.AddItem('resource', AResourceURI, TRESTRequestParameterKind.pkGETorPOST);
RESTRequest.Execute;
ATentantID , AClientID , AClientSecret 和 AResourceURI 值都可以从Azure Active Directory获取;无论是从其属性还是在已注册应用的属性中.
The ATentantID, AClientID, AClientSecret, and AResourceURI values can all be obtained from Azure Active Directory; either from its properties, or the properties of the Registered app.
然后,您从 RESTRequest.Response 对象中提取令牌.
You then pull the Token from the RESTRequest.Response object.
推荐答案
使用 Delphi REST客户端库的以下代码将在您的应用程序经过验证后向 Dynamics 365 进行身份验证.注册并正确配置:
The following code using the Delphi REST Client Library will authenticate to Dynamics 365 when your application has been registered and configured correctly:
RESTClient.BaseURL := 'https://login.microsoftonline.com/';
RESTClient.Authenticator := OAuth2_Dynamics365;
RESTRequest.Method := TRESTRequestMethod.rmPOST;
RESTRequest.Resource := '/' + ATenantID + '/oauth2/token';
RESTRequest.Params.AddItem('grant_type', 'client_credentials', TRESTRequestParameterKind.pkGETorPOST);
RESTRequest.Params.AddItem('client_id', AClientID, TRESTRequestParameterKind.pkGETorPOST);
RESTRequest.Params.AddItem('client_secret', AClientSecret, TRESTRequestParameterKind.pkGETorPOST);
RESTRequest.Params.AddItem('resource', AResourceURI, TRESTRequestParameterKind.pkGETorPOST);
RESTRequest.Execute;
if RESTRequest.Response.GetSimpleValue('access_token', AToken) then
OAuth2_Dynamics365.AccessToken := AToken;
如上所述, ATentantID , AClientID , AClientSecret 和 AResourceURI 值均可从Azure Active Directory;无论是从其属性还是在已注册应用的属性中.
As noted above, the ATentantID, AClientID, AClientSecret, and AResourceURI values can all be obtained from Azure Active Directory; either from its properties, or the properties of the Registered app.
这篇关于如何使用OAuth 2.0将Delphi桌面应用程序连接到第三方Dynamics 365应用程序?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!