枕上诗书闲处好,门前风景雨来佳。这篇文章主要讲述获取组织服务报错:Ws-Tust authentication which has been dep相关的知识,希望能为你提供帮助。
我是微软Dynamics 365 &
Power Platform方面的工程师/顾问罗勇,也是2015年7月到2018年6月连续三年Dynamics CRM/Business Solutions方面的微软最有价值专家(Microsoft MVP),欢迎关注我的微信公众号 MSFTDynamics365erLuoYong ,回复430或者20201220可方便获取本文,同时可以在第一间得到我发布的最新博文信息,follow me!
最近在通过 CrmServiceClient 获取Dynamics 365的组织服务时候发现开始报错,并获取失败,报错信息如下:
Unable to connect to CRM: An error occurred when processing the security tokens in the message:
You are using Ws-Tust authentication which has been deprecated and no longer supported in your environment.
Please use oAuth2.0 authentication.
咋回事,找了下,找到官方文档了: Important changes (deprecations) coming in Power Apps, Power Automate, and customer engagement apps . 文档原文如下,值得注意的是2022年4月之前要全部改动下,否则就会出问题,连接不上组织服务了。
Deprecation of Office365 authentication type and OrganizationServiceProxy class for connecting to DataverseEffective February 4, 2020, the WS-Trust authentication type that is used by custom clients to connect to Dataverse is deprecated. This change affects applications that utilize Microsoft.Xrm.Sdk.Client.OrganizationServiceProxy and Microsoft.Xrm.Tooling.Connector.CrmServiceClient classes for the authentication type of "Office365".
We are making this change to remove a security protocol (WS-Trust) that is inherently insecure by current encryption standards. While Microsoft has worked hard to protect users who choose to use this authentication type for the convenience of login process, it has become an increasing source of concern for Microsoft security and identity protection systems. The WS-Trust security protocol, when used in conjunction with a user account and password, implements an authentication flow that presents both the user ID and password to the authenticating resource in \'clear text\' form, relying solely on the transport encryption to provide security for the initial leg of the authentication, until such point as the token service returns an authentication token to use. Additionally, the WS-Trust protocol does not support modern forms of Multi-Factor Authentication and conditional access controls to customer data.
With this change, the intent is to guide developers away from this authentication flow and help application developers to utilize the capabilities of Azure Active Directory to secure and protect access to their applications and customers in Dataverse.
To allow for transition of customers and partner applications:
- Effective October 2020, the authentication protocol will be retired for all new tenants.
- Effective October 2020, the authentication protocol will not be available in all new regions.
- Effective April 2021, the authentication protocol will be retired for all new environments within a tenant.
- Effective April 2022, the authentication protocol will be retired for all new and existing environments within a tenant.
我以前是如下这么连的:
CrmServiceClient crmSvc = new CrmServiceClient(@"AuthType=Office365;
Url=https://luoyong.crm5.dynamics.com;
UserName=admin@CRM942120.onmicrosoft.com;
Password=lssw***#$%@ff");
那有那些链接方式是这种要退休的连接方式,又如何解决呢?请参考官方文档Use of Microsoft 365 authentication with the WS-Trust security protocol 。
从这个文档来看,以前常用的几种连接方式都是用的WS-Trust 协议,要被取消的。
- If your code employs user account and password credentials for authentication with Dataverse or an application, you are likely using the WS-Trust security protocol. Some examples are shown below, though this list is not fully inclusive.
- When using the CrmServiceClient class with a connection string:
connectionString="AuthType=Office365; Username=jsmith\\@contoso.onmicrosoft.com; Password=passcode; Url=https://contoso.crm.dynamics.com"
- When using OrganizationServiceProxy class constructors:
using (OrganizationServiceProxy organizationServiceProxy = new OrganizationServiceProxy(serviceManagement, clientCredentials) { ... }
- When using the CrmServiceClient class with a connection string:
If you are using the OrganizationServiceProxy
class at all in your code, you are using WS-Trust.
- If you are using CrmServiceClient.
OrganizationServiceProxy
in your code, you are using WS-Trust.
简单来说就是在链接字符串串中修改一个元素,将AuthType这个元素的值从 Office365 改成 OAuth ,然后添加三个元素,元素名和值分别如下:
【获取组织服务报错:Ws-Tust authentication which has been dep】
比如我使用的新的连接串就是,然后问题就解决了,还是比较简单的。
AuthType=OAuth;
Url=https://luoyong.crm5.dynamics.com;
UserName=admin@CRM942120.onmicrosoft.com;
Password=lssw***#$%@ff;
AppId=51f81489-12ee-4a9e-aaae-a2591f45987d;
RedirectUri=app://58145B91-0C36-4500-8554-080854F2AC97;
LoginPrompt=Auto
推荐阅读
- Dynamics 365的新特性Relevance Search介绍
- Dynamics 365执行Remove Active Customizations的多种方法
- 在Cloud Flow和Workflow中使用多选选项集类型字段
- Dynamics 365中Customer类型字段的使用
- Dynamics 365中表的File数据类型列介绍
- 使用EntityCollection类型和Entity类型的输出参数实例
- 获取用户/团队对某条记录的权限,共享某条记录的某些权限给指定用户/团队的方法
- Dynamics CRM项目实例之十(CRM 2015的捆绑销售在订单中的效果)
- 基本命令学习 -查看文件内容的六种方法