Monthly Archives: April 2020

Generating EarlyBound CRM Entities using Spkl Task Runner

16 Thursday Apr 2020

Posted by in Dynamics 365, Dynamics 365 CE Online, Dynamics CE 9

Leave a comment

Tags

,

In article we looked at how connection to CRM On-Premise can be established using Spkl  Task Runner. For developing Plugins, Workflows it is a common  to have early bound classes. CrmSvcUtil.exe facilitates generating early bound classes the same can be achieved using Spkl Task Runner.

The batch file earlybound.bat will create the *.cs files as per settings defined in spkl.json file

Untitled1

As per the settings defined the following will be expected output when earlybound.bat is run:

  • A single file name SbmaEarlyBoundTypes.cs containing definitions for entities specified
  • Namespace for the various classes will be SBMA.Crm.Entities
  • One *.cs file will be generated for every entity because of the setting “oneTypePerFile : true”, this can be set to false if the preference is work with only one *.cs file for all the entity type definitions

Right Click on the spkl folder and bring up the command prompt (if using VS 2019  install the extension Web Essentials 2019 so the command prompt can be launched from Visual Studio IDE)

Untitled3

Untitled2

Now run earlybound.bat

Untitled4

Untitled6

The created types is as highlighted below:

Untitled7

 

 

 

 

 

Solution Management

12 Sunday Apr 2020

Posted by in Dynamics 365, Dynamics 365 CE Online, Dynamics CE 9

Leave a comment

Tags

,

A xRM application built on Dynamics CRM platform consists of several components viz.,

  • Schema: Entities,Relationships between Entities, Option Sets
  • User Interface: SiteMap, Web Resources, Application & Entity Ribbons
  • Anlaytics: Reports, Dashboards
  • Code: Workflows, Plug-ins
  • Security: Roles (built-in and custom), Field Security profile
  • Templates: E-mail, Articles

The above can be packaged up as Unmanaged or Managed solutions so it can be deployed in the target environment.

Managed Solution: A self contained packaged  that can be installed/uninstalled in target environment. No ability to add/remove solution components, changes can made to solution components if already set through managed properties.

Unmanaged Solution: An unmanaged solution provides the ability to add/remove components, delete components (custom entities etc). All the components in unmanaged solution will be references to customizable components in the CRM organization.

When both unmanaged and managed solutions are imported into an organization, conflict resolution is done through Merge and Top Wins stragety

Merge: Applies to user interface components and unmanaged customizations will be last to be applied.

Top Wins: Applies Entities,Views, Security Roles. In case of managed solution the last managed solution imported will have the changes applied and on of this when an unmanaged solution is imported then previous changes are overwritten.

Example:

Consider a solution having “account” entity

solutionlayering1

solutionlayering2

Create two versions using “Clone a Patch” option to change the label on the Account form.

solutionlayering3

solutionlayering4

Change the Phone number label text for the above solution

solutionlayering5

Publish the changes and the Account form view will be:

solutionlayering6

Now create another Clone to Patch version 2:

solutionlayering7

solutionlayering8

The view of Account form after publishing the changes note this is the last Unmanaged Solution to be published.

solutionlayering9

OAuth and OpenID Connect using IdentityServer

04 Saturday Apr 2020

Posted by in ASP.NET Core, OAuth2.0/OpenIDConnect, WebAPI

Leave a comment

Tags

, , ,

In article  we looked at use of JSON Web Token (JWT) for authentication with that foundation knowledge in place in this article we look at IdentityServer4  that provides end points for OpenID Connect (for authentication) and OAuth 2.0 (for authorization) to ASP.NET Core application.

Common protocols used for Authentication include SAML, WS-Fed, OpenID Connect. OpenID Connect in combination with OAuth 2.0 is designed for API. The following table highlights the differences between OpenID Connect and OAuth 2.0

 

OpenIDConnect

For a good example of authentication using OpenID Connect refer to article where we looked at providing login mechanism to Power Apps Portal through Open ID Connect using Google as Identity Provider, a capture or network traffic is as per below:

OpenIDConnect1

In the highlighted content the following will refer to OpenID Connect protocol

  • id_token is returned in JSON Web Token format
  • scope=openid is used for authentication

Being Authentication only framework what OpenID Connect does not do is provide access to the resources in the application and this is where Authorization Framework (Delegated Authorization) based on OAuth 2.0 protocol comes into effect.

The table highlighted some of the terms used in OAuth 2.0 to understand it better we will build an sample application for the following scenario the sample source code is at Git:

OpenIDConnect2

  1. Clients sends a request for authorization token from Secure Token Service (STS) API that has a reference to Identity Server4.
  2. The token presented to the client from STS will be in JSON Web Token format.
  3. The JSON Web Token with will be passed to the Web API method
  4. Dataset will be returned to the client.

The process of granting Client application to call the methods within WebAPI is commonly referred to as a OAuth flow and involves the steps involved in granting consent (permission) to invoked the methods in WebAPI

The sample code solution structure has the following highlighted projects:

OpenIDConnect3

 

IdentityServer(SecureTokenService)> SEIS.IdentitySrv

WebAPI > SEIS.Registration.Api

Client > ConsoleAppClient

An understanding of ADFS concepts will be helpful, the steps described below are synonymous to setting up relying party trust in ADFS.

Step 1: Build and Configure Secure Token Service 

ASP.NET Core provides built in DI (Dependency Inject) and this capability is used to set up STS.

OpenIDConnect4

IdentityServer needs to have following information

  • Clients trying to access WebAPI
  • List of API end points IdentityServer is trying to secure

In our sample scenario they will be ConsoleApp (Client), RegistrationAPI. The plumbing  code will be in Startup.cs

OpenIDConnect5

Config.GetAllApiResources() and Config.GetAllClients() will have pointers to WebAPI and ConsoleApp Client respectively

OpenIDConnect9

This will setup STS with known clients and API resources

Step 2: Build WebAPI and configure to use STS

Using DI (dependency injection) in Starup.cs specify the Secure Token Service (STS) under ConfigureServices method

OpenIDConnect6

Now indicate to use authentication

OpenIDConnect7

The above will set up API to accept access token from STS.  To add permissions to Controller method(s) we need to add Authorize attribute

OpenIDConnect8

Step 3: Build ConsoleApp to request AccessToken from STS before invoking WebAPI methods

The first step for ConsoleApp client will be to request AccessToken from STS and then pass the token using SetBearerToken method of HttpClient object before calling the WebAPI methods

OpenIDConnect10

Result of ConsoleApp client

OpenIDConnect11

The access_token issued by STS confirms to JSON Web Token Format (reference) decoding this at jwt.io will show the following result

OpenIDConnect12