Consuming CRM 365 on-premise Web Api via HTTPS
0
I have the following code which works as expected:
var credentials = new NetworkCredential(UserName, Password, Domain);
var httpMessageHandler = new HttpClientHandler { Credentials = credentials };
HttpClient httpClient = new HttpClient(httpMessageHandler);
try
{
using (httpClient)
{
httpClient.BaseAddress = new Uri(ResourceUrl);
httpClient.Timeout = new TimeSpan(0, 2, 0); //2 minutes
var response = httpClient.GetAsync("data/v8.2/contacts?$top=1", HttpCompletionOption.ResponseHeadersRead).Result;
var response1Content = response.Content.ReadAsStringAsync().Result;
}
}
However, when I try to access the same resource via HTTPS (where ADFS 3 is the authority), I am not able to.
Microsoft provide some sample helper code encapsulated in the Authorization class here. I have used this, so my code now looks like this:
Configuration configuration = new Configuration();
configuration.Username = UserName;
configuration.Password = secure;
configuration.Domain = Domain;
configuration.ServiceUrl = ServiceUrl;
configuration.RedirectUrl = RedirectUrl;
configuration.ClientId = ClientId;
var credentials = new NetworkCredential(UserName, Password, Domain);
var httpMessageHandler = new HttpClientHandler { Credentials = credentials };
Authentication authentication = new Authentication(configuration, AdfsUrl);
OAuthMessageHandler oAuthHttpMessageHandler = new OAuthMessageHandler(authentication, httpMessageHandler);
HttpClient httpClient = new HttpClient(oAuthHttpMessageHandler);
try
{
using (httpClient)
{
httpClient.BaseAddress = new Uri(ServiceUrl);
httpClient.Timeout = new TimeSpan(0, 2, 0); //2 minutes
var response = httpClient.GetAsync("data/v8.2/contacts?$top=1", HttpCompletionOption.ResponseHeadersRead).Result;
var response1Content = response.Content.ReadAsStringAsync().Result;
}
}
However this now gived me the following exception when it hits this line:
var response = httpClient.GetAsync("data/v8.2/contacts?$top=1", HttpCompletionOption.ResponseHeadersRead).Result;
Any suggestions would be highly appreciated.
rest api https crm adfs
asked Nov 26 '18 at 12:31
tonycdptonycdp
565
add a comment |
0
I have the following code which works as expected:
var credentials = new NetworkCredential(UserName, Password, Domain);
var httpMessageHandler = new HttpClientHandler { Credentials = credentials };
HttpClient httpClient = new HttpClient(httpMessageHandler);
try
{
using (httpClient)
{
httpClient.BaseAddress = new Uri(ResourceUrl);
httpClient.Timeout = new TimeSpan(0, 2, 0); //2 minutes
var response = httpClient.GetAsync("data/v8.2/contacts?$top=1", HttpCompletionOption.ResponseHeadersRead).Result;
var response1Content = response.Content.ReadAsStringAsync().Result;
}
}
However, when I try to access the same resource via HTTPS (where ADFS 3 is the authority), I am not able to.
Microsoft provide some sample helper code encapsulated in the Authorization class here. I have used this, so my code now looks like this:
Configuration configuration = new Configuration();
configuration.Username = UserName;
configuration.Password = secure;
configuration.Domain = Domain;
configuration.ServiceUrl = ServiceUrl;
configuration.RedirectUrl = RedirectUrl;
configuration.ClientId = ClientId;
var credentials = new NetworkCredential(UserName, Password, Domain);
var httpMessageHandler = new HttpClientHandler { Credentials = credentials };
Authentication authentication = new Authentication(configuration, AdfsUrl);
OAuthMessageHandler oAuthHttpMessageHandler = new OAuthMessageHandler(authentication, httpMessageHandler);
HttpClient httpClient = new HttpClient(oAuthHttpMessageHandler);
try
{
using (httpClient)
{
httpClient.BaseAddress = new Uri(ServiceUrl);
httpClient.Timeout = new TimeSpan(0, 2, 0); //2 minutes
var response = httpClient.GetAsync("data/v8.2/contacts?$top=1", HttpCompletionOption.ResponseHeadersRead).Result;
var response1Content = response.Content.ReadAsStringAsync().Result;
}
}
However this now gived me the following exception when it hits this line:
var response = httpClient.GetAsync("data/v8.2/contacts?$top=1", HttpCompletionOption.ResponseHeadersRead).Result;
Any suggestions would be highly appreciated.
rest api https crm adfs
asked Nov 26 '18 at 12:31
tonycdptonycdp
565
Share the exception
– Arun Vinoth
Nov 27 '18 at 4:04
add a comment |
0
0
0
I have the following code which works as expected:
var credentials = new NetworkCredential(UserName, Password, Domain);
var httpMessageHandler = new HttpClientHandler { Credentials = credentials };
HttpClient httpClient = new HttpClient(httpMessageHandler);
try
{
using (httpClient)
{
httpClient.BaseAddress = new Uri(ResourceUrl);
httpClient.Timeout = new TimeSpan(0, 2, 0); //2 minutes
var response = httpClient.GetAsync("data/v8.2/contacts?$top=1", HttpCompletionOption.ResponseHeadersRead).Result;
var response1Content = response.Content.ReadAsStringAsync().Result;
}
}
However, when I try to access the same resource via HTTPS (where ADFS 3 is the authority), I am not able to.
Microsoft provide some sample helper code encapsulated in the Authorization class here. I have used this, so my code now looks like this:
Configuration configuration = new Configuration();
configuration.Username = UserName;
configuration.Password = secure;
configuration.Domain = Domain;
configuration.ServiceUrl = ServiceUrl;
configuration.RedirectUrl = RedirectUrl;
configuration.ClientId = ClientId;
var credentials = new NetworkCredential(UserName, Password, Domain);
var httpMessageHandler = new HttpClientHandler { Credentials = credentials };
Authentication authentication = new Authentication(configuration, AdfsUrl);
OAuthMessageHandler oAuthHttpMessageHandler = new OAuthMessageHandler(authentication, httpMessageHandler);
HttpClient httpClient = new HttpClient(oAuthHttpMessageHandler);
try
{
using (httpClient)
{
httpClient.BaseAddress = new Uri(ServiceUrl);
httpClient.Timeout = new TimeSpan(0, 2, 0); //2 minutes
var response = httpClient.GetAsync("data/v8.2/contacts?$top=1", HttpCompletionOption.ResponseHeadersRead).Result;
var response1Content = response.Content.ReadAsStringAsync().Result;
}
}
However this now gived me the following exception when it hits this line:
var response = httpClient.GetAsync("data/v8.2/contacts?$top=1", HttpCompletionOption.ResponseHeadersRead).Result;
Any suggestions would be highly appreciated.
rest api https crm adfs
asked Nov 26 '18 at 12:31
tonycdptonycdp
565
I have the following code which works as expected:
var credentials = new NetworkCredential(UserName, Password, Domain);
var httpMessageHandler = new HttpClientHandler { Credentials = credentials };
HttpClient httpClient = new HttpClient(httpMessageHandler);
try
{
using (httpClient)
{
httpClient.BaseAddress = new Uri(ResourceUrl);
httpClient.Timeout = new TimeSpan(0, 2, 0); //2 minutes
var response = httpClient.GetAsync("data/v8.2/contacts?$top=1", HttpCompletionOption.ResponseHeadersRead).Result;
var response1Content = response.Content.ReadAsStringAsync().Result;
}
}
However, when I try to access the same resource via HTTPS (where ADFS 3 is the authority), I am not able to.
Microsoft provide some sample helper code encapsulated in the Authorization class here. I have used this, so my code now looks like this:
Configuration configuration = new Configuration();
configuration.Username = UserName;
configuration.Password = secure;
configuration.Domain = Domain;
configuration.ServiceUrl = ServiceUrl;
configuration.RedirectUrl = RedirectUrl;
configuration.ClientId = ClientId;
var credentials = new NetworkCredential(UserName, Password, Domain);
var httpMessageHandler = new HttpClientHandler { Credentials = credentials };
Authentication authentication = new Authentication(configuration, AdfsUrl);
OAuthMessageHandler oAuthHttpMessageHandler = new OAuthMessageHandler(authentication, httpMessageHandler);
HttpClient httpClient = new HttpClient(oAuthHttpMessageHandler);
try
{
using (httpClient)
{
httpClient.BaseAddress = new Uri(ServiceUrl);
httpClient.Timeout = new TimeSpan(0, 2, 0); //2 minutes
var response = httpClient.GetAsync("data/v8.2/contacts?$top=1", HttpCompletionOption.ResponseHeadersRead).Result;
var response1Content = response.Content.ReadAsStringAsync().Result;
}
}
However this now gived me the following exception when it hits this line:
var response = httpClient.GetAsync("data/v8.2/contacts?$top=1", HttpCompletionOption.ResponseHeadersRead).Result;
Any suggestions would be highly appreciated.
rest api https crm adfs
rest api https crm adfs
asked Nov 26 '18 at 12:31
tonycdptonycdp
565
asked Nov 26 '18 at 12:31
tonycdptonycdp
565
edited Nov 26 '18 at 12:39
tonycdp
asked Nov 26 '18 at 12:31
tonycdptonycdp
565
asked Nov 26 '18 at 12:31
tonycdptonycdp
565
asked Nov 26 '18 at 12:31
tonycdptonycdp
565
565
Share the exception
– Arun Vinoth
Nov 27 '18 at 4:04
add a comment |
Share the exception
– Arun Vinoth
Nov 27 '18 at 4:04
Share the exception
– Arun Vinoth
Nov 27 '18 at 4:04
Share the exception
– Arun Vinoth
Nov 27 '18 at 4:04
add a comment |
1 Answer
1
active
oldest
votes
0
In the end I had to implement a multi-step custom solution:
STEP 1. POST to
https://myadfs.com/adfs/oauth2/authorize?response_type=code&redirect_uri=https://mywebsiterequiringadfsauthorisation.com&resource=https://mywebsiterequiringadfsauthorisation.com&client_id=12ab34cd-12ab-12ab-12ab-12ab3412abcd&RedirectToIdentityProvider=https://myadfs.com//adfs/services/trust
and the following body:
Body:
response_type:code
redirect_uri:https://mywebsiterequiringadfsauthorisation.com
resource:https://mywebsiterequiringadfsauthorisation.com
client_id:12ab34cd-12ab-12ab-12ab-12ab3412abcd
RedirectToIdentityProvider:https://myadfs.com/adfs/services/trust
This step if successful returns a 301 Found response from the server. Headers of the response contain the Location which looks something like this :
Location:
https://mywebsiterequiringadfsauthorisation.com:443/?code=HotI0lPfMEGhcEo7zXqFEQ.yjKLgch71ggSADojHBJkCobAXTU.gomySyiXeFHuXohPstY5MOtH_eRp4Cnr65q3PaIEXZ-Fz3dp-e25hr09QDUDBCqz08ROWEN9tcoZEAwAKG_pepLTnNVHOZwbrhaYlc2XRjZ4IrCJGZPqfapnQphXDR_4cPl7tIIt3q7ORaVF5LbAyv76bTeCGqKSNsCmeP6IrGigZoDBBxAdfGMg-Pg_Ebs_SaPY1P3Q2egKkkpCYfks8-kkHJNAhS5Wv2Qio_XzIdUOO6zWU9YGdGQdC1U-VNeHwJDm8GzVtXxbD9aTdQFwdUlg2DELyQxEOPcDLQG2BKmdxRGF3jRd_OUvaIzsKVz4u0fcNpeIhXNHsYGtvRZHLw
STEP 2
Extract the Code from the Header/Location of the response and construct the second request to the ADFS:
POST to https://myadfs.com/adfs/oauth2/token with the following body content:
Body:
client_id:12ab34cd-12ab-12ab-12ab-12ab3412abcd
redirect_uri:https://mywebsiterequiringadfsauthorisation.com
grant_type:authorization_code
code:HotI0lPfMEGhcEo7zXqFEQ.yjKLgch71ggSADojHBJkCobAXTU.gomySyiXeFHuXohPstY5MOtH_eRp4Cnr65q3PaIEXZ-Fz3dp-e25hr09QDUDBCqz08ROWEN9tcoZEAwAKG_pepLTnNVHOZwbrhaYlc2XRjZ4IrCJGZPqfapnQphXDR_4cPl7tIIt3q7ORaVF5LbAyv76bTeCGqKSNsCmeP6IrGigZoDBBxAdfGMg-Pg_Ebs_SaPY1P3Q2egKkkpCYfks8-kkHJNAhS5Wv2Qio_XzIdUOO6zWU9YGdGQdC1U-VNeHwJDm8GzVtXxbD9aTdQFwdUlg2DELyQxEOPcDLQG2BKmdxRGF3jRd_OUvaIzsKVz4u0fcNpeIhXNHsYGtvRZHLw
If all is Ok, you should get an 200 OK response with a JSON response containing your access token:
{
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IlhscG9zR0pGbjE3OHlrNWFwcjl0R01ERGdwNCJ9.eyJhdWQiOiJodHRwczovL2N3Y3JtLnRoZWZhLmNvbS8iLCJpc3MiOiJodHRwczovL3dnc3N0c3IudGhlZmEuY29tL2FkZnMvc2VydmljZXMvdHJ1c3QiLCJpYXQiOjE1NDcxMTc3ODAsImV4cCI6MTU0NzIwNDE4MCwidXBuIjoicHJkX2N3MjAxNl9pbnRAdGhlZmEubG9jYWwiLCJwcmltYXJ5c2lkIjoiUy0xLTUtMjEtMTc1OTM5NjE5My0yMDMwMjE4Mzg4LTM0NjczNTc3OTMtMzc5NiIsInVuaXF1ZV9uYW1lIjoiVEhFRkFcXFBSRF9DVzIwMTZfSU5UIiwiYXV0aF90aW1lIjoiMjAxOS0wMS0xMFQxMDo1NjoxNC42NDVaIiwiYXV0aG1ldGhvZCI6InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkUHJvdGVjdGVkVHJhbnNwb3J0IiwidmVyIjoiMS4wIiwiYXBwaWQiOiIxMmFiMzRjZC0xMmFiLTEyYWItMTJhYi0xMmFiMzQxMmFiY2QifQ.fdvBavODiXOQM-UNBD59sgvqz357P5DzEOGifY0TfMZUjGrHc-IdZU9eqJNsUbtK4_FsrnoV6OKK8Vc4tvDITIw5D8i5uPP0tK_yDWs3Jdw5v3RUDDH2Q5yWrEed6KASO40q-YeowzMaLkf3EDE33Iyrh_J5K29hYnVJJ_4uVxAxdzIAM-Mp9HqfLtpwtEOyWe3PaTjGe8uGRXKstOFy0yNFvURaEohp628EYmA_lieTXA0TVVXG-KCV5QfuG7SWblErPR7nZI27iSs4xPyWkf68JfQOodfQ5iDHR3AWcWtNPd2b2h7VdKO3gMUsux9e__GO43Uzu9hf_l3nOMvNbA",
"token_type": "bearer",
"expires_in": 86400
}
STEP 3
Put the Access Token in the Header of any subsequent requests.
answered Jan 16 at 15:56
tonycdptonycdp
565
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53481192%2fconsuming-crm-365-on-premise-web-api-via-https%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
0
In the end I had to implement a multi-step custom solution:
STEP 1. POST to
https://myadfs.com/adfs/oauth2/authorize?response_type=code&redirect_uri=https://mywebsiterequiringadfsauthorisation.com&resource=https://mywebsiterequiringadfsauthorisation.com&client_id=12ab34cd-12ab-12ab-12ab-12ab3412abcd&RedirectToIdentityProvider=https://myadfs.com//adfs/services/trust
and the following body:
Body:
response_type:code
redirect_uri:https://mywebsiterequiringadfsauthorisation.com
resource:https://mywebsiterequiringadfsauthorisation.com
client_id:12ab34cd-12ab-12ab-12ab-12ab3412abcd
RedirectToIdentityProvider:https://myadfs.com/adfs/services/trust
This step if successful returns a 301 Found response from the server. Headers of the response contain the Location which looks something like this :
Location:
https://mywebsiterequiringadfsauthorisation.com:443/?code=HotI0lPfMEGhcEo7zXqFEQ.yjKLgch71ggSADojHBJkCobAXTU.gomySyiXeFHuXohPstY5MOtH_eRp4Cnr65q3PaIEXZ-Fz3dp-e25hr09QDUDBCqz08ROWEN9tcoZEAwAKG_pepLTnNVHOZwbrhaYlc2XRjZ4IrCJGZPqfapnQphXDR_4cPl7tIIt3q7ORaVF5LbAyv76bTeCGqKSNsCmeP6IrGigZoDBBxAdfGMg-Pg_Ebs_SaPY1P3Q2egKkkpCYfks8-kkHJNAhS5Wv2Qio_XzIdUOO6zWU9YGdGQdC1U-VNeHwJDm8GzVtXxbD9aTdQFwdUlg2DELyQxEOPcDLQG2BKmdxRGF3jRd_OUvaIzsKVz4u0fcNpeIhXNHsYGtvRZHLw
STEP 2
Extract the Code from the Header/Location of the response and construct the second request to the ADFS:
POST to https://myadfs.com/adfs/oauth2/token with the following body content:
Body:
client_id:12ab34cd-12ab-12ab-12ab-12ab3412abcd
redirect_uri:https://mywebsiterequiringadfsauthorisation.com
grant_type:authorization_code
code:HotI0lPfMEGhcEo7zXqFEQ.yjKLgch71ggSADojHBJkCobAXTU.gomySyiXeFHuXohPstY5MOtH_eRp4Cnr65q3PaIEXZ-Fz3dp-e25hr09QDUDBCqz08ROWEN9tcoZEAwAKG_pepLTnNVHOZwbrhaYlc2XRjZ4IrCJGZPqfapnQphXDR_4cPl7tIIt3q7ORaVF5LbAyv76bTeCGqKSNsCmeP6IrGigZoDBBxAdfGMg-Pg_Ebs_SaPY1P3Q2egKkkpCYfks8-kkHJNAhS5Wv2Qio_XzIdUOO6zWU9YGdGQdC1U-VNeHwJDm8GzVtXxbD9aTdQFwdUlg2DELyQxEOPcDLQG2BKmdxRGF3jRd_OUvaIzsKVz4u0fcNpeIhXNHsYGtvRZHLw
If all is Ok, you should get an 200 OK response with a JSON response containing your access token:
{
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IlhscG9zR0pGbjE3OHlrNWFwcjl0R01ERGdwNCJ9.eyJhdWQiOiJodHRwczovL2N3Y3JtLnRoZWZhLmNvbS8iLCJpc3MiOiJodHRwczovL3dnc3N0c3IudGhlZmEuY29tL2FkZnMvc2VydmljZXMvdHJ1c3QiLCJpYXQiOjE1NDcxMTc3ODAsImV4cCI6MTU0NzIwNDE4MCwidXBuIjoicHJkX2N3MjAxNl9pbnRAdGhlZmEubG9jYWwiLCJwcmltYXJ5c2lkIjoiUy0xLTUtMjEtMTc1OTM5NjE5My0yMDMwMjE4Mzg4LTM0NjczNTc3OTMtMzc5NiIsInVuaXF1ZV9uYW1lIjoiVEhFRkFcXFBSRF9DVzIwMTZfSU5UIiwiYXV0aF90aW1lIjoiMjAxOS0wMS0xMFQxMDo1NjoxNC42NDVaIiwiYXV0aG1ldGhvZCI6InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkUHJvdGVjdGVkVHJhbnNwb3J0IiwidmVyIjoiMS4wIiwiYXBwaWQiOiIxMmFiMzRjZC0xMmFiLTEyYWItMTJhYi0xMmFiMzQxMmFiY2QifQ.fdvBavODiXOQM-UNBD59sgvqz357P5DzEOGifY0TfMZUjGrHc-IdZU9eqJNsUbtK4_FsrnoV6OKK8Vc4tvDITIw5D8i5uPP0tK_yDWs3Jdw5v3RUDDH2Q5yWrEed6KASO40q-YeowzMaLkf3EDE33Iyrh_J5K29hYnVJJ_4uVxAxdzIAM-Mp9HqfLtpwtEOyWe3PaTjGe8uGRXKstOFy0yNFvURaEohp628EYmA_lieTXA0TVVXG-KCV5QfuG7SWblErPR7nZI27iSs4xPyWkf68JfQOodfQ5iDHR3AWcWtNPd2b2h7VdKO3gMUsux9e__GO43Uzu9hf_l3nOMvNbA",
"token_type": "bearer",
"expires_in": 86400
}
STEP 3
Put the Access Token in the Header of any subsequent requests.
answered Jan 16 at 15:56
tonycdptonycdp
565
add a comment |
0
In the end I had to implement a multi-step custom solution:
STEP 1. POST to
https://myadfs.com/adfs/oauth2/authorize?response_type=code&redirect_uri=https://mywebsiterequiringadfsauthorisation.com&resource=https://mywebsiterequiringadfsauthorisation.com&client_id=12ab34cd-12ab-12ab-12ab-12ab3412abcd&RedirectToIdentityProvider=https://myadfs.com//adfs/services/trust
and the following body:
Body:
response_type:code
redirect_uri:https://mywebsiterequiringadfsauthorisation.com
resource:https://mywebsiterequiringadfsauthorisation.com
client_id:12ab34cd-12ab-12ab-12ab-12ab3412abcd
RedirectToIdentityProvider:https://myadfs.com/adfs/services/trust
This step if successful returns a 301 Found response from the server. Headers of the response contain the Location which looks something like this :
Location:
https://mywebsiterequiringadfsauthorisation.com:443/?code=HotI0lPfMEGhcEo7zXqFEQ.yjKLgch71ggSADojHBJkCobAXTU.gomySyiXeFHuXohPstY5MOtH_eRp4Cnr65q3PaIEXZ-Fz3dp-e25hr09QDUDBCqz08ROWEN9tcoZEAwAKG_pepLTnNVHOZwbrhaYlc2XRjZ4IrCJGZPqfapnQphXDR_4cPl7tIIt3q7ORaVF5LbAyv76bTeCGqKSNsCmeP6IrGigZoDBBxAdfGMg-Pg_Ebs_SaPY1P3Q2egKkkpCYfks8-kkHJNAhS5Wv2Qio_XzIdUOO6zWU9YGdGQdC1U-VNeHwJDm8GzVtXxbD9aTdQFwdUlg2DELyQxEOPcDLQG2BKmdxRGF3jRd_OUvaIzsKVz4u0fcNpeIhXNHsYGtvRZHLw
STEP 2
Extract the Code from the Header/Location of the response and construct the second request to the ADFS:
POST to https://myadfs.com/adfs/oauth2/token with the following body content:
Body:
client_id:12ab34cd-12ab-12ab-12ab-12ab3412abcd
redirect_uri:https://mywebsiterequiringadfsauthorisation.com
grant_type:authorization_code
code:HotI0lPfMEGhcEo7zXqFEQ.yjKLgch71ggSADojHBJkCobAXTU.gomySyiXeFHuXohPstY5MOtH_eRp4Cnr65q3PaIEXZ-Fz3dp-e25hr09QDUDBCqz08ROWEN9tcoZEAwAKG_pepLTnNVHOZwbrhaYlc2XRjZ4IrCJGZPqfapnQphXDR_4cPl7tIIt3q7ORaVF5LbAyv76bTeCGqKSNsCmeP6IrGigZoDBBxAdfGMg-Pg_Ebs_SaPY1P3Q2egKkkpCYfks8-kkHJNAhS5Wv2Qio_XzIdUOO6zWU9YGdGQdC1U-VNeHwJDm8GzVtXxbD9aTdQFwdUlg2DELyQxEOPcDLQG2BKmdxRGF3jRd_OUvaIzsKVz4u0fcNpeIhXNHsYGtvRZHLw
If all is Ok, you should get an 200 OK response with a JSON response containing your access token:
{
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IlhscG9zR0pGbjE3OHlrNWFwcjl0R01ERGdwNCJ9.eyJhdWQiOiJodHRwczovL2N3Y3JtLnRoZWZhLmNvbS8iLCJpc3MiOiJodHRwczovL3dnc3N0c3IudGhlZmEuY29tL2FkZnMvc2VydmljZXMvdHJ1c3QiLCJpYXQiOjE1NDcxMTc3ODAsImV4cCI6MTU0NzIwNDE4MCwidXBuIjoicHJkX2N3MjAxNl9pbnRAdGhlZmEubG9jYWwiLCJwcmltYXJ5c2lkIjoiUy0xLTUtMjEtMTc1OTM5NjE5My0yMDMwMjE4Mzg4LTM0NjczNTc3OTMtMzc5NiIsInVuaXF1ZV9uYW1lIjoiVEhFRkFcXFBSRF9DVzIwMTZfSU5UIiwiYXV0aF90aW1lIjoiMjAxOS0wMS0xMFQxMDo1NjoxNC42NDVaIiwiYXV0aG1ldGhvZCI6InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkUHJvdGVjdGVkVHJhbnNwb3J0IiwidmVyIjoiMS4wIiwiYXBwaWQiOiIxMmFiMzRjZC0xMmFiLTEyYWItMTJhYi0xMmFiMzQxMmFiY2QifQ.fdvBavODiXOQM-UNBD59sgvqz357P5DzEOGifY0TfMZUjGrHc-IdZU9eqJNsUbtK4_FsrnoV6OKK8Vc4tvDITIw5D8i5uPP0tK_yDWs3Jdw5v3RUDDH2Q5yWrEed6KASO40q-YeowzMaLkf3EDE33Iyrh_J5K29hYnVJJ_4uVxAxdzIAM-Mp9HqfLtpwtEOyWe3PaTjGe8uGRXKstOFy0yNFvURaEohp628EYmA_lieTXA0TVVXG-KCV5QfuG7SWblErPR7nZI27iSs4xPyWkf68JfQOodfQ5iDHR3AWcWtNPd2b2h7VdKO3gMUsux9e__GO43Uzu9hf_l3nOMvNbA",
"token_type": "bearer",
"expires_in": 86400
}
STEP 3
Put the Access Token in the Header of any subsequent requests.
answered Jan 16 at 15:56
tonycdptonycdp
565
add a comment |
0
0
0
In the end I had to implement a multi-step custom solution:
STEP 1. POST to
https://myadfs.com/adfs/oauth2/authorize?response_type=code&redirect_uri=https://mywebsiterequiringadfsauthorisation.com&resource=https://mywebsiterequiringadfsauthorisation.com&client_id=12ab34cd-12ab-12ab-12ab-12ab3412abcd&RedirectToIdentityProvider=https://myadfs.com//adfs/services/trust
and the following body:
Body:
response_type:code
redirect_uri:https://mywebsiterequiringadfsauthorisation.com
resource:https://mywebsiterequiringadfsauthorisation.com
client_id:12ab34cd-12ab-12ab-12ab-12ab3412abcd
RedirectToIdentityProvider:https://myadfs.com/adfs/services/trust
This step if successful returns a 301 Found response from the server. Headers of the response contain the Location which looks something like this :
Location:
https://mywebsiterequiringadfsauthorisation.com:443/?code=HotI0lPfMEGhcEo7zXqFEQ.yjKLgch71ggSADojHBJkCobAXTU.gomySyiXeFHuXohPstY5MOtH_eRp4Cnr65q3PaIEXZ-Fz3dp-e25hr09QDUDBCqz08ROWEN9tcoZEAwAKG_pepLTnNVHOZwbrhaYlc2XRjZ4IrCJGZPqfapnQphXDR_4cPl7tIIt3q7ORaVF5LbAyv76bTeCGqKSNsCmeP6IrGigZoDBBxAdfGMg-Pg_Ebs_SaPY1P3Q2egKkkpCYfks8-kkHJNAhS5Wv2Qio_XzIdUOO6zWU9YGdGQdC1U-VNeHwJDm8GzVtXxbD9aTdQFwdUlg2DELyQxEOPcDLQG2BKmdxRGF3jRd_OUvaIzsKVz4u0fcNpeIhXNHsYGtvRZHLw
STEP 2
Extract the Code from the Header/Location of the response and construct the second request to the ADFS:
POST to https://myadfs.com/adfs/oauth2/token with the following body content:
Body:
client_id:12ab34cd-12ab-12ab-12ab-12ab3412abcd
redirect_uri:https://mywebsiterequiringadfsauthorisation.com
grant_type:authorization_code
code:HotI0lPfMEGhcEo7zXqFEQ.yjKLgch71ggSADojHBJkCobAXTU.gomySyiXeFHuXohPstY5MOtH_eRp4Cnr65q3PaIEXZ-Fz3dp-e25hr09QDUDBCqz08ROWEN9tcoZEAwAKG_pepLTnNVHOZwbrhaYlc2XRjZ4IrCJGZPqfapnQphXDR_4cPl7tIIt3q7ORaVF5LbAyv76bTeCGqKSNsCmeP6IrGigZoDBBxAdfGMg-Pg_Ebs_SaPY1P3Q2egKkkpCYfks8-kkHJNAhS5Wv2Qio_XzIdUOO6zWU9YGdGQdC1U-VNeHwJDm8GzVtXxbD9aTdQFwdUlg2DELyQxEOPcDLQG2BKmdxRGF3jRd_OUvaIzsKVz4u0fcNpeIhXNHsYGtvRZHLw
If all is Ok, you should get an 200 OK response with a JSON response containing your access token:
{
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IlhscG9zR0pGbjE3OHlrNWFwcjl0R01ERGdwNCJ9.eyJhdWQiOiJodHRwczovL2N3Y3JtLnRoZWZhLmNvbS8iLCJpc3MiOiJodHRwczovL3dnc3N0c3IudGhlZmEuY29tL2FkZnMvc2VydmljZXMvdHJ1c3QiLCJpYXQiOjE1NDcxMTc3ODAsImV4cCI6MTU0NzIwNDE4MCwidXBuIjoicHJkX2N3MjAxNl9pbnRAdGhlZmEubG9jYWwiLCJwcmltYXJ5c2lkIjoiUy0xLTUtMjEtMTc1OTM5NjE5My0yMDMwMjE4Mzg4LTM0NjczNTc3OTMtMzc5NiIsInVuaXF1ZV9uYW1lIjoiVEhFRkFcXFBSRF9DVzIwMTZfSU5UIiwiYXV0aF90aW1lIjoiMjAxOS0wMS0xMFQxMDo1NjoxNC42NDVaIiwiYXV0aG1ldGhvZCI6InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkUHJvdGVjdGVkVHJhbnNwb3J0IiwidmVyIjoiMS4wIiwiYXBwaWQiOiIxMmFiMzRjZC0xMmFiLTEyYWItMTJhYi0xMmFiMzQxMmFiY2QifQ.fdvBavODiXOQM-UNBD59sgvqz357P5DzEOGifY0TfMZUjGrHc-IdZU9eqJNsUbtK4_FsrnoV6OKK8Vc4tvDITIw5D8i5uPP0tK_yDWs3Jdw5v3RUDDH2Q5yWrEed6KASO40q-YeowzMaLkf3EDE33Iyrh_J5K29hYnVJJ_4uVxAxdzIAM-Mp9HqfLtpwtEOyWe3PaTjGe8uGRXKstOFy0yNFvURaEohp628EYmA_lieTXA0TVVXG-KCV5QfuG7SWblErPR7nZI27iSs4xPyWkf68JfQOodfQ5iDHR3AWcWtNPd2b2h7VdKO3gMUsux9e__GO43Uzu9hf_l3nOMvNbA",
"token_type": "bearer",
"expires_in": 86400
}
STEP 3
Put the Access Token in the Header of any subsequent requests.
answered Jan 16 at 15:56
tonycdptonycdp
565
In the end I had to implement a multi-step custom solution:
STEP 1. POST to
https://myadfs.com/adfs/oauth2/authorize?response_type=code&redirect_uri=https://mywebsiterequiringadfsauthorisation.com&resource=https://mywebsiterequiringadfsauthorisation.com&client_id=12ab34cd-12ab-12ab-12ab-12ab3412abcd&RedirectToIdentityProvider=https://myadfs.com//adfs/services/trust
and the following body:
Body:
response_type:code
redirect_uri:https://mywebsiterequiringadfsauthorisation.com
resource:https://mywebsiterequiringadfsauthorisation.com
client_id:12ab34cd-12ab-12ab-12ab-12ab3412abcd
RedirectToIdentityProvider:https://myadfs.com/adfs/services/trust
This step if successful returns a 301 Found response from the server. Headers of the response contain the Location which looks something like this :
Location:
https://mywebsiterequiringadfsauthorisation.com:443/?code=HotI0lPfMEGhcEo7zXqFEQ.yjKLgch71ggSADojHBJkCobAXTU.gomySyiXeFHuXohPstY5MOtH_eRp4Cnr65q3PaIEXZ-Fz3dp-e25hr09QDUDBCqz08ROWEN9tcoZEAwAKG_pepLTnNVHOZwbrhaYlc2XRjZ4IrCJGZPqfapnQphXDR_4cPl7tIIt3q7ORaVF5LbAyv76bTeCGqKSNsCmeP6IrGigZoDBBxAdfGMg-Pg_Ebs_SaPY1P3Q2egKkkpCYfks8-kkHJNAhS5Wv2Qio_XzIdUOO6zWU9YGdGQdC1U-VNeHwJDm8GzVtXxbD9aTdQFwdUlg2DELyQxEOPcDLQG2BKmdxRGF3jRd_OUvaIzsKVz4u0fcNpeIhXNHsYGtvRZHLw
STEP 2
Extract the Code from the Header/Location of the response and construct the second request to the ADFS:
POST to https://myadfs.com/adfs/oauth2/token with the following body content:
Body:
client_id:12ab34cd-12ab-12ab-12ab-12ab3412abcd
redirect_uri:https://mywebsiterequiringadfsauthorisation.com
grant_type:authorization_code
code:HotI0lPfMEGhcEo7zXqFEQ.yjKLgch71ggSADojHBJkCobAXTU.gomySyiXeFHuXohPstY5MOtH_eRp4Cnr65q3PaIEXZ-Fz3dp-e25hr09QDUDBCqz08ROWEN9tcoZEAwAKG_pepLTnNVHOZwbrhaYlc2XRjZ4IrCJGZPqfapnQphXDR_4cPl7tIIt3q7ORaVF5LbAyv76bTeCGqKSNsCmeP6IrGigZoDBBxAdfGMg-Pg_Ebs_SaPY1P3Q2egKkkpCYfks8-kkHJNAhS5Wv2Qio_XzIdUOO6zWU9YGdGQdC1U-VNeHwJDm8GzVtXxbD9aTdQFwdUlg2DELyQxEOPcDLQG2BKmdxRGF3jRd_OUvaIzsKVz4u0fcNpeIhXNHsYGtvRZHLw
If all is Ok, you should get an 200 OK response with a JSON response containing your access token:
{
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IlhscG9zR0pGbjE3OHlrNWFwcjl0R01ERGdwNCJ9.eyJhdWQiOiJodHRwczovL2N3Y3JtLnRoZWZhLmNvbS8iLCJpc3MiOiJodHRwczovL3dnc3N0c3IudGhlZmEuY29tL2FkZnMvc2VydmljZXMvdHJ1c3QiLCJpYXQiOjE1NDcxMTc3ODAsImV4cCI6MTU0NzIwNDE4MCwidXBuIjoicHJkX2N3MjAxNl9pbnRAdGhlZmEubG9jYWwiLCJwcmltYXJ5c2lkIjoiUy0xLTUtMjEtMTc1OTM5NjE5My0yMDMwMjE4Mzg4LTM0NjczNTc3OTMtMzc5NiIsInVuaXF1ZV9uYW1lIjoiVEhFRkFcXFBSRF9DVzIwMTZfSU5UIiwiYXV0aF90aW1lIjoiMjAxOS0wMS0xMFQxMDo1NjoxNC42NDVaIiwiYXV0aG1ldGhvZCI6InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkUHJvdGVjdGVkVHJhbnNwb3J0IiwidmVyIjoiMS4wIiwiYXBwaWQiOiIxMmFiMzRjZC0xMmFiLTEyYWItMTJhYi0xMmFiMzQxMmFiY2QifQ.fdvBavODiXOQM-UNBD59sgvqz357P5DzEOGifY0TfMZUjGrHc-IdZU9eqJNsUbtK4_FsrnoV6OKK8Vc4tvDITIw5D8i5uPP0tK_yDWs3Jdw5v3RUDDH2Q5yWrEed6KASO40q-YeowzMaLkf3EDE33Iyrh_J5K29hYnVJJ_4uVxAxdzIAM-Mp9HqfLtpwtEOyWe3PaTjGe8uGRXKstOFy0yNFvURaEohp628EYmA_lieTXA0TVVXG-KCV5QfuG7SWblErPR7nZI27iSs4xPyWkf68JfQOodfQ5iDHR3AWcWtNPd2b2h7VdKO3gMUsux9e__GO43Uzu9hf_l3nOMvNbA",
"token_type": "bearer",
"expires_in": 86400
}
STEP 3
Put the Access Token in the Header of any subsequent requests.
answered Jan 16 at 15:56
tonycdptonycdp
565
answered Jan 16 at 15:56
tonycdptonycdp
565
answered Jan 16 at 15:56
tonycdptonycdp
565
answered Jan 16 at 15:56
tonycdptonycdp
565
565
add a comment |
add a comment |
draft saved
draft discarded
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53481192%2fconsuming-crm-365-on-premise-web-api-via-https%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Share the exception
– Arun Vinoth
Nov 27 '18 at 4:04