If you’re like me you’ll have been excited recently with all the improvements coming in .NET, first with .NET Core and now with .NET 5 and 6. But as Dynamics developers we’ve been locked into using .NET Framework by the Dynamics SDK.

Thankfully that’s changing with the preview Dataverse ServiceClient, which provides a familiar SDK for .NET Core too.

However this library requires the use of OAuth to authenticate to Dynamics. This is great security-wise, but can lead to problems connecting to older on-prem systems where OAuth might not be available.

OAuth vs. WS-Trust

By default, on-prem Dynamics CRM & Dynamics 365 use WS-Trust. This older security protocol:

  1. has already been deprecated for online instances
  2. is not available in new environments and
  3. will be removed from existing environments in April 2022

You can enable OAuth for on-prem instances by following some additional steps.

OAuth is definitely what you should be using if at all possible, but what if you’re not in control of the on-prem server and need to connect using WS-Trust from .NET Core?

WS-Trust Compatible Package

Enter my new NuGet package Data8.PowerPlatform.Dataverse.Client!

This builds on top of the preview SDK and provides a new OnPremiseClient class. Simply create an instance of this class with the URL of the organization service, username and password. It implements the standard IOrganizationService interface so you can use it as a drop-in replacement wherever you are using the regular SDK.

var svc = new OnPremiseClient("https://org.crm.contoso.com/XRMServices/2011/OrganizationService.svc", "AD\\username", "password");
var qry = new QueryExpression("contact");
qry.Criteria.AddCondition("firstname", ConditionOperator.Equal, "Mark");
qry.Criteria.AddCondition("lastname", ConditionOperator.Equal, "Carrington");
var results = svc.RetrieveMultiple(qry);

Other than switching ServiceClient for OnPremiseClient you shouldn’t need to make any other changes to your code to use this package – all the query, entity etc. types are reused from the Microsoft SDK.

This library does require claims-based authentication to be enabled on the server – it doesn’t work with Windows authentication. The library is open source however if you want to have a go at adding this in!

Many thanks to Data8 for agreeing to open up this library to the community!

5 thoughts on “Connecting to on-prem Dynamics from .NET Core without OAuth”

    1. The way the authentication protocols work on HTTP is very different as it needs to do all the encryption work itself rather than relying on the HTTPS encryption. It seems like a lot of extra work to do this and I haven’t personally had the need, but I’d be happy to review any code submissions to add support for it.

  1. Any idea how to make this work when a service using this connection is accessible via a load balancer? i get the “security context token is expired” error after a while. Thanks

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.