Hello,
We have an ASP.NET MVC 4 application that runs inside an iframe in MS CRM 2013. The web application uses the MS CRM web services (Organization web service) to retrieve and save data. To do so, it needs to authenticate. For
on-premises we are using windows authentication and impersonate with the currently logged user in MS CRM (user id is passed to the iframe URL). It works like a charm.
However for MS CRM 2013 Online, since we want to avoid storing any user credentials in our application, we have chosen to use OAuth. Any suggestion how to achieve the same in a different way are most welcome since it does not seam right to use a method mostly
for non-dot-net clients.
We are able to get the code calling: https://login.windows.net/{0}/oauth2/authorize?response_type=code&resource={1}&client_id={2}&redirect_uri={3}. But when I ask for the token, I get a 400 Bad Request error.
Request
Method: POST
URL: https://login.windows.net/{0}/oauth2/token?api-version=1.0
Header:
User-Agent: Fiddler
Host: login.windows.net
Content-Length: 563
Content-Type: application/x-www-form-urlencoded
Body:
grant_type=authorization_code&code={0}&redirect_uri={1}&resource={2}
Response
{"error":"unsupported_grant_type","error_description":"ACS70003: The access grant \u0027authorization_code\u0027 is not supported...}
The comments under this article (http://blogs.msdn.com/b/aadgraphteam/archive/2013/05/17/using-oauth-2-0-authorization-code-grant-for-delegated-access-of-directory-via-aad-graph.aspx?CommentPosted=true#commentmessage) suggest that this is a Azure AD bug but
it should have been fixed by now, I guess. Am I doing something wrong?
Thanks in advance,
Enoch