I have explained how to use CRM Mobile Helper Library and how to register your application to Azure AD to use OAtuh 2.0 for authorization, as well as how to use CrmSvcUtil.exe extension to generate early bound types for mobile development.
This time, I explain how to register you application to On-Premise and more tips for Online.
Register your application to On-Premise
As I explained in part 1, you need to register your application to use OAuth 2.0. For On-Premise, you register your application to Active Directory Federation Service (AD FS) and below is prerequisites.
- Dynamics CRM 2013 or above with IFD configured.
- Windows Server 2012 R2 AD FS.
Confirm RedirectUrl and create ClientId.
Obtain RedirectUrl which you need to register your application.
1. Open Microsoft.Crm.Sdk.Mobile.sln and build the project.
2. Open ActivityTracker.sln you downloaded.
3. Right click Reference and add reference to compiled “Microsoft.Crm.Sdk.Mobile.dll” at step 1.
4. Open ActivityTrackerHelper.cs and set breakpoint at line 65.
5. Start debugging, which downloads NuGet packages and launches Windows Phone emulator.
6. When hitting the breakpoint, press F11 to move one more step so that you can grab RedirectUrl value.
7. Note the value.
8. Next, ClientId. Unlike Azure AD, you can specify which ClientId you want to use. In this case, as sample app already have dummy ClientId, I just re-use it. In real scenario, please generate one by your own. You find ClientId just below the RedirectUri which is “a8c735c8-13bd-4736-beeb-8c715a754bb4”.
Tweak the application
To make this application working against On-Premise AD FS, you need to change just one line.
1. Open ActivityTrackerHelper.cs and go to line 543.
2. Add “false” as second CreateAsync parameter.
authContext = AuthenticationContext.CreateAsync(ActivityTrackerHelper.OAuthUrl, false).GetResults();
Register to AD FS
Next, you register the application to your AD FS.
1. Logon to AD FS server and open PowerShell.
2. Type the following command and press Enter to execute.
>Add-AdfsClient -ClientId a8c735c8-13bd-4736-beeb-8c715a754bb4 -Name "ActivityTracker" -RedirectUri <your RedirectUri>
3. To confirm, run the following command.
>Get-AdfsClient -Name “ActivityTracker”
Test the application
1. Run the Activity Tracker App by pressing F5 in Visual Studio.
2. Enter IFD URL of your On-Premise CRM. Click Check mark will navigate you to sign in page.
3. Sign in to confirm it works as expected.
If you have trouble running the application, check the following.
- If you explicitly specify OAuthURL, make sure you are using AD FS address. For example, if your AD FS server is adfs.contoso.com, then OAuthURL is https://adfs.contoso.local/adfs. (https://adfs.contoso.local/adfs/oauth2 or https://adfs.contoso.local/adfs/ls also works)
- If you don’t see Form Authentication page never appear, make sure you enabled Form Authentication at AD FS console for Intranet.
- It seems several environment won’t work correctly due to security settings. Try from different PC, or try using Fiddler to bypass the security for small test. Refer to following link for more detail.
Manage Azure AD from your MSDN subscription
Often time, you use trial Dynamics CRM Online organization to test your mobile application. To use your mobile application against the test organization, there are there choices.
Option 1. Signup Azure trial subscription by using same credential you login to the CRM organization, then login to Azure Portal to register your application where you can find Azure AD tenant for the trial CRM organization.
Option 2. Register your application once somewhere and let Azure handle it by using Consent feature. Actually you don’t have to register your application to each CRM tenant you connect to. If your application connecting to different tenant CRM organization than original registration tenant, user simply sees “consent”.
Option 3. Add Azure AD of the CRM organization tenant to your Azure subscription. By using this method, you are able to register your application to the Azure AD tenant which host your CRM organization, yet you don’t have to signup Azure subscription for each tenant.
Manage other Azure AD from your Azure subscription
1. For test, signup CRM Online trial or use your own test CRM Online organization.
2. Login to Azure Portal by using your existing Azure subscription. I am logging in to current portal (https://manage.windowsazure.com)
3. Select Active Directory.
4. Then click New button on the bottom of the page, select APP SERVICES | ACTIVE DIRECTORY | DIRECTORY, then click Custom Create.
5. Select “Use existing directory” from DIRECTORY menu. Check the “I am ready to be signed out now” and go next.
6. You will be signed out and redirected to sign in page. Sign in by using credential for CRM Online organization. Then you will be prompted confirmation. Click continue.
7. You will sign out then sign in back to your Azure subscription. Now you will find newly added Azure AD tenant. From there you can register your application directly to the tenant.
Next time, I will explain how you can use CRM Mobile Library and ADAL for Xamarin development.
Premier Mission Critical/Premier Field Engineer