最新消息:ww12345678 的部落格重装上线,希望大家继续支持。
    你的位置:ww12345678 的部落格 | AX Helper > 网络文摘 > 本地 D365FO 的 OData 身份验证/OData Authentication for On-Premises D365FO

    本地 D365FO 的 OData 身份验证/OData Authentication for On-Premises D365FO

    网络文摘 William 2浏览 0评论
    Hi Folks, 
    Integrating with D365FO via OData is a powerful way to enable external systems to interact with ERP data. While cloud-hosted environments use Azure Active Directory (AAD) for authentication, on-premises deployments require a different approach—primarily relying on Active Directory Federation Services (AD FS). This post walks through the essentials of authenticating OData requests in an on-prem D365FO setup.
    OData in D365FO exposes data entities over RESTful endpoints, enabling CRUD operations. In on-prem environments, authentication is handled by AD FS, which issues security tokens based on user credentials. These tokens are then used to authorize access to the OData endpoints.
    Below are key component for this entire process, 
    1. AD
      FS Configuration

    ü 
    AD FS must be properly configured and integrated
    with D365FO.

    ü 
    The AOS (Application Object Server) uses AD FS
    metadata to validate tokens.

    ü 
    Ensure the AD FS XML configuration file is
    accessible to AOS.

    1. Client
      Application Setup

    ü 
    External apps (e.g., Postman, .NET clients) must
    be registered in AD FS.

    ü 
    You’ll need:

    ü 
    Client ID (from AD FS or Azure App Registration)

    ü 
    Resource URI (typically the D365FO base URL)

    ü 
    Token Endpoint (AD FS OAuth2 endpoint)

    1. Token
      Acquisition

    ü 
    Use OAuth2 protocol to acquire a bearer token.

    ü 
    The token request includes:

    §  grant_type=password

    §  client_id

    §  username
    and password

    §  resource
    (D365FO URL)

    ü 
    AD FS returns a JWT token if credentials are
    valid.

    1. Calling
      OData

    ü 
    Include the token in the Authorization header:  Authorization:
    Bearer <access_token>

    ü 
    Use standard OData URLs like:  https://<your-d365fo-url>/data/Customers 

    Lets take an example to authentication via Postman;
    1. Get
      Token

    ü  POST
    to AD FS token endpoint: https://<adfs-url>/adfs/oauth2/token

    ü 
    Body (x-www-form-urlencoded):

                client_id=<your-client-id>

    username=<your-username>

    password=<your-password>

    grant_type=password

    resource=https://<your-d365fo-url>

     

    1. Use
      Token

    ü 
    Add Authorization: Bearer<token> header to your OData request.

    1. Test
      Endpoint

    ü  GET:
     https://<your-d365fo-url>/data/Customers

    Please be aware; 

    • Token Expiry: Tokens typically expire after 1 hour. Refresh or reacquire as needed.

    • AD FS Clock Skew: Ensure time sync between AD FS and AOS servers.

    • SSL Certificates: AD FS endpoints must be secured with valid SSL certs.

    • User Permissions: The authenticated user must have access to the data entities.

    -Harry
    Follow us on Facebook to keep in rhythm with us. https:fb.com/theaxapta

    转载请注明:ww12345678 的部落格 | AX Helper » 本地 D365FO 的 OData 身份验证/OData Authentication for On-Premises D365FO

    继续浏览有关 的文章

    与本文相关的文章

    发表我的评论
    取消评论

    表情

    Hi,您需要填写昵称和邮箱!

    • 昵称 (必填)
    • 邮箱 (必填)
    • 网址