D365 Finance & Operations and Dynamics AX Forum

Expand all | Collapse all

Odata Authentication

  • 1.  Odata Authentication

    SILVER CONTRIBUTOR
    Posted 13 days ago
    I am creating an MVC web site that integrates with Finance and Operations through the Odata services.  When I execute the site on the development server (localhost) everything works properly.  However, when i publish the site to an IIS web server it is unable to authenticate with Azure AD.  Interestingly, is I set up a proxy to use fiddler on the server to diagnose the issue, the application begins working.

    Any ideas on how to resolve the issue would be greatly appreciated.

    ------------------------------
    Scott Anderson
    IT Manager
    Nomaco
    Zebulon NC
    ------------------------------
    Digital Acceleration Binge Day.  January 28th 2021 | 11:00 AM - 2:00 PM EST


  • 2.  RE: Odata Authentication

    Posted 12 days ago
    Scott, A bit more information on the authentication methods would be helpful. Are you using the App Authorization Code method? https://docs.microsoft.com/en-us/previous-versions/azure/dn645542(v=azure.100)?redirectedfrom=MSDN

    On the Fiddler issue - Auth methods are designed to break when you have a man-in-middle like Fiddler, to prevent attacks, so Fiddler is not always a great tool for troubleshooting auth issues.

    https://docs.microsoft.com/en-us/dynamics365/fin-ops-core/dev-itpro/data-entities/services-home-page

    A reference project Microsoft provides: https://github.com/Microsoft/Dynamics-AX-Integration/tree/master/ServiceSamples/AuthenticationUtility

    ------------------------------
    Brent Hawthorne
    Sr Manager of Application Development
    Daisy Brand
    Dallas TX
    ------------------------------

    Digital Acceleration Binge Day.  January 28th 2021 | 11:00 AM - 2:00 PM EST


  • 3.  RE: Odata Authentication

    SILVER CONTRIBUTOR
    Posted 12 days ago
    Hi Brent, thank you for your reply.  We are using the App Authorization method with Client ID and Secret.  Everything I have read indicated the issue is likely related to the redirect address and it works locally and via Fiddler because bother reference themselves as localhost - which AAD makes exceptions for.  Let me know if you agree.

    The question that comes out of that but I have not found a direct reference to is "In order to get ClientID/Secret to work does the redirect address have to be globally accessible (IE: not behind a firewall or NAT).

    Thanks,

    ------------------------------
    Scott Anderson
    IT Manager
    Nomaco
    Zebulon NC
    ------------------------------

    Digital Acceleration Binge Day.  January 28th 2021 | 11:00 AM - 2:00 PM EST


If you've found this thread useful, dive deeper into User Group community content by role