search

delegateas / XrmDefinitelyTyped

Tool to generate TypeScript declaration files for Dynamics 365/CDS client-side coding.
http://delegateas.github.io/Delegate.XrmDefinitelyTyped/
MIT License
133 stars 53 forks source link

The HTTP request was forbidden with client authentication scheme 'Anonymous' #288

Closed nathansom closed 1 year ago

nathansom commented 1 year ago

Describe the bug I tried connecting to CRM via both ClientSecret and ConnectionString methods and I always got an error mesage

Invalid Login Information : The HTTP request was forbidden with client authentication scheme 'Anonymous'.
The HTTP request was forbidden with client authentication scheme 'Anonymous'. => The remote server returned an error: (403) Forbidden.Unable to Login to Dynamics CRM

To Reproduce Steps to reproduce the behavior:

  1. Create a project folder

  2. In the project folder, create a file named: packages.config. Set this to the content:

    <?xml version="1.0" encoding="utf-8"?>
<packages>
<package id="Delegate.XrmDefinitelyTyped" version="6.2.0" targetFramework="net46" />
</packages>

    Note: You can also try installing v6.3.0 but it will show the same error message

  3. Create a JavaScript file/function to execute execSync from child_process module. For comand, use nuget install packages.config -OutputDirectory packages.

  4. In packages\Delegate.XrmDefinitelyTyped.6.2.0\content\XrmDefinitelyTyped\XrmDefinitelyTyped.exe.config, add the web API URL for url, then add mfaAppId, mfaClientSecret, and username:

    <?xml version="1.0" encoding="utf-8"?>
<configuration>
<appSettings>
<add key="url" value=""/>
<add key="solutions" value="" />
<add key="ap" value="OnlineFederation"/>
<add key="method" value="ClientSecret"/>
<add key="mfaAppId" value="" />
<add key="mfaClientSecret" value="" />
<add key="username" value=""/>
<add key="out" value="../../../../@types" />
<add key="oneFile" value="true" />
<add key="skipInactiveForms" value="true" />
</appSettings>
</configuration>

I also tried using a connection string method but it also failed:

<?xml version="1.0" encoding="utf-8"?>
   <configuration> 
      <appSettings> 
         <add key="url" value="https://someenv.api.crm.dynamics.com" />
         <add key="connectionString" value="AuthType=ClientSecret;Url=https://someenv.api.crm.dynamics.com/;ClientId={randomguid-3sss-1asdw-1a1s1d-random123};ClientSecret=lkgjlkfgjklgfkljlj989898.gffgf~" />
         <add key="method" value="ConnectionString" /> 
         <add key="solutions" value="SomeSolution" /> 
         <add key="username" value="admin@something.onmicrosoft.com"/> <add key="out" value="../../../../@types" /> 
         <add key="oneFile" value="true" /> 
         <add key="skipInactiveForms" value="true" /> 
     </appSettings>
</configuration>
  1. Create another JS file for function to execute the XrmDefinitelyTyped.exe via execSync
  2. Run that function in #5

Expected behavior Connection to the environment is successful and TypeScript files get generated

Screenshots image

Environment

Thank you for your help!

skovlund commented 1 year ago

I am unfortunately unable to reproduce your exact error. I can get Connecting to CRM... Unable to generate TypeScript files: Client could not authenticate. If the application user was just created, it might take a while before it is available. by providing an invalid secret. But I am not able to get the internal response from CRM, that begins with Invalid Login Information

From my perspective it seems more likely to be a connection issue than an issue with XrmDefinitelyTyped. Are you able to connect to CRM with your credentials in general (e.g. through XrmToolbox)?

Please note that the ClientSecret authentication method requires an App Registration in Azure as well as an Application User in CRM. And that is does not support having a username (which your bullet 4 and screenshots indicate you are trying to do). If you intend to authenticate with an actual user, you should be using the authentication method OAuth.

nathansom commented 1 year ago

Thank you for looking into this @skovlund . It was indeed an issue with the connection itself because I was able to connect with the CRM again after two weeks, using the same config as shown above.

Regarding XrmToolbox, I have never had any issues connecting to the CRM. I also developed my own library based on msal-node and that has never encountered any problem with OAuth authentication.

Speaking of OAuth, I was also unable to use OAuth method with XDT for any account outside my workplace's AAD tenant.