Javascript integration from browser

[GregPartner]

Please provide a sample Javascript application for integrations to Dynamics 365 For operations and documentation, along side with this github project, Partners and customers need to be able to query OData and webservices from within a webbrowser, with quick authentication and no CORS issues

Thanks

[erotundo]

Hi.

You can use the Http request from Javascript to get session token from Azure Active directory and later make another call with Authorization parameter with odata query to get information from dynamics 365

I have a example in Java or you can search in AzureAD GitHub the example of Java Native connection using username and password or open connect if you have secret app token to get session value

I hope this information works for you

Regards

Eduardo Rotundo

On Fri, Jul 14, 2017, 7:55 AM GregPartner notifications@github.com wrote:

Please provide a sample Javascript application for integrations to Dynamics 365 For operations and documentation, along side with this github project, Partners and customers need to be able to query OData and webservices from within a webbrowser, with quick authentication and no CORS issues

Thanks

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/Microsoft/Dynamics-AX-Integration/issues/28, or mute the thread https://github.com/notifications/unsubscribe-auth/AEHPMPDV3Ss0bpEuV7qkXaf-c3zCWVsHks5sNwLqgaJpZM4OX27t .

[GregPartner]

Hi Eduardo,

Thanks for your answer,

I’m afraid this is a bit harder than it looks like, we have tried to do such implementation, without luck, while we have multiple such integrations in .Net and Java already fully working.

We also have a ticket opened with Support about this, and it’s the support engineer who recommended to create this request for documentation: [REG:117062915970968] Access OData via Javascript: Issue with cors

The authentication through AAD is not an issue, it’s the CORS that prevents traffic through, and as CORS is browser related, such issue would not happen in Java, nor does it happen in any other language that we currently have success with.

The issue is only for Javascript, and I mean for Javascript running inside the browser. Examples in Node.js or azure functions would also not have such issue.

At the moment, we’re still struggling to get a satisfying answer from Microsoft on how to achieve this, and we’re hoping for speedy resolution as always. We would really hope such documentation is added alongside Dynamics-AX-Integration as we believe querying oData and services from a web browser is supported, as does the Word/Excel standard add-ins, for example.

[travelingspace]

@GregPartner Did you ever solve this??? I have tried everything I can think of as well and can't solve the issue within a single page application (javascript).

Thought I was going crazy. I've started a different approach with creating a C# backend to authenticate and wrap the calls.

[erotundo]

Hi @GregPartner !

I saw it.... so in this case i don't know if the solution of CRM remote communication Works in this point.

I'm imagine you saw this post before

https://community.dynamics.com/crm/b/mscrmshop/archive/2016/01/31/crm-web-api-and-cors-support

The step of manifest in the register of web app in Azure

Sorry for not help to you a lot

Regards,

Eduardo

[GregPartner]

Hi houckster,

There is actually 2 issues, and they also drive me crazy, been trying to get some help from MS since June without luck.

The 2 issues: CORS & Multiple tenants, and to my knowledge, another backend in non browser is the current only way to solve this, even though I'm still trying to get this resolved and have escalated this issue in a political matter now:

CORS: You can fix this easily for all DEV and TEST environment topology by changing global.asax file in J:\AosService\WebRoot by adding HTTP headers that will allow your site to answer CORS requests:

Here is my sample file that will allow 2 websites in (Live and Dev)

`<%@ Application Codebehind="Global.asax.cs" Inherits="Microsoft.Dynamics.Ax.AosWeb.Global" Language="C#" %>

` Please note you can attach your debugger to w3p and add the commented line System.Diagnostics.Debugger.Break(); And your debugger will stop there to help you monitor That will allow your traffic to go through on all non Live environments.... Which is obviously not satisfying. Another solution that would work in Live and for IE only, but I really don't recommend this approach, would be to add your site to the list of trusted websites and to go to Internet Options\Security Level\Trusted Websites\Custom Level\Miscellaneous and enable 'Access data sources across domains'.... But on a large scale and with our type of users, and with multiple browsers requirement, it's just not an option for us. The support engineer recommended that we use the global.asax file said we could later organise an LCS service request to get the global.asax file moved to production. Let me stop you right there, our request was denied, because : _'unfortunately this is not something our product team will agree to do. Going with a custom config file is not a serviceable solution and not something they are willing to accept and do. '_ Next, MS said that _'. There is an open DCR (Design Change Request) to allow for this in PROD but there is not exact timeframe as to when this would be done. The hopes right now would be that this is added in the Q1 2018 timeframe but at this time we do '_ Which to me, means that it might never happen, and MS has been reluctant to share with me what this DCR contains, so I don't even know if this is going to fix my issue at all, but I believe this means they will add an option in LCS to help us enable CORS... Bottom line, you can query OData and services from any language and from anywhere, but from JS, you just can't, period The next issue I have been facing is with authentication, there is no option to authenticate from multi-tenants, and I have tried everything here as well. I have a flow that works well on our tenant, with an email from our tenant, but no other (even though the user is sysadmin in AX), I have the same flow on a customer tenant, where I can do everything with my customer tenant email, but not with my partner email (even though the user is sysadmin in AX), I have the same issue if I use ADAL.JS or Office-helpers-js, 2 authentication libraries. MS are also fully aware of this, and before anyone asks, yes our AAD app is set for multi-tenant I'll update the yammer page when I know more, but I don't expect any speedy resolution here, as I have been following those 2 very closely since June. https://www.yammer.com/dynamicsaxfeedbackprograms/#/Threads/show?threadId=721826984&search_origin=global&scoring=linear1Y-prankie-group-private-higher&match=any-exact&search_sort=relevance&page=1&search=CORS Good luck

[GregPartner]

Hi Erotundo,

Thanks again for your reply, once again, this is not so simple, this solution is for CRM, no D365FO, and it doesn't work for us, as support acknowledged.

Can you please publish a working sample, that works for multi-tenant?

I don't believe there is one, and I expect JS to be supported for OData and services.

[travelingspace]

@GregPartner Well thanks for the validation at least. Now I know it's not something I couldn't figure out, it's something that the application does not support (though it totally should!). Thanks for doing the leg work and for posting such a detailed response. Yes, I'm going to try the route of a C# web api which I CAN call to from a SPA.

[GregPartner]

I believe there is another issue down this path, I might be wrong, but, instead of using implicit grant flow auth, you end up using code grant flow auth, and therefore it's now longer the user being identified, but the application, and therefore you will lose the information about the real user performing the request:

In the implicit grant flow, you would get your created/modified by fields set to the real user, the one who entered his credentials in the Auth popup

In the code grant flow, you would get the user set for this AAD app in your System administration > Setup > Azure Active Directory applications

So also not an option for our model ;(

[travelingspace]

@GregPartner Yes - you are correct. The OData calls will be performed by a system account in my application. You could still have the user authenticate with Azure AD, grab their domain user ID and then pass the ID as a variable to the back-end to lookup the system user ID in D365. Once you have that you could at least transfer ownership of records created. Not ideal, in any case.

[travelingspace]

@GregPartner Have you seen this? I couldn't get the sample to work, but it was interesting: http://axtoday.blogspot.com/2017/08/accessing-dynamics-365-for-operations_17.html

[GregPartner]

I know and use Postman, but this is no help for accessing OData/Services from a SPA, or any website The main issue is CORS, and CORS only applies from within a Browser, which Postman is not, so this is like getting OData from any app, but not from SPA

The Word/Excel Addin feature can access OData, but they have a trick, they don't contact AX directly, they perform a request to WebRoot\OfficeApps\Public, another local internal website that is responsible for passing OData & Services down to the Office Addins... You can check how this works by using the F12 Debugger on W10 (C:\Windows\System32\F12\F12Chooser.exe), when running their Addins. This is what MS calls a 'First Party' application, and it seems that like me, you can only write 'Third Party' apps...

Your approach is correct, and unfortunately, there is no API for code grant auth in JS, so you still require the intermediate backend service to communicate between your SPA and AX.

Hope this helps,

[travelingspace]

@GregPartner - Just stumbled upon this again. Did MSFT ever give you any update update CORS on the D365FO servers yet? Is it even on the road map? I'm guessing not because they want us to move to using Power Apps.... and the new model driven feature.

[GregPartner]

Last I heard from MS is : There is an open DCR (Design Change Request) to allow for this in PROD but there is not exact timeframe as to when this would be done. The hopes right now would be that this is added in the Q1 2018 timeframe but at this time we do '

Q1 timeframe has passed and I believe the support case has been closed a while ago,

I have moved on, we could have had a great app for D365FO, but ...

[marval]

@GregPartner, is there a way to "vote" for this issue to be resolved by Microsoft?

[GregPartner]

I never found a way to get real acceptable answer, and gave up after I realized there was no traction from MS or my company.

That being said, the Q1 2018 timeframe has expired, and the DCR might be completed, but I haven't seen anything related in the LCS / D365FO release notes

I still believe there should be a 'political' way to fix this, as I kept hearing MS wanted to remove all limitations that prevent us from 'creating apps for D365FO', but I haven't reached the appropriate audience through support, yammer, github, D365FO conferences, and believe me, I tried...

I moved on, and unless you got this kind of access, I'm afraid you'll have to do the same.

Good luck

[jonsnowax]

is CORS support available now from java script?