在 .NET 6 上通过 C# 代码访问 DataVerse 数据并对其运行 SQL 语句（Azure Function）

发布于 2025-01-11 14:04:28 字数 1078 浏览 7 评论 0原文

我正在云中使用 Dynamics365 CE。我正在尝试运行一些相当复杂的查询，这些查询是我作为 SQL 脚本构建的（使用 XrmToolBox 的精彩“SQL-4-CDS”插件）。

现在我知道我可以通过 TDS 端点连接到 Dataverse 数据存储（如果启用 - 在我的情况下），并且从 SSMS，它工作得很好：

Server Name    = myorg.crm4.dynamics.com,5558
Authentication = Azure Active Directory - Password
User Name      = my company e-mail

我可以连接到 Dataverse，并运行我的查询 - 一切都很棒。

现在我想对我正在编写的 C# 代码（在 .NET 6 上运行）执行相同的操作，最终应该成为一个 Azure 函数 - 所以它是一个“服务器到服务器”，后面 -场景，没有交互式登录上下文的场景。

我可以使用此连接字符串通过 TDS 端点连接到 Dataverse - 只要我以交互方式运行应用程序 - 就像我一样，在我的用户上下文中：

Server=myorg.crm4.dynamics.com,5558;Authentication=Active Directory Password;Database=my_dbname;User Id=my_email;Password=my_pwd;

但是 - 这不适用于服务器-到服务器“守护进程”式设置。

由于我使用 .NET 6（用于 Azure 函数），并且由于我想要运行一些自定义 SQL 语句，因此我无法使用“CRM XRM 客户端”工具（使用 IOrganizationService 类） - 我需要直接使用 ADO.NET - 我是否可以定义一个 ADO.NET 兼容的连接字符串，它将使用客户端 ID 和客户端密钥（我都可以使用）？

我已经为 Authentication=...... 设置尝试了很多值 - 但到目前为止没有一个有效。我可以在哪里找到此连接字符串参数支持的值的完整列表？

感谢您的帮助或指点！

原文

I'm working with Dynamics365 CE in the cloud. I'm trying to run some rather involved queries that I've built up as SQL scripts (using the wonderful "SQL-4-CDS" plugin for the XrmToolBox).

Now I know I can connect to the Dataverse data store through the TDS endpoint (if enabled - it is in my case), and from SSMS, it works just fine:

Server Name    = myorg.crm4.dynamics.com,5558
Authentication = Azure Active Directory - Password
User Name      = my company e-mail

I can connect to Dataverse, and run my queries - all is great.

Now I'd like to do the same from C# code (running on .NET 6) that I'm writing, that should end up being an Azure Function in the end - so it's a "server-to-server", behind-the-scenes, no interactive login context kind of scenario.

I can connect to Dataverse via the TDS endpoint using this connection string - as long as I'm running the app interactively - as me, in my user context:

Server=myorg.crm4.dynamics.com,5558;Authentication=Active Directory Password;Database=my_dbname;User Id=my_email;Password=my_pwd;

However - this won't work with a server-to-server "daemon"-style setup.

Since I'm using .NET 6 (for the Azure Function), and since I want to run some custom SQL statements, I cannot use the "CRM XRM Client" tooling (with the IOrganizationService classes) - I need to use straight ADO.NET - any idea would I could define an ADO.NET compatible connection string, that would use a Client ID and Client Secret (which I both have at my disposal)?

I've tried a great many values for the Authentication=...... setting - but none have worked so far. Any place I can find a complete list of the supported values for this connection string parameter?

Thanks for any help or pointers!

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

浅语花开 2025-01-18 14:04:28

我知道这是一个老问题，但如果它仍然对任何人有帮助：您应该能够使用 SqlConnection.AccessToken 属性，用于授权您连接到 TDS端点。要获取访问令牌，您需要使用您的应用程序用户客户端 ID 和获取令牌的秘密。

您还可以使用 SQL 4 CDS ADO.NET 提供程序 - 一次您已从 Dataverse SDK 创建了 ServiceClient，并将其传递给 Sql4CdsConnection 构造函数：

using var con = new Sql4CdsConnection(service);
using var cmd = con.CreateCommand();
cmd.CommandText = "SELECT ...";

I know it's an old question, but in case it's still helpful to anyone: you should be able to use the SqlConnection.AccessToken property to authorize your connection to the TDS Endpoint. To get the access token you'd need to use your application user client ID & secret to obtain the token.

You can also use the SQL 4 CDS ADO.NET provider - once you've created the ServiceClient from the Dataverse SDK, pass that to the Sql4CdsConnection constructor:

using var con = new Sql4CdsConnection(service);
using var cmd = con.CreateCommand();
cmd.CommandText = "SELECT ...";

回复收藏 0 原文

我乃一代侩神 2025-01-18 14:04:28

OP 没有说明为什么或如何交互地为他们工作，但我猜测这是因为他们能够输入一些额外的详细信息来满足 MFA 要求。
我建议尝试以非交互方式使用相同的连接字符串，但使用已从 MFA 要求中排除的登录名。
（TDS端点文档说只有Azure Active Directory身份验证有效......[更新]但clientsecret肯定可以通过代码工作，并且您不需要其他答案中提到的额外的Sql4Cds类。当我查看代码时它只是连接这样的东西：

using (SqlConnection sqlConn = new SqlConnection("server=" + crmConnection.CrmConnectOrgUriActual.Host))
          {
             sqlConn.AccessToken = crmConnection.CurrentAccessToken;
             sqlConn.Open();

仅供参考，我尝试使用应用程序密码通过 SSMS 进行连接，但这不起作用。）

The OP doesn't say why or how it works interactively for them, but my guess would be that it's because they're able to enter some extra details to satisfy an MFA requirement.
I would suggest trying non-interactively using the same connection string but with a login that's been excluded from MFA requirements.
(The TDS Endpoint documentation says that only Azure Active Directory authentication works.... [updated] but clientsecret definitely works from code, and you don't need the extra Sql4Cds class that's mentioned in the other answer. When I looked in the code it just connects something like this:

using (SqlConnection sqlConn = new SqlConnection("server=" + crmConnection.CrmConnectOrgUriActual.Host))
          {
             sqlConn.AccessToken = crmConnection.CurrentAccessToken;
             sqlConn.Open();

FYI, I tried using an app password to connect via SSMS and that didn't work.)

回复收藏 0 原文

甩你一脸翔 2025-01-18 14:04:28

可以直接从 MSAL 获取 TDS 终结点的令牌。这里只是简单的，根据需要填写常量，如果需要的话，这个 post 展示了如何缓存令牌并根据需要刷新。

如果范围未设置为 dataverse url，您将收到类似

指定租户标识符“授权”既不是有效的 DNS 名称，也不是有效的外部域的错误。

string dataverseUrl = "https://mycompany.crm3.dynamics.com";
string resourceId = dataverseUrl + "/";
string scopes = [$"{resourceId}/.default"]; //Yes it’s, double //
var authority = $"https://login.microsoftonline.com/{aadTenantId}";

var app = ConfidentialClientApplicationBuilder.Create(clientId)
.WithClientSecret(clientSecret)
.WithAuthority(new Uri(authority))
.Build();
var result = await app.AcquireTokenForClient(scopes).ExecuteAsync();

sqlConnectionString = $"Server={dataverseUrl.Replace("https://", "")};Database={database};Encrypt=True;TrustServerCertificate=False;Persist Security Info=False";

sqlConnection.ConnectionString = sqlConnectionString;
sqlConnection.AccessToken = result.AccessToken;

It's possible to get the token for the TDS Endpoint directly from MSAL. Bare bones here, fill in your constants as required, if you want, this post shows how to cache the token and refresh as necessary.

If the scope is not set to the dataverse url, you'll get an error like

Specified tenant identifier 'authorize' is neither a valid DNS name, nor a valid external domain.

string dataverseUrl = "https://mycompany.crm3.dynamics.com";
string resourceId = dataverseUrl + "/";
string scopes = [quot;{resourceId}/.default"]; //Yes it’s, double //
var authority = quot;https://login.microsoftonline.com/{aadTenantId}";

var app = ConfidentialClientApplicationBuilder.Create(clientId)
.WithClientSecret(clientSecret)
.WithAuthority(new Uri(authority))
.Build();
var result = await app.AcquireTokenForClient(scopes).ExecuteAsync();

sqlConnectionString = quot;Server={dataverseUrl.Replace("https://", "")};Database={database};Encrypt=True;TrustServerCertificate=False;Persist Security Info=False";

sqlConnection.ConnectionString = sqlConnectionString;
sqlConnection.AccessToken = result.AccessToken;

回复收藏 0 原文

~没有更多了~