I had a scenario where the customer was running integrations by connecting to Sharepoint with a user account. When they later turned on MFA, their integration stopped working (obviously) since there is no way for an application running with user credentials to authenticate with MFA.
So Ajit Patra demonstrates how you can can call Sharepint api from Dynamics by creating an app in Sharepoint and connect with the apps clientid and secret. I wanted to show how one can set up an app registration in Azure, give the app Sharepoint permissions and then authenticate to this app from webhook and call a Sharepoint-api. The main benefit being that you can centralize and have all apps in Azure. I will be following the documentation by microsoft when setting this up.
A small side note:
I wanted to make the authentication calls from a plugin in Dynamics, but because of plugin limitations I was unable to run the Cryptographic methods needed to authenticate with a certificate to the App in Azure. So instead I will use a webhook and send the call to an Azure function and then use the ActiveDirectory-library to get access token.
Set up App registration
So first thing first. Log in to portal.azure.com and set up a new App registration, this area is covered a lot, so I won’t get into it. Next go to API permission in the App and press “+ Add a permission”-button.
Here you need to select Sharepoint and then Application Permission. Lastly you need to specify which Sharepoint-permissions you want to give to your app and grant the consent for these permissions.
Create a self signed Certificate
Next we need to create a self signed certificate, this certificate will be passed a long when we make the calls from our Azure function to the service proider in order to authenticate ourself. When we have done this we will recieve a access token which will give us permissions to make calls to Sharepoint on behalf of the app we created and with the permissions that we gave the app.
So we open a power shell instance and make sure we run it as administrator. Then we paste the long code segment from the documentation inside our power shell window and you get prompted to enter a few values needed to create the self signed certificate. When everything is done hit enter and the script will generate a “.cer”-file and a “.pfx”-file.
Finally we need to add the “.cer”-file to the app in Azure. This is done under the side bar tab clients and certificates. Here we press the “upload certificate”-button and select our “.cer”-file. Now everything is done on the configuration side (well more or less). Lets code!
Call the API from webhook
There are a lot of good guides on how to set up an Azure function, the easiest way for me is from inside Visual Studio. Just create a new project and select Azure Function as template. I have created a simple Azure function which you also can check out on my github.
First we need to add a resx-file to the project. So we hit properties of project and press Resources. Press Add Existing file and select the “.pfx”-file.
Below is the code for the Azure function. We call the App to get a token and then use the token to make Calls to Sharepoint.
Lastly, once you have the azure function published, make sure to register the webhook using the Plugin Registration tool and register a step to trigger the webhook on SDK-messages in Dynamics.
Voila, now you can make api-calls to Sharepoint based on events in Dynamics.
Link to the github-repo is here.
I have now demonstrated how you can make calls to Sharepoint based on sdk-messages in Dynamics. Ideally I would love if you could make these calls from within plugin. Because of System.Security.SecurityException when using Cryptographic functions in plugin I was not able to make the call from inside plugin. I anybody knows a solution to this, please let me know. But using a webhook we still get to bring the executionContext to Azure function and from here we can call the Sharepoint API.
I hope you found this topic intresting!
Feel free to contact me and have a good day!