Handling MFA connections to Dynamics 365
In the first part of this multi-part series of articles about creating connections in LINQPad to Dynamics 365 online, I went through the basic steps needed to create an OrganizationService connection in your LINQPad script.
In this second article, I will explain how to proceed if your account is additionally protected by Multi-Factor Authentication (MFA). When using MFA to authenticate against Dynamics 365, you are prompted to authenticate with an additional token, such as a code sent via text message or an authenticator app. In order to avoid having to repeatedly authenticate this way you can use an Azure App Registration so that connections made from LINQPad are pre-authenticated. First of all you have to create an App Registration in Azure which will allow you to register your ‘App’ (in this case your connection from LINQPad with Azure Active Directory). Log into the Azure Portal and open the App Registrations blade. You will see a screen like this:
Give your app registration a name, and provide a ‘Redirect URI’. For our purposes, this does not need to be a real URI, but it must be in the format of a real URI.
Click Register and you’ll be taken to a page like this:
You will use the Application (client) ID as part of your connection string.
Make the following amendments to your connection string in your LINQPad script:
- Change AuthType from Office365 to OAuth;
- Add the following additional parameters:
- AppId: This should be the token you copied from the Azure Portal.
- RedirectUri: This should be the Redirect URI you entered when setting up the App Registration.
- TokenCacheStorePath: The path to a location on your computer where a token will be stored after the first successful login, such as C:\temp\LinqPadOauth\cache.txt This will be used as the location in which the authentication token is stored so that you do not need to enter your credentials every time you log in.
- Remove the Password parameter altogether.
Your connection string should now look something like this:
Running our script again, we should now get prompted once to enter our password and MFA token, but after that our credentials will be cached and we will not be prompted to enter our password again.
However, you will see that our connection generates an awful lot of diagnostic output, which can make it difficult to see what’s going on….
Luckily, there is a way to suppress all of this diagnostic information. Add this line to your code, and you will get a nice clean output again:
In the next article in the series, I’ll show you how you can encapsulate all of this code into a method so that you can easily create a connection in LINQPad by just typing a single line of code.