Hi Folks,
Microsoft had recently announced on docs.microsoft.com that using WS-Trust authentication security protocol to connect to your Common Data Service had been deprecated.
So what does this mean??
Firstly you need to note that this only applies to client applications that connect to CDS.
It does not impact your custom plug-ins, workflow activities, or on-premises/IFD service connections.
Below are the places where you need to replace them…
If your code uses Username & Password for authenticating with Common Data Service or an application, you are likely using the WS-Trust security protocol.
- If you are using the OrganizationServiceProxy class at all in your code, you are using WS-Trust.
- If you are using CrmServiceClient.OrganizationServiceProxy in your code, you are using WS-Trust.
Check the following:
- If your client applications using Microsoft.Xrm.Sdk.Client.OrganizationServiceProxy:
Action Required:
Replace all occurrences of the type OrganizationServiceProxy with the IOrganizationService interface
2. using CrmServiceClient with the “Office365” authentication type:
Action Required:
Switch over to using an OAuth based connection string, Note that LoginPrompt can be set to “never” to simulate the way that the Office 365 behavior worked. Please note that the App ID and Redirect URI should be created in AAD in your tenant.
Few points to note before we conclude:
- An update to Microsoft.CrmSdk.XrmTooling.CoreAssembly is available for download through NuGet package that includes auto redirect support. This library will redirect an authentication type of Office365 to OAuth.
- If you were not able to login even using OAuth, check if MultiFactor Authentication/conditional access is enabled, if so consider registering application user (Service Principal) in Azure Active Directory.
References:
CDS/CRM SDK – WS-Trust auth and OrganizationServiceProxy Deprecated
Use of Office365 authentication with the WS-Trust security protocol
If you still have issue, don’t hesitate to comment here…or reach to community using this link…
Cheers,
PMDY
Discover more from ECELLORS CRM Blog
Subscribe to get the latest posts sent to your email.
ECELLORS CRM Blog 
Hi,
does “on-premises/IFD service connections” mean that WS-Trust deprecation won’t affect on-premise Dynamics CRM instances?
LikeLike
Yes, it doesn’t effect your On Premise Dynamics Connections….
LikeLike
Thank you so much Pavan for your response.
I will make the changes in the code accordingly.
I have a question – are these deprecations applicable to the on-premise/IFD CRM instances also OR only for online instances ?
I have CRM customers – with version 2015/2016/Dynmics 365 – online and on-premise both.
LikeLike
Thank you Pavan for this post.
I am using the OrganizationServiceProxy in the console connector in C# to connect the on-premise/online MS Dynamics customers having versions 2015, 2016, Dynamics 365. (The code follows the way mentioned here – https://arunpotti.com/2014/12/09/connect-to-crm-online-or-on-premise-using-c/).
Do you think I need to change the code? I am a little confused.
I am still using the username and password for authentication in my connector even for the Dynamics 365 online instances.
Will the code does not work after March/April 2020? I am also using the Discovery service as well. That is also deprecated.
Please help me out with these questions.
LikeLike
Hi Ms Learner,
I understand that you have an already having an existing subscription. So here is the timeline from Microsoft. Yes you need to migrate.
1.Effective April 2022, the authentication protocol will be retired for all new and existing environments within a tenant.
2.Discovery service will be supported until until March 1, 2021.
Please refer to this page..https://docs.microsoft.com/en-us/power-platform/important-changes-coming#deprecation-of-office365-authentication-type-and-organizationserviceproxy-class-for-connecting-to-common-data-service
Let me know if you have any questions..
Thank you.
LikeLike