Tue, 06/28/2022 - 20:34 By Lloyd Sebag Contributor Lloyd Sebag

CrmServiceClient supported kind of authentication


As a Dynamics 365 or Dataverse developer, you need often to write custom code to work with your application. As you know, in order to use the API you should first be authenticated with D365. 

This article describes what are the different ways of authentication when working with Microsoft.Xrm.Tooling.Connector and its CrmServiceClient class. You can also check our article : Tutorial on how to connect step by step to D365 in C# that is showing hot to deal step by step with a C# connection.  

In fact, within this wonderful CrmServiceClient class, the underlaying complexity is hidden for you. This class encapsulates all the needed steps to support each type of auth. There are 6 supported type of authentication :

TYPE Description
AD Works only for on premise env or at least with NTLM/Kerberos WinAuth setup
IFD Works with an ADFS + IFD mode and a username password
OAUTH Can be used for both D365 online and on premise. But, for on premise ADFS 3.x+ and App\Client Id registration with ADFS is required
OFFICE365 Works only for D365 Cloud (Dataverse) envs

For each type you can build a connection string with dedicated parameters that will help to define the needed connection information. 

Then, you could simple use the few lines of code to instantiate your service and get authenticated to D365. Please find below a code snippet that illustrate how to deal with on premise connection. 

var crmSvc = new CrmServiceClient("AuthType=AD;Url=<CRM_URL>;Domain=<YOUR_DOMAIN>;Username=<USERNAME>;Password=<PASSWORD>");
var crmService = crmSvc.OrganizationServiceProxy != null ? crmSvc.OrganizationServiceProxy as IOrganizationService : crmSvc.OrganizationWebProxyClient;
var userId = (WhoAmIResponse)crmService.Execute(new WhoAmIRequest());
LogHelper.LogInformation("CRM Service OK user ID: " + userId.UserId);

You can follow this Microsoft documentation that will give you needed details to implement each type: here


It's very useful to know that the SDK supports and helps developer with different kind of authentication. It will allow the organizations to enforce or adapt their security model according the possibilities, for example by using a certificate instead of a username/password. 

In another hand, please note that if you have a deal with other kind of auth, more exotic or custom, that are imposed by your customers/organizations, it will be very difficult or sometimes impossible to make them work with those SDK options.

CrmServiceClient supported kind of authentication

Add new comment

Enter the characters shown in the image.