Authentications
Authentication types
DynamicWeb 10 supports the following methods of authentication to a remote system.
OAuth 2.0 S2S
The recommended way to authenticate access to an OData endpoint is to use Service-to-Service authorization (S2S), where your DynamicWeb solution is authorized access directly to the remote system.
An S2S authentication between DynamicWeb and a remote system allows you to configure required permission on an application level as opposed to a User impersonation authentication, where the permissions reflect the permissions of a given user.
Service-to-service OAuth takes a ClientID, a TenantID and a Client secret of a Microsoft Entra (formerly known as Azure Active Directory) app registration and exchanges access tokens in the background and independently of user credentials. Check out our S2S guide to learn more about adding such as an authentication for Dynamics 365 Business Central, CRM or F&O.
OAuth 2.0 User impersonation
Just like an S2S OAuth, a User impersonation setup requires a TenantID, a Client ID and a ClientSecret from a Microsoft Entra application, but in addition to these, an access token is required to authorize access to the remote system. Access tokens are obtained via the credentials of a user in the remote system and the authorization will thus mirror the permissions tied to that exact user.
You can read more about how to establish OAuth for the systems currently supported in DynamicWeb in these setup guides:
- D365 Business Central OAuth user impersonation guide
- D365 CRM OAuth user impersonation guide
- Finance & Operations OAuth user impersonation guide
The differences between S2S and user impersonation OAuth is outlined further in this Microsoft learn article.
Bearer token
A Bearer token authentication is useful when you already have a working solution for requesting and receiving OAuth tokens from a remote system. This could for instance be a Postman setup or another DynamicWeb solution. In this case you can simply paste your token into the bearer token field and quickly authenticate access. Bearer tokens though, are not refreshed silently, so a pasted token will only last for one hour after login or renewal.
Basic
Use a Basic authentication when the remote system requires only a User name and a password.
NTLM
NTLM is an authentication protocol used in windows networks. It allows you to provide a domain and windows user to access endpoints within the same network as the Dynamics ERP system. This is useful in development and on premise scenarios.
Authentication setup guides
- S2S setup guide (BC, F&O, CRM)
- OAuth 2.0 for Business Central (user impersonation)
- OAuth 2.0 for CRM (user impersonation)
- OAuth 2.0 for F&O (user impersonation)