Tuesday, September 18, 2018

ID3242: The security token could not be authenticated or authorized.



When connecting to Microsoft Dynamics CRM from Console application C# was getting an error message “ID3242: The security token could not be authenticated or authorized”?

I recently had this issue when connecting to Microsoft Dynamics CRM configured with Active Directory Federation Services(ADFS).


My C# Code is simplified using Microsoft.Xrm.Tooling.Connector.dll

String connectionString = ConfigurationManager.ConnectionStrings[1].ConnectionString;
CrmServiceClient conn = new CrmServiceClient(connectionString);         

// Cast the proxy client to the IOrganizationService interface.
_orgService = (IOrganizationService)conn.OrganizationWebProxyClient != null ?
(IOrganizationService)conn.OrganizationWebProxyClient : (IOrganizationService)conn.OrganizationServiceProxy;

Guid orgId = ((WhoAmIResponse)_orgService.Execute(new WhoAmIRequest())).UserId;


My App.config Settings were

<add name="Server=CrmServerAddress, organization=CrmOrg, user=CrmAdminUser"
connectionString=   "Url=https://crmserveraddress/crmorg;
                     Domain=myDomain
                     Username=CrmAdminUser;
                     Password=*********;
authtype=IFD"/>


I could still access Dynamics CRM through the browser just fine but not from my console application.

To resolve the issue it was a very simple change. It seems that with the upgrade of ADFS it has now required the UPN (user principal name / MSDN – User Name Formats) login in order to authenticate. That is simply going from the domain login to the email address like this:

CrmAdminUser@myDomain.com

Another option that worked was to use the Down-Level logon name (Domain\username)

myDomain\CrmAdminUser

If you receive such an error while trying to connect Dynamic CRM from console C# application or anything else that consumes the Dynamics CRM services, change user name and maybe you’ll be back up and running a little quicker.

I hope this helps!


Thanks.
Vipin Jaiswal
vipinjaiswal12@gmail.com


No Microsoft Dynamics CRM user exists with the specified domain name and user ID





Posted by

1 comment:

VIshal Bagadia said...

Hello,

I have a slight different issue. But the error message is same. We have PingFederate for authentication between CRM and the console application.

In our case, console application connects to crm properly and does the required task. But almost after 30 minutes of processing, it fails by giving above mentioned error.

Any Idea??

17/12/20

Post a Comment

Subscribe to: Post Comments (Atom)