Merge pull request #5699 from MicrosoftDocs/phecke-office365

Indicate OAuth is recommended

Author: phecke

powerapps-docs/developer/data-platform/TOC.yml

@@ -410,11 +410,11 @@
   - name: Authenticate apps and services with Microsoft Dataverse
     href: authentication.md
     items:
-    - name: .NET Framework applications
+    - name: Authenticating .NET applications
       href: authenticate-dot-net-framework.md
-    - name: Use OAuth
+    - name: Use OAuth authentication
       href: authenticate-oauth.md
-    - name: Use Office365 (WS-Trust)
+    - name: Use of Office365 (WS-Trust) authentication
       href: authenticate-office365-deprecation.md
   - name: "Tutorial: Register an app with Azure Active Directory"
     href: walkthrough-register-app-azure-active-directory.md

powerapps-docs/developer/data-platform/authenticate-dot-net-framework.md

@@ -1,8 +1,8 @@
 ---
-title: "Authenticating .NET Framework applications (Microsoft Dataverse) | Microsoft Docs" # Intent and product brand in a unique string of 43-59 chars including spaces
+title: "Authenticating .NET applications (Microsoft Dataverse) | Microsoft Docs" # Intent and product brand in a unique string of 43-59 chars including spaces
 description: "Provides an overview of .NET based application authentication with Microsoft Dataverse web services." # 115-145 characters including spaces. This abstract displays in the search result.
 ms.custom: ""
-ms.date: 03/23/2021
+ms.date: 01/06/2022
 ms.reviewer: "pehecke"
 ms.service: powerapps
 ms.topic: "article"
@@ -17,14 +17,15 @@ search.app:
   - D365CE
 ---
 
-# Authenticating .NET Framework applications
+# Authenticating .NET applications
 
-If you are using the .NET Framework when developing your application you can use classes within the [Xrm.Tooling](/dotnet/api/?view=dynamics-xrmtooling-ce-9) namespace to easily authenticate and connect to the Microsoft Dataverse web services.
+This topic provides guidance when developing applications coded and built using .NET.
 
-`Xrm.Tooling` classes in the SDK assemblies use the <xref:Microsoft.Xrm.Sdk.IOrganizationService> interface methods. This is the same style of programming used by plug-ins and workflow activities, making it one style that you can use everywhere for .NET Framework applications. We recommend using the <xref:Microsoft.Xrm.Tooling.Connector>.<xref:Microsoft.Xrm.Tooling.Connector.CrmServiceClient> class for web service connection.
+## .NET Framework applications
+
+If you are using the .NET Framework when developing your application you can use classes within the [Xrm.Tooling](/dotnet/api/) namespace to easily authenticate and connect to the Microsoft Dataverse web services.
 
-> [!NOTE]
-> You may find older code or samples using the low-level <xref:Microsoft.Xrm.Sdk.Client.OrganizationServiceProxy> or <xref:Microsoft.Xrm.Sdk.WebServiceClient.OrganizationWebProxyClient> classes. These remain supported and are not deprecated, but we recommend you use <xref:Microsoft.Xrm.Tooling.Connector.CrmServiceClient> for new .NET Framework client Applications.
+`Xrm.Tooling` classes in the SDK assemblies use the <xref:Microsoft.Xrm.Sdk.IOrganizationService> interface methods. This is the same style of programming used by plug-ins and workflow activities, making it one style that you can use everywhere for .NET Framework applications. We recommend using the <xref:Microsoft.Xrm.Tooling.Connector>.<xref:Microsoft.Xrm.Tooling.Connector.CrmServiceClient> class for web service connection.
 
 The `Xrm.Tooling` classes provide many benefits including:
 - You can define connection information using a connection string.
@@ -42,29 +43,26 @@ If you want to use the Web API, you can use the <xref:Microsoft.Xrm.Tooling.Conn
 More information: [Build Windows client applications using the XRM tools](xrm-tooling/build-windows-client-applications-xrm-tools.md)
 
 
-## .NET Framework versions
+### .NET Framework versions
 
-Use .NET Framework version 4.6.2 or higher when you create client applications. Only applications using Transport Level Security (TLS) 1.2 or better security can connect. TLS 1.2 is not the default protocol used by .NET Framework 4.5.2, but it is in .NET Framework 4.6.2.
+Use .NET Framework version 4.6.2 or higher when you create client applications. Only applications using Transport Level Security (TLS) 1.2 or better security can connect. TLS 1.2 is not the default protocol used by .NET Framework 4.5.2, but it is in .NET Framework 4.6.2 or later.
 
-> [!IMPORTANT]
-> The SDK APIs available in [Microsoft.CrmSdk.XrmTooling.CoreAssembly](https://www.nuget.org/packages/Microsoft.CrmSdk.XrmTooling.CoreAssembly/) and other "CrmSdk" NuGet packages do not support .NET Core code development.<p/>
-> **Known Issue with Visual Studio 2015**
->
-> When you are running your Visual Studio 2015 project/solution in debug mode, you may not be able to connect. This happens regardless of whether you are using a Target Framework of 4.6.2 or higher. This can occur because the Visual Studio hosting process is compiled against .NET 4.5 which means by default it does not support TLS 1.2. You can disable the Visual Studio hosting process as a work around.
->
-> Right-click on the name of your project in Visual Studio and then click **Properties**. On the **Debug** tab you can uncheck the **Enable the Visual Studio hosting process** option.
->
-> This only impacts the debug experience in VS 2015. This does not impact the binaries or executable that are built. The same issue does not occur in Visual Studio 2017.
-
-## .NET Framework applications without SDK assemblies
+### .NET Framework applications without using SDK assemblies
 
 If you prefer to not have a dependency on any SDK assemblies, you can also use the patterns described in [Use OAuth with Microsoft Dataverse](authenticate-oauth.md) without taking a dependency on any SDK assemblies. Without the SDK assemblies, you can only use the OData Restful web services (Web API and OData Global Discovery Service). The [Web API Data operations Samples (C#)](webapi/web-api-samples-csharp.md) demonstrate this approach.
 
+## .NET Core and .NET 6 applications
+
+The SDK APIs available in [Microsoft.CrmSdk.XrmTooling.CoreAssembly](https://www.nuget.org/packages/Microsoft.CrmSdk.XrmTooling.CoreAssembly/) and other "crmsdk" owned NuGet packages do not support .NET Core code development.
+
+For .NET Core application development there is a `DataverseServiceClient` class, currently in preview release, that is patterned after the `CrmServiceClient` class mentioned previously. You can download the [Microsoft.PowerPlatform.Dataverse.Client](https://www.nuget.org/packages/Microsoft.PowerPlatform.Dataverse.Client/) package from Nuget.org to begin using this new service client class in your applications. Documentation and sample code for the `DataverseServiceClient` and related classes will be made available in a future documentation release.
+
+To update existing .NET Framework based application code that uses `CrmServiceClient`, begin by substituting the `DataverseServiceClient` class for `CrmServiceClient` in your code. You will need to set the project type to build a .NET Core application, remove any .NET Framework specific references and NuGet packages, and then add the Microsoft.PowerPlatform.Dataverse.Client package to the project.
+
 ### See also
 
 [Authentication with Dataverse web services](authentication.md)<br />
 [Use OAuth with Dataverse](authenticate-oauth.md)
 
 
-
 [!INCLUDE[footer-include](../../includes/footer-banner.md)]

powerapps-docs/developer/data-platform/authenticate-office365-deprecation.md

@@ -1,8 +1,8 @@
 ---
-title: "Use Office365 authentication with Microsoft Dataverse (Microsoft Dataverse) | Microsoft Docs" # Intent and product brand in a unique string of 43-59 chars including spaces
+title: "Use of Office365 authentication with Microsoft Dataverse (Microsoft Dataverse) | Microsoft Docs" # Intent and product brand in a unique string of 43-59 chars including spaces
 description: "Describes deprecation of the WS-Trust security protocol and the code changes required in applications that use Office365 authentication."
 ms.custom: ""
-ms.date: 09/20/2021
+ms.date: 01/06/2022
 ms.reviewer: "pehecke"
 ms.service: powerapps
 ms.topic: "article"
@@ -17,18 +17,17 @@ search.app:
   - D365CE
 ---
 
-# Use Office365 authentication with Microsoft Dataverse
+# Use of Office365 authentication with Microsoft Dataverse
 
-Use of the WS-Trust authentication security protocol when connecting to Microsoft Dataverse is no longer recommended and has been deprecated; see the [announcement](/power-platform/important-changes-coming#deprecation-of-office365-authentication-type-and-organizationserviceproxy-class-for-connecting-to-dataverse).
-
-Additionally, the WS-Trust protocol does not support modern forms of multi-factor authentication and Azure AD Conditional Access controls to customer data.
+> [!IMPORTANT]
+> Use of the WS-Trust (Office365) authentication security protocol when connecting to Microsoft Dataverse is no longer recommended and has been deprecated; see the [announcement](/power-platform/important-changes-coming#deprecation-of-office365-authentication-type-and-organizationserviceproxy-class-for-connecting-to-dataverse).<p/>
+> Additionally, the WS-Trust protocol does not support modern forms of multi-factor authentication and Azure AD Conditional Access controls to customer data.
 
-This change impacts custom client applications that use “Office365” authentication and the
+This document describes the impact to and required authentication code changes for custom client applications that use “Office365” authentication and the
 [Microsoft.Xrm.Sdk.Client.OrganizationServiceProxy](/dotnet/api/microsoft.xrm.sdk.client.organizationserviceproxy) or
 [Microsoft.Xrm.Tooling.Connector.CrmServiceClient](/dotnet/api/microsoft.xrm.tooling.connector.crmserviceclient)
 classes. If your applications use this type of authentication protocol and API,
-continue reading below to learn more about the recommended authentication
-changes to be made to your application’s code.
+continue reading below to learn more about the recommended authentication changes to be made to your application’s code.
 
 ## How do I know if my code or application is using WS-Trust?
 
@@ -50,9 +49,9 @@ using (OrganizationServiceProxy organizationServiceProxy =
 { ... }
 ```
 
-- If you are using the `OrganizationServiceProxy` class at all in your code, you are using WS-Trust.
+- If your code uses the `OrganizationServiceProxy` class at all, you are using WS-Trust.
 
-- If you are using [CrmServiceClient](/dotnet/api/microsoft.xrm.tooling.connector.crmserviceclient).`OrganizationServiceProxy` in your code, you are using WS-Trust.
+- If your code is using [CrmServiceClient](/dotnet/api/microsoft.xrm.tooling.connector.crmserviceclient).`OrganizationServiceProxy`, you are using WS-Trust.
 
 ## What should I do to fix my application code if affected?
 
@@ -61,7 +60,7 @@ the recommended connection interface for authentication with Dataverse.
 
 - If your code uses an [Microsoft.Xrm.Sdk.Client.OrganizationServiceProxy](/dotnet/api/microsoft.xrm.sdk.client.organizationserviceproxy) instance:
 
-  If you are passing the `OrganizationServiceProxy` instance around to various methods, or returning the instance from a method, replace all occurrences of the type `OrganizationServiceProxy` with the [IOrganizationService](/dotnet/api/microsoft.xrm.sdk.iorganizationservice?view=dynamics-general-ce-9) interface. This interface exposes all the core methods used to communicate with Dataverse.
+  If you are passing the `OrganizationServiceProxy` instance around to various methods, or returning the instance from a method, replace all occurrences of the type `OrganizationServiceProxy` with the [IOrganizationService](/dotnet/api/microsoft.xrm.sdk.iorganizationservice) interface. This interface exposes all the core methods used to communicate with Dataverse.
 
   When invoking the constructor, it is recommend you add the NuGet package [Microsoft.CrmSdk.XrmTooling.CoreAssembly](https://www.nuget.org/packages/Microsoft.CrmSdk.XrmTooling.CoreAssembly/) to your project and replace all use of `OrganizationServiceProxy` class constructors with [CrmServiceClient](/dotnet/api/microsoft.xrm.tooling.connector.crmserviceclient) class constructors. You will need to alter your coding pattern here, however, for simplicity `CrmServiceClient` supports connection strings in addition to complex constructors and the ability to provide external authentication handlers. `CrmServiceClient` implements `IOrganizationService`, therefore your new authentication code will be portable to the rest of your application code. You can find examples on the use of `CrmServiceClient` in the [PowerApps-Samples](https://github.com/microsoft/PowerApps-Samples/tree/master/cds/orgsvc/C%23) repository.
 
@@ -71,7 +70,7 @@ the recommended connection interface for authentication with Dataverse.
 
     `connectionString = "AuthType=Office365;Username=jsmith@contoso.onmicrosoft.com;Password=passcode;Url=https://contoso.crm.dynamics.com"`
 
-    Similarly, you could also use a `CrmServiceClient` constructor and pass in `AuthType.Office365`.
+    Similarly, you could also be using a `CrmServiceClient` constructor and pass in `AuthType.Office365`.
 
     You have two options for dealing with this.<p/>
 
@@ -85,15 +84,15 @@ the recommended connection interface for authentication with Dataverse.
 
         The AppId and RedirectUri provided above are examples of working application registration values. These values work everywhere our online services are deployed. However, they are provided here as examples and you are encouraged to [create your own application registration](walkthrough-register-app-azure-active-directory.md) in Azure Active Directory (Azure AD) for applications running in your tenant. Use your Username, Password, and Dataverse environment URL values in the connection string along with the RedirectUri and AppId you obtain from your Azure app registration.<p/>
 
-    - When we announce it, update to the latest [Microsoft.CrmSdk.XrmTooling.CoreAssembly](https://www.nuget.org/packages/Microsoft.CrmSdk.XrmTooling.CoreAssembly/) NuGet package that includes auto redirect support. This library will redirect an authentication type of Office365 to OAuth and use the example AppId and Redirect URI automatically. This capability is planned for the 9.2.x version of the Microsoft.CrmSdk.XrmTooling.CoreAssembly package.
+    - When we announce it, update to the latest [Microsoft.CrmSdk.XrmTooling.CoreAssembly](https://www.nuget.org/packages/Microsoft.CrmSdk.XrmTooling.CoreAssembly/) NuGet package that includes auto redirect support. This library will redirect an authentication type of "Office365" to "OAuth" and use the example AppId and Redirect URI automatically. This capability is planned for the 9.2.x version of the Microsoft.CrmSdk.XrmTooling.CoreAssembly package.
 
 - If you are accessing the [CrmServiceClient](/dotnet/api/microsoft.xrm.tooling.connector.crmserviceclient).`OrganizationServiceProxy` property:
 
      Remove all use of that property in your code. `CrmServiceClient` implements `IOrganizationService` and exposes everything that is settable for the organization service proxy.
 
 > [!IMPORTANT]
 > Regarding not being able to login using User ID/Password even if using OAuth: if your tenant and user is configured in Azure Active Directory for conditional access and/or Multi-Factor Authentication is required, you will not be able to use user ID/password flows in a non-interactive form at all. For those situations, you must use a Service Principal user to authenticate with Dataverse.<p/>
-To do this, you must first register the application user (Service Principal) in Azure Active Directory. You can find out how to do this [here](/azure/active-directory/develop/howto-create-service-principal-portal). During application registration you will need to create that user in Dataverse and grant permissions. Those permissions can either be granted directly or indirectly by adding the application user to a team which has been granted permissions in Dataverse. You can find more information on how to set up an application user to authenticate with Dataverse [here](./use-single-tenant-server-server-authentication.md).
+To do this, you must first register the application user (Service Principal) in Azure Active Directory. You can find out how to do this [here](/azure/active-directory/develop/howto-create-service-principal-portal). During application registration you will need to create that user in Dataverse and grant permissions. Those permissions can either be granted directly or indirectly by adding the application user to a team which has been granted permissions in Dataverse. You can find more information on how to set up an unlicensed "application user" to authenticate with Dataverse [here](./use-single-tenant-server-server-authentication.md).
 
 ## Need help?
 

powerapps-docs/developer/data-platform/authentication.md

@@ -2,7 +2,7 @@
 title: "Authenticate with Microsoft Dataverse web services (Dataverse) | Microsoft Docs" # Intent and product brand in a unique string of 43-59 chars including spaces
 description: "Introduces authentication options that depend on the software framework you use." # 115-145 characters including spaces. This abstract displays in the search result.
 ms.custom: ""
-ms.date: 03/23/2021
+ms.date: 01/06/2022
 ms.reviewer: "pehecke"
 ms.service: powerapps
 ms.topic: "article"
@@ -23,9 +23,9 @@ How you authenticate depends on the software framework you use and which web ser
 
 ## .NET Framework applications
 
-If your client application uses the .NET Framework, you have two options:
+If your client application uses the .NET Framework, you have two authentication options:
 
-- OAuth
+- OAuth (recommended)
 - Microsoft 365
 
 ### OAuth
@@ -41,16 +41,18 @@ More information: [Use OAuth with Dataverse](authenticate-oauth.md)
 
 ### Microsoft 365
 
-Microsoft 365 authentication requires using the .NET Framework SDK assemblies with the SOAP web services only.
+Microsoft 365 authentication (referred to as Office365 in code) requires using the .NET Framework SDK assemblies with the SOAP web services only.
 
 Using Microsoft 365 authentication does not require that your register your applications as OAuth does. You must simply provide a User Principal Name (UPN) and password for a valid user.
 
-More information: [Authentication with .NET Framework applications](authenticate-dot-net-framework.md), [Use of Microsoft 365 authentication with the WS-Trust security protocol](authenticate-office365-deprecation.md)
+More information: [Authentication with .NET Framework applications](authenticate-dot-net-framework.md)
+
+> [!IMPORTANT]
+> Microsoft 365 authentication for Dataverse is deprecated. More information: [Use of Office365 authentication with Microsoft Dataverse](authenticate-office365-deprecation.md)
 
 ## All other software frameworks
 
-If you are using anything other than .NET Framework, you must authenticate using OAuth and you must use the OData RESTful 
-web services (Web API and OData global Discovery service).
+If you are using anything other than .NET Framework, you must authenticate using OAuth and you must use the OData RESTful web services (Web API and OData global Discovery service).
 
 More information:  [Use OAuth with Dataverse](authenticate-oauth.md)
 

powerapps-docs/developer/data-platform/xrm-tooling/sample-simplified-connection-quick-start.md

@@ -46,9 +46,18 @@ The following shows a sample `app.config file`. To use this, remove the comment
 <?xml version="1.0" encoding="utf-8"?>  
 <configuration>  
   <connectionStrings>  
-    <!-- Online using Microsoft 365 -->  
-    <!-- <add name="Server=CRM Online, organization=contoso, user=someone"  
-         connectionString="Url=https://contoso.crm.dynamics.com; [email protected]; Password=password; authtype=Office365"/> -->  
+
+  <!--<add name="Connect"
+  connectionString="
+  AuthType=OAuth;
+  [email protected];
+  Url=https://contosotest.crm.dynamics.com;
+  Password=passcode;
+  AppId=51f81489-12ee-4a9e-aaae-a2591f45987d;
+  RedirectUri=app://58145B91-0C36-4500-8554-080854F2AC97;
+  TokenCacheStorePath=d:\MyTokenCache;
+  LoginPrompt=Auto"/>-->
+
   </connectionStrings>  
   <startup>  
     <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.2" />