C# Code · Customization and Configuration

Office365 authentication type and OrganizationServiceProxy class for connecting to Common Data Service Deprecated

Use of the WS-Trust authentication security protocol when connecting to Common Data Service is no longer recommended and has been deprecated.

This change impacts custom client applications that use “Office365” authentication and the Microsoft.Xrm.Sdk.Client.OrganizationServiceProxy or Microsoft.Xrm.Tooling.Connector.CrmServiceClient classes.

How do You know If your code is using WS-Trust authentication?

When using the CrmServiceClient class with a connection string:

connectionString="AuthType=Office365; Username=username@company.onmicrosoft.com;Password=passcode;Url=https://yourOrg.crm.dynamics.com"

When using OrganizationServiceProxy class constructors:

using (OrganizationServiceProxy organizationServiceProxy = new OrganizationServiceProxy(serviceManagement, clientCredentials) { … }

How do you fix this in your Application?

public static void ConnectToMSCRM(string UserName, string Password, string SoapOrgServiceUri)
                ClientCredentials credentials = new ClientCredentials();
                credentials.UserName.UserName = UserName;
                credentials.UserName.Password = Password;
                Uri serviceUri = new Uri(SoapOrgServiceUri);
                ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
                OrganizationServiceProxy proxy = new OrganizationServiceProxy(serviceUri, null, credentials, null);
                _orgservice = (IOrganizationService)proxy;
            catch (Exception ex)
                Console.WriteLine("Error while connecting to CRM " + ex.Message);
  • If your code uses an Microsoft.Xrm.Sdk.Client.OrganizationServiceProxy instance:If you are passing the OrganizationServiceProxy instance around to various methods, or returning the instance from a function, replace all occurrences of the type OrganizationServiceProxy with the IOrganizationService interface. This interface exposes all the core methods used to communicate with Common Data Service.When invoking the constructor, it is recommend you add the NuGet package Microsoft.CrmSdk.XrmTooling.CoreAssembly to your project and replace all use of OrganizationServiceProxy class constructors with CrmServiceClient class constructors. You will need to alter your coding pattern here, however, for simplicity CrmServiceClient supports connection strings in addition to complex constructors and the ability to provide external authentication handlers. CrmServiceClient implements IOrganizationService, therefore your new authentication code will be portable to the rest of your application code. You can find examples on the use of CrmServiceClient in the PowerApps-Samples repository.
  • If your code is using CrmServiceClient with the “Office365” authentication type:An example of this is a connections string that looks like this:connectionString = "AuthType=Office365;Username=jsmith@contoso.onmicrosoft.com;Password=passcode;Url=https://contoso.crm.dynamics.com"Similarly, you could also use a CrmServiceClient constructor and pass in AuthType.Office365.You have two options for dealing with this.
    • Switch over to using an OAuth based connection string. Such connection string looks like this:connectionString = "AuthType=OAuth;Username=jsmith@contoso.onmicrosoft.com; Password=passcode;Url=https://contosotest.crm.dynamics.com;AppId=51f81489-12ee-4a9e-aaae-a2591f45987d; RedirectUri=app://58145B91-0C36-4500-8554-080854F2AC97;LoginPrompt=Auto"This will be your fastest way to update the code. Note that LoginPrompt can be set to “never” to simulate the way that the Office 365 behavior worked.The AppId and RedirectUri provided above are examples of working application registration values. These values work everywhere our online services are deployed. However, they are provided here as examples and you are encouraged to create your own application registration in Azure Active Directory (AAD) for applications running in your tenant.
    • When we announce it, update to the latest Microsoft.CrmSdk.XrmTooling.CoreAssembly NuGet package that includes auto redirect support. This library will redirect an authentication type of Office365 to OAuth and use the example AppId and Redirect URI automatically. This capability is planned for the 9.2.x version of the Microsoft.CrmSdk.XrmTooling.CoreAssembly package.
  • If you are accessing the CrmServiceClient.OrganizationServiceProxy property:Remove all use of that property in your code. CrmServiceClient implements IOrganizationService and exposes everything that is settable for the organization service proxy.
CrmServiceClient crmSvc = new CrmServiceClient(ConfigurationManager.ConnectionStrings["MyCDSServer"].ConnectionString);
            if (crmSvc.IsReady)
                WhoAmIRequest req = new WhoAmIRequest();
                WhoAmIResponse res= (WhoAmIResponse)crmSvc.Execute(req);

Hope this helps!


2 thoughts on “Office365 authentication type and OrganizationServiceProxy class for connecting to Common Data Service Deprecated

  1. Hi Bipin,
    Thank you so much for your post.

    I have a doubt. The below link says the ADAL is also deprecating –

    And also when we try to register the app, we can see a message shown in yellow in the below screenshot –

    If this is the case, then how can we register the app? Without registering the app, we will not be able to get the AppId and RedirectURI for authentication.

    Will you please suggest.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s