Use connection strings in XRM tooling to connect to Microsoft Dataverse
Article
With Dataverse, XRM tooling enables you to connect to your Dataverse environment by using connection strings. This is similar to the concept of connection strings used with SQL Server. Connection strings have native support in configuration files, including the ability to encrypt the configuration sections for maximum security. This enables you to configure Dataverse connections at deployment time, and not hard code in your application to connect to your Dataverse environment.
Read the following important information about using a connection string in application code.
Important
Microsoft recommends that you use the most secure authentication flow available. The authentication flow described in this article requires a very high degree of trust in the application, and carries risks that are not present in other flows. You should only use this flow when other more secure flows, such as managed identities, aren't viable.
Create a connection string
You specify the connection string in the app.config or web.config file for your project, as shown in the following example.
If you add any sensitive information to the app.config or web.config file, for example an account password, be sure to take appropriate security precautions to protect the information.
After creating the connection string, you use it to create a CrmServiceClient object.
//Use the connection string named "MyCDSServer"
//from the configuration file
CrmServiceClient svc = new CrmServiceClient(ConnectionString);
ServiceClient svc = new ServiceClient(ConnectionString);
Note
You'll have to use the following using directive in your code to reference the System.Configuration namespace to access the connection string in your code: using System.Configuration;
The connection string contains a series of name=value pair separated by semi colons. The following table lists supported parameters, which can be entered in any order.
Parameter name
Description
ServiceUri, Service Uri, Url, or Server
Specifies the URL to the Dataverse environment. The URL can use http or https protocol, and the port is optional. The default port is 80 for the http protocol and 443 for the https protocol. The server URL is typically in the format https://<organization-name>.crm.dynamics.com
The organization-name is required.
UserName, User Name, UserId, or User Id
Specifies the user's identification name associated with the credentials.
Password
Specifies the password for the user name associated with the credentials.
HomeRealmUri or Home Realm Uri
Specifies the Home Realm Uri.
AuthenticationType or AuthType
Specifies the authentication type to connect to Dataverse environment. Valid values are: AD, IFD (AD FS enabled), OAuth, Certificate, ClientSecret, or Office365. However, only OAuth, Certificate, ClientSecret and Office365 are permitted values for Dataverse environments.
Specifies whether to reuse an existing connection if recalled while the connection is still active. If set to true, will force the system to create a unique connection. If set to false the existing connection can be reused.
ClientId, AppId or ApplicationId
Specifies the ClientID assigned when you registered your application in Microsoft Entra ID or Active Directory Federation Services (AD FS).
ClientSecret or Secret
Required when Auth Type is set to ClientSecret. Client Secret string to use for authentication.
RedirectUri or ReplyUrl
Specifies the redirect URI of the application you registered in Microsoft Entra ID or Active Directory Federation Services (AD FS).
This parameter is applicable only when the authentication type is specified as OAuth.
TokenCacheStorePath
Specifies the full path to the location where the user token cache should be stored. The running process should have access to the specified path. It is the processes responsibility to set and configure this path.
This parameter is applicable only when the authentication type is specified as OAuth.
LoginPrompt
Specifies whether the user is prompted for credentials if the credentials are not supplied. Valid values are:
- Always: Always prompts the user to specify credentials. - Auto: Allows the user to select in the login control interface whether to display the prompt or not. - Never: Does not prompt the user to specify credentials. If using a connection method does not have a user interface, you should use this value.
This parameter is applicable only when the authentication type is specified as OAuth.
StoreName or CertificateStoreName
Specifies the store name where the certificate identified by thumbprint can be found. When set, Thumbprint is required.
Thumbprint or CertThumbprint
Specifies the thumbprint of the certificate to be utilized during an S2S connection. When set, AppID is required and UserID and Password values are ignored.
Integrated Security
Specifies to use current windows credentials to attempt to create a token for the instances. As of NuGet release Microsoft.CrmSdk.XrmTooling.CoreAssembly Version 9.1.0.21
Note
When using the OAuth AuthType\AuthenticationType
For development and prototyping purposes we have provided the following AppId or ClientId and Redirect URI for use in OAuth Flows.
For production use, you should create an AppId or ClientId that is specific to your tenant in the Azure Management portal.
Sample AppId or ClientId = 51f81489-12ee-4a9e-aaae-a2591f45987d
Sample RedirectUri = app://58145B91-0C36-4500-8554-080854F2AC97
Connection string examples
The following examples show how you can use connection strings for connecting to online deployments and authentication scenarios. The connection string examples for on-premises and IFD deployment instances is now available in the Dynamics 365 Customer Engagement (on-premises) documentation at: Use connection strings in XRM tooling to connect
Named account using Office365
Create a new connection to Dataverse using a UserName or Password via Office365.
Note
This AuthType is deprecated and we recommend to use OAuth as the preferred authentication type. More information: Authenticate using Office365
OAuth using named account in Microsoft 365 with UX to prompt for authentication
Create a new connection to Dataverse using a UserID or Password via OAuth.
Note
OAuth is the preferred auth type for connecting to Dataverse when using an interactive flow. This auth type fully supports the features of Microsoft Entra ID Conditional Access and Multi-Factor authentication.
OAuth using current logged in user with fall back UX to prompt for authentication
Create a new connection to Dataverse using the current logged in user via OAuth.
Note
OAuth is the preferred auth type for connecting to Dataverse when using a interactive flow. This auth type fully supports the features of Microsoft Entra ID Conditional Access and Multi-Factor authentication.
To determine if the connection request was successful, check the value of the CrmServiceClient.IsReady property. If true, the connection is successful, and you are ready to work. Otherwise, check the values of the CrmServiceClient.LastCrmError and CrmServiceClient.LastCrmException properties for the cause of the connection failure.
Do you want to learn how to build solutions that can use a standardized data structure, and work with other solutions sharing the same data model? Do you want to extend the standard model to support custom solutions? This learning path explains the concepts behind and benefits of Dataverse. Creating an environment, entities, fields and options sets are also discussed.
Improve business processes for customer service functions, such as automatic case creation and queue management with Microsoft Dynamics 365 Customer Service.