Dynamics CRM SOAP Request : "Request is unsupported."

329 views Asked by At

The Windows Live ID authentication we used to connect via SOAP to our Dynamics stopped working, after years without problem. Here is the SOAP Request:

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"
             xmlns:a="http://www.w3.org/2005/08/addressing"
             xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <s:Header>
                <a:Action s:mustUnderstand="1">
                http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action>
                <a:MessageID>urn:uuid:56476fb1-26d4-4525-a62a-4a1c65e71e85</a:MessageID>
                <a:ReplyTo>
                    <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
                </a:ReplyTo>
                <a:To s:mustUnderstand="1">
                https://login.microsoftonline.com/extSTS.srf</a:To>
                <o:Security s:mustUnderstand="1"
                xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
                    <u:Timestamp u:Id="_0">
                    <u:Created>2022-05-05T15:13:25.00Z</u:Created>
                    <u:Expires>2022-05-06T15:13:25.00Z</u:Expires>
                    </u:Timestamp>
                    <o:UsernameToken u:Id="devicesoftware">
                    <o:Username>user here</o:Username>
                    <o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password here</o:Password>
                    </o:UsernameToken>
                </o:Security>
                </s:Header>
               <s:Body>
               <t:RequestSecurityToken xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
                    <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
                    <a:EndpointReference>
                        <a:Address>http://passport.net/tb</a:Address>
                    </a:EndpointReference>
                    </wsp:AppliesTo>
                    <t:RequestType>
                    http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
                </t:RequestSecurityToken>
                </s:Body>
            </s:Envelope>`

And here is the answer :

<?xml version="1.0" encoding="utf-8"?><S:Envelope xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust" xmlns:S="http://www.w3.org/2003/05/soap-envelope"><S:Header><psf:pp xmlns:psf="http://schemas.microsoft.com/Passport/SoapServices/SOAPFault"><psf:serverVersion>1</psf:serverVersion><psf:authstate>0x80048800</psf:authstate><psf:reqstatus>0x80048800</psf:reqstatus><psf:serverInfo ServerTime="2022-05-05T14:54:49.1744415Z">ESTS-PUB-NEULR2-AZ1-FD071-001.ProdSlices rid:f2378b15-e610-4168-a77e-8572e61ba900</psf:serverInfo></psf:pp></S:Header><S:Body xmlns:S="http://www.w3.org/2003/05/soap-envelope"><S:Fault><S:Code><S:Value>S:Sender</S:Value><S:Subcode><S:Value>wst:FailedAuthentication</S:Value></S:Subcode></S:Code><S:Reason><S:Text xml:lang="en-US">Authentication Failure</S:Text></S:Reason><S:Detail><psf:error xmlns:psf="http://schemas.microsoft.com/Passport/SoapServices/SOAPFault"><psf:value>0x80048800</psf:value><psf:internalerror><psf:code>0x80048800</psf:code><psf:text>AADSTS90083: Request is unsupported.</psf:text></psf:internalerror></psf:error></S:Detail></S:Fault></S:Body></S:Envelope>

What could have gone wrong please ?

1

There are 1 answers

0
MattB On

As @Guido Mentions in the comments.
You need to shift over to passing a JWT token now.. Dataverse has not supported LiveID since 2017, so I assume your using WS-TRUST there :)

That said, if your handcrafting calls to Dataverse, you should be using the WebAPI.

if you're using .net. You can use the CrmServiceClient or DataverseServiceClient(cross platform) to connect to and interact with Dataverse.

You can find more information here: https://learn.microsoft.com/en-us/power-apps/developer/data-platform/authenticate-office365-deprecation