Shared Access Signature (SAS) token authorization model and Dynamics 365 systems

November 29th, 2018 by Stephen Jones Leave a reply »

In November 2018, all ACS components were permanently shut down. This affects all requests to the service i.e. those fail. This includes the Access Control management portal, the management service, secure token service, and token transformation engine rule. Microsoft made changes to Azure Service Bus that affect Microsoft Dynamics AX 2012 Azure connector, and impact email workflow approvals, companion/mobile applications, and vendor portals. It also affects any other application or service that uses Access Control Service (ACS).

If for example you use Dynamics AX 2012 mobile or tablet applications for time and expense management, and/or approve workflows via email, then be aware of the changes to Azure Service Bus. The Microsoft Dynamics AX 2012 Azure connector uses the Access Control Service (ACS) for user authentication. The management of authorization rules is managed inside by the Azure Active Directory Access Control Service (ACS), and the tokens obtained from ACS are then passed to Service Bus to authorize access to functionality in AX.

ACS is now replaced by Shared Access Signature (SAS) token authorization model. A shared access signature (SAS) provides you with a way to grant limited access to objects in your storage account to other clients, without exposing your account key. A shared access signature provides delegated access to resources in your storage account. With a SAS, you can grant clients access to resources in your storage account, without sharing your account keys. This is the key point of using shared access signatures in your applications–a SAS is a secure way to share your storage resources without compromising your account keys.

To continue using email workflow approvals, mobile applications, and other Dynamics AX features, if you have nit already done so then you will need to migrate your components previously using Access Control Service (ACS) to Shared Access Signatures (SAS). This token model is provided directly by Service Bus and can be used without any intermediaries through access to the SAS rule name and rule key.

https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-acs-migration

https://docs.microsoft.com/en-us/dynamics365/customer-engagement/developer/walkthrough-update-service-endpoint-acs-sas-authorization

Advertisement

Comments are closed.