Connection Strings - rezanid/xrmtools GitHub Wiki
When adding an environment in Xrm Tools, you supply a connection string that tells the extension how to connect to Dataverse. In the simplest case, this can just be the environment URL. For example, all of the following are equivalent ways to specify the connection for an environment named “MyEnv”:
-
https://myenv.crm4.dynamics.com -
Url=https://myenv.crm4.dynamics.com -
Url=https://myenv.crm4.dynamics.com;Integrated Security=True
If you omit certain parameters, Xrm Tools tries to choose sensible defaults. In particular, if no explicit authentication method is given, Xrm Tools will use Azure Entra ID (Azure Active Directory) with integrated security — meaning it will attempt to use your currently logged-in Windows/AD account or show a Microsoft login dialog for you to sign in. This interactive login flow is the default and recommended for most development scenarios.
You can find your environment’s URL (and other details like the tenant ID) by checking the Session details in the Power Apps Portal (https://make.powerapps.com) for that environment.
Common connection string parameters supported by Xrm Tools include:
- Url (or Resource): The URL of the Dataverse environment. This is the only required part of the connection string in many cases. Always use your development environment’s URL here, to ensure you register plugins against the correct instance.
- Integrated Security: When set to
True, Xrm Tools will use the interactive login of the current user for authentication (if credentials are needed, a Microsoft login prompt will appear). This is implicitly True if you provide no username/password or client credentials. Using integrated security is convenient for developer accounts with SSO. - TenantId (or Tenant): The GUID of your Azure AD tenant. You can optionally include this to avoid an extra lookup – if omitted, Xrm Tools will determine the tenant ID from the environment URL. Including the tenant ID can slightly speed up authentication by skipping that discovery step.
- ClientId: The Application (Client) ID of an Azure AD app registration to use for authentication. By default, Xrm Tools uses a built-in Microsoft client ID (51f81489-12ee-4a9e-aaae-a2591f45987d, which is the Dataverse default application ID). If you want Xrm Tools to use a specific Azure AD app (for example, a custom app you’ve registered for non-interactive access), provide its ClientId here.
- RedirectUri: The redirect URI of the Azure AD app, if you are using a custom ClientId. The default used by Dataverse’s client ID is app://58145B91-0C36-4500-8554-080854F2AC97. If your custom app registration uses a different redirect URI, specify it with this parameter.
- ClientSecret: A client secret associated with the Azure AD app (ClientId). If you include a ClientSecret in the connection string, Xrm Tools will attempt to authenticate using the app’s credentials (ClientId + Secret) instead of interactive login. Do not put the actual secret value directly in the connection string in source control. If you need to use a secret, consider using environment variable or credential manager references (see Secret Management for Connection Strings) so the secret isn’t stored in plain text. Using a client secret typically also requires that you have created an Application User in the Dataverse environment with the appropriate role, and you would specify that app’s ClientId and secret here.
- Thumbprint: An alternative to ClientSecret for certificate-based authentication. Provide the thumbprint of a certificate installed on your machine (in the Current User certificate store) that corresponds to your Azure AD app credentials. Xrm Tools will use the certificate to authenticate. This is commonly used in corporate environments where a certificate is provided to developers for access. As with ClientSecret, you should avoid putting the actual thumbprint in source if it’s sensitive (though a thumbprint alone is not as sensitive as a secret). Your admin might give you the thumbprint to use, or you can find it via the Windows Certificate Manager (certmgr.msc).
Device: If set to True, would indicate using the OAuth device code flow for authentication. Note: Device flow is not currently supported by Xrm Tools (and it would present a less integrated experience in Visual Studio), so this parameter isn’t used. It’s recommended to use integrated login or an app registration (ClientId/Secret or certificate) instead.
In practice, for most development work, you can use just the environment Url (and let integrated security handle authentication). If your organization requires a non-interactive login (for example, using a dedicated application user), you can provide a ClientId and either a ClientSecret or Thumbprint. Typically you will then use the Secret Management features to avoid embedding secrets directly.
The connection strings you add via the Options dialog are stored (unencrypted) in the Visual Studio settings or project files (depending on the scope you chose). This is usually fine for non-sensitive info, but if you include sensitive credentials, be sure to use the placeholders for environment variables or credential manager as described in Secret Management for Connection Strings so that those values aren’t exposed in plain text.