Microsoft has recently released a feature that allows your application to connect securely and seamlessly connect to Microsoft Dynamics 365 Online solutions. S2S authentication is now the standard way that apps registered on Microsoft AppSource use to access the Dynamics 365 data of their subscribers. I found this feature a great addition to help secure .Net MVC applications access to Dynamics 365.
With S2S authentication a special Dynamics 365 unlicensed application user account is created and includes information about your application registered with Azure Active Directory (Azure AD). Rather than user credentials, the application is authenticated based on a service principal identified by an Azure AD Object ID value which is stored in the Dynamics 365 application user record. The Dynamics 365 application user is associated with a custom security role which controls the kinds of data and operations the application is allowed to perform.
I have found this feature extremely useful and a specially secure way to integrate a number of my Azure hosted .Net MVC portal with Dynamics 365. I have recently changed all my portals to use this feature to benefit from the new functionality.
You will need to be careful though as all operations performed by your application or service in this case while using S2S, it will be performed as the application user you provide rather than as the user who is accessing your application. If you want your application to perform data operations on behalf of a specific user, such as the one who is interacting with your application, you can apply impersonation when the custom security role applied to your application service principal has the privileges required.
Further details and MSDN article source can be found here: