如何从On Premise SharePoint 2013和ADFS获取FedAuth Cookie
我使用Windows Server 2012 R2,ADFS和sharepoint 2013设置了测试环境。我可以使用ADFS作为声明身份提供程序成功登录到Sharepoint 2013。 现在我尝试从我的C#应用程序登录到Sharepoint。
我可以使用以下命令从adfs请求saml断言令牌。
现在,我想帮助将saml令牌发布到SharePoint并检索FedAuth cookie,以便我可以被动地登录到SharePoint 2013并从C#应用程序上载文档。
当我调用最后一个方法时PostSharePointSTS()没有设置Cookie。
大部分代码都是Leandro Boffi的帮助
[TestMethod] public void GetSamlTestMethod() { var client = new WebClient(); client.Headers.Add("Content-Type", "application/soap+xml; charset=utf-8"); string username = "Administrator@2012r2.local"; string password = "Password1"; string adfsServer = "https://logon.2012r2.local/adfs/services/trust/2005/UsernameMixed"; string sharepoint = "https://portal.2012r2.local/_trust/"; var samlRequest = GetSAML() .Replace("[Username]", username) .Replace("[Password]", password) .Replace("[To]", adfsServer) .Replace("[applyTo]", sharepoint); var result = client.UploadString( address: "https://logon.2012r2.local/adfs/services/trust/2005/UsernameMixed", method: "POST", data: samlRequest); PostSharePointSTS( GetSAMLAssertion(result) ); } private static string GetSAMLAssertion(string response) { XDocument samlResponse = XDocument.Parse( response); // Check response xml for faults/errors if(samlResponse.Root == null) throw new ApplicationException("Invalid response received from authentication service."); XNamespace s = "http://www.w3.org/2003/05/soap-envelope"; XNamespace psf = "http://schemas.microsoft.com/Passport/SoapServices/SOAPFault"; XNamespace wst = "http://schemas.xmlsoap.org/ws/2005/02/trust"; // "http://docs.oasis-open.org/ws-sx/ws-trust/200512";// XNamespace wsp = "http://schemas.xmlsoap.org/ws/2004/09/policy"; XNamespace wsa = "http://www.w3.org/2005/08/addressing"; XNamespace wsse = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; const string saml = "urn:oasis:names:tc:SAML:1.0:assertion"; // the logon token is in the SAML assertion element of the message body XDocument xDoc = XDocument.Parse(response, LoadOptions.PreserveWhitespace); var assertion = from e in xDoc.Descendants() where e.Name == XName.Get("Assertion", saml) select e; string samlAssertion = assertion.FirstOrDefault().ToString(); // for some reason the assertion string needs to be loaded into an XDocument // and written out for for the XML to be valid. Otherwise we get an invalid // XML error back from ADFSs XDocument doc1 = XDocument.Parse(samlAssertion); samlAssertion = doc1.ToString(SaveOptions.DisableFormatting); return samlAssertion; } private static string GetSAML() { const string saml = @" http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue http://www.w3.org/2005/08/addressing/anonymous [To] [Username] [Password] [applyTo] http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey http://schemas.xmlsoap.org/ws/2005/02/trust/Issue urn:oasis:names:tc:SAML:1.0:assertion "; return saml; } private static void PostSharePointSTS(string assertion) { // Submit the BinarySecurityToken to SPO and retrieve response var loginUri = new Uri("https://logon.2012r2.local/adfs/ls?wa=wsignin1.0&wtrealm=urn:sharepoint:portal"); var requestCookies = new CookieContainer(); var request = (HttpWebRequest)WebRequest.Create(loginUri); request.AllowAutoRedirect = false; request.ContentType = "application/x-www-form-urlencoded"; request.ContentLength = assertion.Length; request.CookieContainer = requestCookies; request.Method = "POST"; request.UserAgent = "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)"; using(var requestWriter = new StreamWriter(request.GetRequestStream())) { requestWriter.Write(assertion); requestWriter.Close(); } var response = (HttpWebResponse)request.GetResponse(); switch(response.StatusCode) { case HttpStatusCode.OK: case HttpStatusCode.Found: break; // TODO: Log error? //default: //return false; } } 当我尝试将给定的SAML令牌发布到SharePOint时,我得到以下内容。 但没有设置cookie。
HTTP/1.1 302 Found Content-Length: 0 Content-Type: text/html; charset=utf-8 Location: https://logon.2012r2.local:443/adfs/ls/wia?wa=wsignin1.0&wtrealm=urn:sharepoint:portal Server: Microsoft-HTTPAPI/2.0 Date: Sat, 16 Aug 2014 10:55:51 GMT This response did not set any cookies. This response did not contain a P3P Header. Validate P3P Policies at: http://www.w3.org/P3P/validator.html Learn more at: http://fiddler2.com/r/?p3pinfo
为什么不使用标准的SharePoint CSOM库在SharePoint中执行任何操作? CSOM会自动代表SharePoint端的用户执行所有必要的ADFS交互。