如何从本地SharePoint 2013和ADFS获取FedAuth Cookie

本文关键字:ADFS 获取 FedAuth Cookie 2013 SharePoint | 更新日期: 2023-09-27 18:18:20

我使用windows server 2012 R2, ADFS和sharepoint 2013设置了一个测试环境。我可以使用ADFS作为索赔身份提供者成功登录到Sharepoint 2013。现在我正试图从我的c#应用程序登录到Sharepoint。

我可以使用以下命令从adfs请求小断言令牌。

现在我想帮助张贴小令牌到SharePoint和检索FedAuth cookie,这样我就可以被动地登录到SharePoint 2013和从c#应用程序上传文档。

当我调用最后一个方法PostSharePointSTS()没有cookie设置。

大部分代码是由Leandro Boffi帮助编写的

[TestMethod]
public void GetSamlTestMethod()
{
  var client = new WebClient();
  client.Headers.Add("Content-Type", "application/soap+xml; charset=utf-8");
  string username = "Administrator@2012r2.local";
  string password = "Password1";
  string adfsServer = "https://logon.2012r2.local/adfs/services/trust/2005/UsernameMixed";
  string sharepoint = "https://portal.2012r2.local/_trust/";
  var samlRequest = GetSAML()
    .Replace("[Username]", username)
    .Replace("[Password]", password)
    .Replace("[To]", adfsServer)
    .Replace("[applyTo]", sharepoint);
  var result = client.UploadString(
          address: "https://logon.2012r2.local/adfs/services/trust/2005/UsernameMixed",
          method: "POST",
          data: samlRequest);
          PostSharePointSTS( GetSAMLAssertion(result) );
}
private static string GetSAMLAssertion(string response)
{
  XDocument samlResponse = XDocument.Parse( response);
  // Check response xml for faults/errors
  if(samlResponse.Root == null)
    throw new ApplicationException("Invalid response received from authentication service.");
  XNamespace s = "http://www.w3.org/2003/05/soap-envelope";
  XNamespace psf = "http://schemas.microsoft.com/Passport/SoapServices/SOAPFault";
  XNamespace wst = "http://schemas.xmlsoap.org/ws/2005/02/trust"; // "http://docs.oasis-open.org/ws-sx/ws-trust/200512";// 
  XNamespace wsp = "http://schemas.xmlsoap.org/ws/2004/09/policy";
  XNamespace wsa = "http://www.w3.org/2005/08/addressing";
  XNamespace wsse = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
  const string saml = "urn:oasis:names:tc:SAML:1.0:assertion";
  // the logon token is in the SAML assertion element of the message body
  XDocument xDoc = XDocument.Parse(response, LoadOptions.PreserveWhitespace);
  var assertion = from e in xDoc.Descendants()
                  where e.Name == XName.Get("Assertion", saml)
                  select e;
 string samlAssertion = assertion.FirstOrDefault().ToString();     
  // for some reason the assertion string needs to be loaded into an XDocument
  // and written out for for the XML to be valid. Otherwise we get an invalid
  // XML error back from ADFSs
  XDocument doc1 = XDocument.Parse(samlAssertion);
  samlAssertion = doc1.ToString(SaveOptions.DisableFormatting);
  return samlAssertion;
}

   private static string GetSAML()
    {
      const string saml = @"<?xml version='1.0' encoding='utf-8' ?>
<s:Envelope xmlns:s='http://www.w3.org/2003/05/soap-envelope' xmlns:a='http://www.w3.org/2005/08/addressing' xmlns:u='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'>
    <s:Header>
        <a:Action s:mustUnderstand='1'>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action>
        <a:ReplyTo>
            <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
        </a:ReplyTo>
        <a:To s:mustUnderstand='1'>[To]</a:To>
        <o:Security s:mustUnderstand='1' xmlns:o='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'>
            <o:UsernameToken>
                <o:Username>[Username]</o:Username>
                <o:Password>[Password]</o:Password>
            </o:UsernameToken>
        </o:Security>
    </s:Header>
    <s:Body>
        <t:RequestSecurityToken xmlns:t='http://schemas.xmlsoap.org/ws/2005/02/trust'>
            <wsp:AppliesTo xmlns:wsp='http://schemas.xmlsoap.org/ws/2004/09/policy'>
                <a:EndpointReference>
                    <a:Address>[applyTo]</a:Address>
                </a:EndpointReference>
            </wsp:AppliesTo>
            <t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType>
            <t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
            <t:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>
        </t:RequestSecurityToken>
    </s:Body>
</s:Envelope>";
      return saml;
    }
private static void PostSharePointSTS(string assertion)
{
  // Submit the BinarySecurityToken to SPO and retrieve response
 var loginUri = new Uri("https://logon.2012r2.local/adfs/ls?wa=wsignin1.0&wtrealm=urn:sharepoint:portal");
  var requestCookies = new CookieContainer();
  var request = (HttpWebRequest)WebRequest.Create(loginUri);
  request.AllowAutoRedirect = false;
  request.ContentType = "application/x-www-form-urlencoded";
  request.ContentLength = assertion.Length;
  request.CookieContainer = requestCookies;
  request.Method = "POST";
  request.UserAgent = "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)";
  using(var requestWriter = new StreamWriter(request.GetRequestStream()))
  {
    requestWriter.Write(assertion);
    requestWriter.Close();
  }
  var response = (HttpWebResponse)request.GetResponse();
  switch(response.StatusCode)
  {
    case HttpStatusCode.OK:
    case HttpStatusCode.Found:
    break;
    // TODO: Log error?
    //default:
    //return false;
  }
}

当我尝试将给定的SAML令牌发布到SharePOint时,我得到以下内容。但是没有设置cookie。

HTTP/1.1 302 Found
Content-Length: 0
Content-Type: text/html; charset=utf-8
Location: https://logon.2012r2.local:443/adfs/ls/wia?wa=wsignin1.0&wtrealm=urn:sharepoint:portal
Server: Microsoft-HTTPAPI/2.0
Date: Sat, 16 Aug 2014 10:55:51 GMT
    This response did not set any cookies.
This response did not contain a P3P Header.
Validate P3P Policies at: http://www.w3.org/P3P/validator.html
Learn more at: http://fiddler2.com/r/?p3pinfo

如何从本地SharePoint 2013和ADFS获取FedAuth Cookie

为什么不使用标准的SharePoint CSOM库在SharePoint中做任何你想做的事情呢?CSOM代表SharePoint端用户自动完成所有必要的ADFS交互