声明身份验证适用于Windows应用商店应用,但不适用于Windows Phone App

时间:2013-10-29 08:24:22

标签: sharepoint cookies windows-phone-8

我对此略显疯狂。我声称身份验证正在对Windows Store应用程序中的sharepoint在线站点进行操作。但Windows Phone 8应用程序中的完全相同的代码不起作用。一个区别是System.Net.Http-namespace仅作为Windows Phone的Nuget包提供。

身份验证过程是首先向Microsoft发送HttpRequest以检索STS Saml令牌。然后将此令牌与第二个HttpRequest发送到sharepoint在线站点以获取身份验证cookie(FedAuth / rtFA)。

在Windows应用商店中使用STA Saml令牌:

 HttpRequestMessage {Method: POST, RequestUri: https://login.microsoftonline.com/extSTS.srf', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
{
  Accept: application/soap+xml; charset=utf-8
  Content-Type: application/soap+xml; charset=utf-8
  Content-Length: 1335
}}  System.Net.Http.HttpRequestMessage

HttpResponse {StatusCode: 200, ReasonPhrase: 'OK', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
{
  Pragma: no-cache
  X-XSS-Protection: 0
  PPServer: PPV: 30 H: CO1IDOALGN08 V: 0
  Connection: close
  Cache-Control: no-cache
  Date: Tue, 29 Oct 2013 07:52:18 GMT
  P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
  Server: Microsoft-IIS/7.5
  Content-Length: 3661
  Content-Type: application/soap+xml; charset=utf-8
  Expires: Tue, 29 Oct 2013 07:51:18 GMT
}}  System.Net.Http.HttpResponseMessage

HttpResponse.Content {byte[3661]}   byte[]

在Windows应用商店应用SPOAuthToken中:

HttpRequestMessage  {Method: POST, RequestUri: 'https://xxx.sharepoint.com/SitePages/Startsida.aspx', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
{
  Accept: application/x-www-form-urlencoded
  Content-Type: application/x-www-form-urlencoded
  Content-Length: 893
}}  System.Net.Http.HttpRequestMessage


HttpResponse {StatusCode: 200, ReasonPhrase: 'OK', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
{
  X-SharePointHealthScore: 0
  SPRequestGuid: 0556519c-19a2-20e0-a937-44fc861d2ddc
  request-id: 0556519c-19a2-20e0-a937-44fc861d2ddc
  X-FRAME-OPTIONS: SAMEORIGIN
  SPRequestDuration: 742
  SPIisLatency: 1
  MicrosoftSharePointTeamServices: 16.0.0.2120
  X-Content-Type-Options: nosniff
  X-MS-InvokeApp: 1; RequireReadOnly
  Cache-Control: max-age=0, private
  Date: Tue, 29 Oct 2013 07:52:57 GMT
  P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
  Set-Cookie: 8167acc39dff40bf855ec089c80b8fbc2ca28f1fc09f48f5ad16ab2bd0e6ee02i%3A0%23%2Ef%7Cmembership%7Crobert%40portalplus%2Ese=0; expires=Wed, 30-Oct-2013 07:52:57 GMT; path=/; HttpOnly
  Server: Microsoft-IIS/7.5
  X-AspNet-Version: 4.0.30319
  X-Powered-By: ASP.NET
  Content-Length: 107958
  Content-Type: text/html; charset=utf-8
  Expires: Mon, 14 Oct 2013 07:52:56 GMT
  Last-Modified: Tue, 29 Oct 2013 07:52:56 GMT
}}  System.Net.Http.HttpResponseMessage


HttpResponse.Content {byte[107958]} byte[]

在Windows Phone App STA Saml令牌中:

HttpRequestMessage  {Method: POST, RequestUri: 'https://login.microsoftonline.com/extSTS.srf', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
{
  Accept: application/soap+xml; charset=utf-8
  Content-Type: application/soap+xml; charset=utf-8
  Content-Length: 1335
}}  System.Net.Http.HttpRequestMessage

HttpResponse {StatusCode: 200, ReasonPhrase: 'OK', Version: 0.0, Content: System.Net.Http.StreamContent, Headers:
{
  Cache-Control: no-cache
  Pragma: no-cache
  Server: Microsoft-IIS/7.5
  P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
  X-XSS-Protection: 0
  PPServer: PPV: 30 H: CO1IDOLGN56 V: 0
  Date: Tue, 29 Oct 2013 07:50:25 GMT
  Connection: close
  Content-Length: 3661
  Content-Type: application/soap+xml; charset=utf-8
  Expires: Tue, 29 Oct 2013 07:49:26 GMT
}}  System.Net.Http.HttpResponseMessage

HttpResponse.Content  {byte[3661]}  byte[]

在Windows Phone App SPOAuthToken中:

HttpRequestMessage  {Method: POST, RequestUri: 'https://xxx.sharepoint.com/SitePages/Startsida.aspx', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
{
  Accept: application/x-www-form-urlencoded
  Content-Type: application/x-www-form-urlencoded
  Content-Length: 893
}}  System.Net.Http.HttpRequestMessage


HttpResponse {StatusCode: 200, ReasonPhrase: 'OK', Version: 0.0, Content: System.Net.Http.StreamContent, Headers:
{
  Cache-Control: max-age=0, private
  Server: Microsoft-IIS/7.5
  X-SharePointHealthScore: 0
  X-AspNet-Version: 4.0.30319
  SPRequestGuid: ef55519c-0917-20e0-6056-033a05a409d8
  request-id: ef55519c-0917-20e0-6056-033a05a409d8
  X-FRAME-OPTIONS: SAMEORIGIN
  SPRequestDuration: 1289
  SPIisLatency: 0
  X-Powered-By: ASP.NET
  MicrosoftSharePointTeamServices: 16.0.0.2120
  X-Content-Type-Options: nosniff
  X-MS-InvokeApp: 1; RequireReadOnly
  P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
  Date: Tue, 29 Oct 2013 07:51:25 GMT
  Content-Length: 107956
  Content-Type: text/html; charset=utf-8
  Expires: Mon, 14 Oct 2013 07:51:24 GMT
  Last-Modified: Tue, 29 Oct 2013 07:51:24 GMT
}}  System.Net.Http.HttpResponseMessage

HttpResponse.Content  {byte[107956]}    byte[]

我看到的差异是

  • 响应:WP中的版本0.0而不是WS中的版本1.1
  • 没有Set-Cookie响应WP8(根错误)
  • SPO-cookies的ResponseContent WS比WP8大2个字节

WP8中有什么东西会在他们“离开手机”之前以某种方式使http请求无效吗?任何和所有的想法都非常感激。

编辑:我现在相当确定WP8操作系统是罪魁祸首。我已将身份验证代码移动到可移植库中,因此我可以从两个平台运行完全相同的代码。仍然,只有商店应用程序工作!并且奇怪的是:当在实际的手机而不是模拟器上以调试模式运行时,我会得到cookie。

但是,在WP中执行的可移植代码中,cookie以不同方式存储在CookieContainer中,因此我还没有能够实际使用cookie从Sharepoint检索任何数据......我的头疼。

结论:Windows Phone OS对数据做了一些奇怪的事情,可能是在接收端,因为我实际上从Microsoft / SP获取了原始cookie数据。当它进入可移植代码时,它看起来与Windows 8中的不同。

EDIT2 :经过进一步检查后,我发现用于将Cookie放入客户端的cookie容器的行为有所不同。

将cookie添加到容器后,有一个私有字符串“m_fqdnMyDomain”在WP8中为空,但在从W8运行时包含我的域。 GetCookies(uri)在WP8中没有返回任何内容(即使我刚刚使用Add(uri,cookie)添加它们),但在W8中正确返回它们。所有这些都发生在两个环境中运行的相同便携式代码中。

1 个答案:

答案 0 :(得分:1)

好的,我现在有这个工作。解决方法是直接在HttpWebRequest标头中设置cookie,绕过使用CookieContainer:

context.SendingRequest2 += (s, e) =>
                    {
                        var message = e.RequestMessage as HttpWebRequestMessage;    
                        var cookieHeader = string.Format("rtFA={0}; FedAuth={1}", AuthCookies.RtFA, AuthCookies.FedAuth);                                
                        message.HttpWebRequest.Headers["Cookie"] = cookieHeader;      
                     };

而不是

context.SendingRequest2 += (s, e) => (e.RequestMessage as HttpWebRequestMessage).HttpWebRequest.CookieContainer = myCookieContainer;

请注意,第二个选项仍适用于Windows应用商店应用...