使用Javascript进行SharePoint Online的远程身份验证

Question

我试图通过从远程位置访问SharePoint在线站点来检索列表项目，到目前为止，我已尝试使用SPServices以及以下代码片段，

function login(userID, password, url, successBlock, failBlock) { 
        $.ajax({ 
            url: 'https://login.microsoftonline.com/extSTS.srf', 
            dataType: 'text', 
            type: 'POST', 
            crossDomain: true,
            data: getSAMLRequest(userID, password, url), 
            headers: { 
                Accept : "application/soap+xml; charset=utf-8" 
            }, 
            success: function(result, textStatus, jqXHR) { 
                var xmlDoc = $.parseXML(result); 
                var xml = $(xmlDoc) 
                var securityToken = xml.find("BinarySecurityToken").text(); 
                if (securityToken.length == 0) { 
                    failBlock(); 
                } 
                else { 
                    $.ajax({ 
                        url: url, 
                        dataType: 'text', 
                        type: 'POST', 
                        data: xml.find("BinarySecurityToken").text(), 
                        headers: { 
                            Accept : "application/x-www-form-urlencoded" 
                        }, 
                        success: function(result, textStatus, jqXHR) { 
                            successBlock(); 
                        }, 
                        error: function (jqXHR, textStatus, errorThrown) { 
                            failBlock(); 
                        } 
                    }); 
                } 
            }, 
            error: function (jqXHR, textStatus, errorThrown){ 
                failBlock(); 
            } 
        }); 
    } 

function getSAMLRequest(userID, password, url) { 
        return '<s:Envelope'
        + 'xmlns:s="http://www.w3.org/2003/05/soap-envelope"'
        + 'xmlns:a="http://www.w3.org/2005/08/addressing" ' 
        + 'xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> ' 
        + '<s:Header> ' 
            + '<a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action> ' 
            + '<a:ReplyTo> ' 
            + '<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address> ' 
            + '</a:ReplyTo> ' 
            + '<a:To s:mustUnderstand="1">https://login.microsoftonline.com/extSTS.srf</a:To> ' 
            + '<o:Security ' 
                + 's:mustUnderstand="1" ' 
                + 'xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> ' 
                + '<o:UsernameToken> ' 
                    + '<o:Username>' + userID + '</o:Username> ' 
                    + '<o:Password>' + password + '</o:Password> ' 
                + '</o:UsernameToken> ' 
            + '</o:Security> ' 
        + '</s:Header> ' 
        + '<s:Body> ' 
            + '<t:RequestSecurityToken xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust"> ' 
                + '<wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> ' 
                    + '<a:EndpointReference> ' 
                        + '<a:Address>' + url + '</a:Address> ' 
                    + '</a:EndpointReference> ' 
                + '</wsp:AppliesTo> ' 
                + '<t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType> ' 
                + '<t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType> ' 
                + '<t:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>'
            + '</t:RequestSecurityToken>'
        + '</s:Body> ' 
        + '</s:Envelope>'; 
    } 

但我总是在firebug中收到以下错误，

“跨源请求已阻止：同源策略禁止在https://login.microsoftonline.com/extSTS.srf读取远程资源。可以通过将资源移动到同一域或启用CORS来解决此问题。”

如果有人建议采用更好的方法，我将非常感激。