从node.js使用SharePoint 2013进行身份验证

时间:2015-06-27 11:01:16

标签: javascript node.js rest authentication sharepoint

我有一个用JavaScript编写的命令行脚本,需要连接到远程SharePoint站点上的REST Api,但我无法弄清楚如何进行身份验证。我可以使用表单身份验证在浏览器中登录,通过检查请求,我应该能够在node.js中重现它以获取适当的身份验证cookie或令牌。但是,我实际上得到了403 Forbidden。我不知道这是否是最佳方式,但我无法找到相关信息。这是我的剧本:

var http = require('http');
var querystring = require('querystring');

var postData = querystring.stringify({
  'ctl00$PlaceHolderMain$signInControl$UserName': 'restapi',
  'ctl00$PlaceHolderMain$signInControl$password': 'my_password',
  'ctl00$PlaceHolderMain$signInControl$login': 'Sign In'
});

var options = {
  hostname: 'sharepoint.example.com',
  port: 80,

  path: '/_layouts/15/Authenticate.aspx?Source=%2F',
  method: 'POST',
  headers: {
    'Content-Type': 'application/x-www-form-urlencoded',
    'Content-Length': postData.length
  }
};

var req = http.request(options, function(res) {
  console.log('STATUS: ' + res.statusCode);
  console.log('HEADERS: ', res.headers);
  res.setEncoding('utf8');
  res.on('data', function (chunk) {
    console.log('BODY: ' + chunk);
  });
});

req.on('error', function(e) {
  console.log('problem with request: ' + e.message);
});

// write data to request body
req.write(postData);
req.end();

响应标题是:

{ 'cache-control': 'private',
  'content-type': 'text/plain; charset=utf-8',
  server: 'Microsoft-IIS/8.5',
  'x-sharepointhealthscore': '0',
  'x-aspnet-version': '4.0.30319',
  sprequestguid: '366d149d-79af-b07c-1764-dec7001b46a2',
  'request-id': '366d149d-79af-b07c-1764-dec7001b46a2',
  'x-frame-options': 'SAMEORIGIN',
  sprequestduration: '7',
  spiislatency: '0',
  'x-forms_based_auth_required': 'http://sharepoint.example.com/_login/default.aspx?ReturnUrl=/_layouts/15/error.aspx&Source=%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252F',
  'x-forms_based_auth_return_url': 'http://sharepoint.example.com/_layouts/15/error.aspx',
  'x-msdavext_error': '917656; Access denied. Before opening files in this location, you must first browse to the web site and select the option to login automatically.',
  'x-powered-by': 'ASP.NET',
  microsoftsharepointteamservices: '15.0.0.4569',
  'x-content-type-options': 'nosniff',
  'x-ms-invokeapp': '1; RequireReadOnly',
  date: 'Sat, 27 Jun 2015 10:53:28 GMT',
  connection: 'close',
  'content-length': '13' }

有什么建议吗?

1 个答案:

答案 0 :(得分:0)

您确定REST API允许CORS吗?因为403 Forbidden可能意味着您不允许从外部联系该端点。

远程SharePoint应用是否使用AD进行身份验证? 如果是这样,您可能需要查看此包https://www.npmjs.com/package/activedirectory

相关问题
最新问题