Question

我尝试通过webpart在sharepoint中获取令牌，但是它返回空值，我做了下面的代码。

/**
* Metodo que gerará o token
*/
getTokenSharepoint() {  
var username="";
var password="";
var siteCollUrl="https://bbtecno.sharepoint.com";
var loginUrl = "https://bbtecno.sharepoint.com/_forms/default.aspx?wa=wsignin1.0";
var token;
var digest;
var requestBody='<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" 
xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis- 
open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">'
          +'<s:Header>'
          +'    <a:Action 
  s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action>'
          +'    <a:ReplyTo>'
          +'      <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>'
          +'    </a:ReplyTo>'
          +'    <a:To s:mustUnderstand="1">https://login.microsoftonline.com/extSTS.srf</a:To>'
          +'    <o:Security s:mustUnderstand="1"'
          +'       xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity- 
  secext-1.0.xsd">'
          +'      <o:UsernameToken>'
          +'        <o:Username>'+username+'</o:Username>'
          +'        <o:Password>'+password+'</o:Password>'
          +'      </o:UsernameToken>'
          +'    </o:Security>'
          +'  </s:Header>'
          +'  <s:Body>'
          +'    <t:RequestSecurityToken xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">'
          +'      <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">'
          +'        <a:EndpointReference>'
          +'          <a:Address>'+siteCollUrl+'</a:Address>'
          +'        </a:EndpointReference>'
          +'      </wsp:AppliesTo>'
          +'      <t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType>'
          +'      <t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>'
          +'      <t:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>'
          +'    </t:RequestSecurityToken>'
          +'  </s:Body>'
          +'</s:Envelope>';

  const itemHeader: any = {
      'Accept': 'text/html,application/soap+xml;odata=nometadata',
      'Content-type': 'application/xml;odata=verbose',
      'odata-version': '3.0',
      "X-HTTP-Method": "POST", 
      "Access-Control-Allow-Origin": "*"
    };

  const spHttpClientOptions: ISPHttpClientOptions = {

      "body": requestBody,
      "method": 'POST',
      "mode": 'cors'
  };
  alert('estou aqui 1');
  this.context.httpClient.post("https://login.microsoftonline.com/extSTS.srf" , 
  SPHttpClient.configurations.v1, spHttpClientOptions)
  .then(data => {
    var result: any[];
    if(data.status == 200)
    {
      alert("teste" +  JSON.stringify(data.text()));
      return data.text(); //returning the XML text of the response
    }
    else
    {
      return "";
    }
  });
}

你能帮我吗？

跨域读取阻止（CORB）是一种算法，可以在Web浏览器访问网页之前识别并阻止可疑的跨域资源加载。 CORB通过将敏感数据与跨源网页隔离开来，从而降低了泄露敏感数据的风险。在大多数浏览器中，它将此类数据保留在不受信任的脚本执行上下文之外。在具有“站点隔离”功能的浏览器中，它可以将此类数据完全排除在不受信任的渲染器进程之外，甚至还可以抵御诸如Spectre之类的侧通道攻击。

谢谢

Answer 1

我通过jquery尝试，但没有成功，因为它会产生CORS问题。

$。ajax（{ 'url'：'https://login.microsoftonline.com/extSTS.srf'， dataType：“文本”，类型：“ POST”，

      'data': '<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-      envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><s:Header><a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action><a:MessageID>urn:uuid:40c1407d-b2a4-4e05-8248-8a92b71102b6</a:MessageID><a:ReplyTo><a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address></a:ReplyTo><a:To s:mustUnderstand="1">https://login.microsoftonline.com/extSTS.srf</a:To><o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><o:UsernameToken u:Id="uuid-69882db9-2d6b-45d3-b016-c2156cb6c01d-1"><o:Username>' + username + '</o:Username><o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">' + password + '</o:Password></o:UsernameToken></o:Security></s:Header><s:Body><t:RequestSecurityToken xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust"><wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"><a:EndpointReference><a:Address>https://bbtecno.sharepoint.com/_forms/default.aspx?wa=wsignin1.0</a:Address></a:EndpointReference></wsp:AppliesTo><t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType><t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType><t:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType></t:RequestSecurityToken></s:Body></s:Envelope>', 


      headers: {         
      'Accept': 'text/html,application/soap+xml;odata=nometadata',
      "Access-Control-Allow-Origin":"*"  }, 
      success: function (result) { 
      var xmlDoc = $.parseXML(result); 
      var xml = $(xmlDoc); 
          var binToken = xml.find("wsse\\:BinarySecurityToken").text(); 
          alert(binToken); 
          //CallSPOnline(binToken, tenantName); 
      } 
  });

CORS策略已阻止从来源“ https://login.microsoftonline.com/extSTS.srf”访问“ https://bbtecno.sharepoint.com”处的XMLHttpRequest：Access-Control-Allow-不允许请求标头字段access-control-allow-origin飞行前响应中出现标题。

谢谢

extSTS中的Sharepoint在线令牌为空

1 个答案: