我尝试通过webpart在sharepoint中获取令牌,但是它返回空值,我做了下面的代码。
/**
* Metodo que gerará o token
*/
getTokenSharepoint() {
var username="";
var password="";
var siteCollUrl="https://bbtecno.sharepoint.com";
var loginUrl = "https://bbtecno.sharepoint.com/_forms/default.aspx?wa=wsignin1.0";
var token;
var digest;
var requestBody='<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"
xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-
open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">'
+'<s:Header>'
+' <a:Action
s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action>'
+' <a:ReplyTo>'
+' <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>'
+' </a:ReplyTo>'
+' <a:To s:mustUnderstand="1">https://login.microsoftonline.com/extSTS.srf</a:To>'
+' <o:Security s:mustUnderstand="1"'
+' xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-
secext-1.0.xsd">'
+' <o:UsernameToken>'
+' <o:Username>'+username+'</o:Username>'
+' <o:Password>'+password+'</o:Password>'
+' </o:UsernameToken>'
+' </o:Security>'
+' </s:Header>'
+' <s:Body>'
+' <t:RequestSecurityToken xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">'
+' <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">'
+' <a:EndpointReference>'
+' <a:Address>'+siteCollUrl+'</a:Address>'
+' </a:EndpointReference>'
+' </wsp:AppliesTo>'
+' <t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType>'
+' <t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>'
+' <t:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>'
+' </t:RequestSecurityToken>'
+' </s:Body>'
+'</s:Envelope>';
const itemHeader: any = {
'Accept': 'text/html,application/soap+xml;odata=nometadata',
'Content-type': 'application/xml;odata=verbose',
'odata-version': '3.0',
"X-HTTP-Method": "POST",
"Access-Control-Allow-Origin": "*"
};
const spHttpClientOptions: ISPHttpClientOptions = {
"body": requestBody,
"method": 'POST',
"mode": 'cors'
};
alert('estou aqui 1');
this.context.httpClient.post("https://login.microsoftonline.com/extSTS.srf" ,
SPHttpClient.configurations.v1, spHttpClientOptions)
.then(data => {
var result: any[];
if(data.status == 200)
{
alert("teste" + JSON.stringify(data.text()));
return data.text(); //returning the XML text of the response
}
else
{
return "";
}
});
}
你能帮我吗?
跨域读取阻止(CORB)是一种算法,可以在Web浏览器访问网页之前识别并阻止可疑的跨域资源加载。 CORB通过将敏感数据与跨源网页隔离开来,从而降低了泄露敏感数据的风险。在大多数浏览器中,它将此类数据保留在不受信任的脚本执行上下文之外。在具有“站点隔离”功能的浏览器中,它可以将此类数据完全排除在不受信任的渲染器进程之外,甚至还可以抵御诸如Spectre之类的侧通道攻击。
谢谢
答案 0 :(得分:0)
我通过jquery尝试,但没有成功,因为它会产生CORS问题。
$。ajax({ 'url':'https://login.microsoftonline.com/extSTS.srf', dataType:“文本”, 类型:“ POST”,
'data': '<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap- envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><s:Header><a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action><a:MessageID>urn:uuid:40c1407d-b2a4-4e05-8248-8a92b71102b6</a:MessageID><a:ReplyTo><a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address></a:ReplyTo><a:To s:mustUnderstand="1">https://login.microsoftonline.com/extSTS.srf</a:To><o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><o:UsernameToken u:Id="uuid-69882db9-2d6b-45d3-b016-c2156cb6c01d-1"><o:Username>' + username + '</o:Username><o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">' + password + '</o:Password></o:UsernameToken></o:Security></s:Header><s:Body><t:RequestSecurityToken xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust"><wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"><a:EndpointReference><a:Address>https://bbtecno.sharepoint.com/_forms/default.aspx?wa=wsignin1.0</a:Address></a:EndpointReference></wsp:AppliesTo><t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType><t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType><t:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType></t:RequestSecurityToken></s:Body></s:Envelope>',
headers: {
'Accept': 'text/html,application/soap+xml;odata=nometadata',
"Access-Control-Allow-Origin":"*" },
success: function (result) {
var xmlDoc = $.parseXML(result);
var xml = $(xmlDoc);
var binToken = xml.find("wsse\\:BinarySecurityToken").text();
alert(binToken);
//CallSPOnline(binToken, tenantName);
}
});
CORS策略已阻止从来源“ https://login.microsoftonline.com/extSTS.srf”访问“ https://bbtecno.sharepoint.com”处的XMLHttpRequest:Access-Control-Allow-不允许请求标头字段access-control-allow-origin飞行前响应中出现标题。
谢谢