SharePoint Online 中的远程身份验证
Remote Authentication in SharePoint Online
我正在尝试使用 SharePoint 程序包编写脚本来访问我公司 SharePoint 上的文件。教程指出
First, you need to create a SharePointSite object. We’ll assume you’re using basic auth; if you’re not, you’ll need to create an appropriate urllib2 Opener yourself.
然而,经过多次尝试,我得出结论,基本身份验证是不够的。在研究如何让它发挥作用时,我发现了 this article,它很好地概述了一般身份验证方案。我正在努力解决的问题是在 Python 中实现它。
我成功劫持了 SharePoint 模块中的基本身份验证。为此,我采用了链接文章中的 XML 消息,并用它来替换 SharePoint 模块生成的 XML。进行一些其他更改后,我现在收到了链接文章第 2 步中所述的令牌。
现在,在第 3 步中,我需要使用 POST 将该令牌发送到 SharePoint。下面是它应该是什么样子的示例:
POST http://yourdomain.sharepoint.com/_forms/default.aspx?wa=wsignin1.0 HTTP/1.1
Host: yourdomain.sharepoint.com
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Content-Length: [calculate]
t=EwBgAk6hB....abbreviated
我目前使用以下代码生成我的 POST。根据其他几个问题的指导,我省略了 content-length header 因为它应该是自动计算的。我不确定将令牌放在哪里,所以我只是将它推入 data.
headers = {
'Host': 'mydomain.sharepoint.com',
'Connection': 'keep-alive',
'User-Agent': 'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)'
}
data = {'t':'{}'.format(token[2:])}
data = urlencode(data)
postURL = "https://mydomain.sharepoint.com/_forms/default.aspx?wa=wsignin1.0"
req = Request(postURL, data, headers)
response = urlopen(req)
但是,这会产生以下错误消息:
urllib2.HTTPError: HTTP Error 302: The HTTP server returned a redirect error that would lead to an infinite loop.
The last 30x error message was:
Found
如何生成 POST 以正确 return 我需要的身份验证 cookie?
根据Remote Authentication in SharePoint Online Using Claims-Based Authentication and SharePoint Online authentication篇文章:
The Federation Authentication (FedAuth) cookie is for each top level
site in SharePoint Online such as the root site, the MySite, the Admin
site, and the Public site. The root Federation Authentication (rtFA)
cookie is used across all of SharePoint Online. When a user visits a
new top level site or another company’s page, the rtFA cookie is used
to authenticate them silently without a prompt.
总而言之,要获取身份验证 cookie,需要将请求发送到以下端点:
url: https://tenant.sharepoint.com/_forms/default.aspx?wa=wsignin1.0
method: POST
data: security token
请求通过验证后,响应将在 HTTP header 中包含身份验证 cookie(FedAuth 和 rtFa),如您提到的文章中所述。
Python
的 SharePoint Online REST 客户端
作为概念证明,SharePoint Online REST client for Python 已经发布,它展示了如何:
- 在 SharePoint Online 中执行远程身份验证
- 对 SharePoint 资源执行基本的 CRUD 操作,例如
使用 REST 的 Web、列表或列表项 API
实施细节:
AuthenticationContext.py class 包含 SharePoint
在线远程认证流程实现,特别是
acquireAuthenticationCookie函数演示如何处理
身份验证 cookieClientRequest.py class 展示了如何使用 SharePoint Online REST API
例子
示例显示如何读取 Web 客户端 object 属性:
from client.AuthenticationContext import AuthenticationContext
from client.ClientRequest import ClientRequest
url = "https://contoso.sharepoint.com/"
username = "jdoe@contoso.onmicrosoft.com"
password = "password"
ctxAuth = AuthenticationContext(url)
if ctxAuth.acquireTokenForUser(username, password):
request = ClientRequest(url,ctxAuth)
requestUrl = "/_api/web/" #Web resource endpoint
data = request.executeQuery(requestUrl=requestUrl)
webTitle = data['d']['Title']
print "Web title: {0}".format(webTitle)
else:
print ctxAuth.getLastErrorMessage()
可以在 GitHub 存储库的 examples 文件夹下找到更多示例
我正在尝试使用 SharePoint 程序包编写脚本来访问我公司 SharePoint 上的文件。教程指出
First, you need to create a
SharePointSiteobject. We’ll assume you’re using basic auth; if you’re not, you’ll need to create an appropriateurllib2Opener yourself.
然而,经过多次尝试,我得出结论,基本身份验证是不够的。在研究如何让它发挥作用时,我发现了 this article,它很好地概述了一般身份验证方案。我正在努力解决的问题是在 Python 中实现它。
我成功劫持了 SharePoint 模块中的基本身份验证。为此,我采用了链接文章中的 XML 消息,并用它来替换 SharePoint 模块生成的 XML。进行一些其他更改后,我现在收到了链接文章第 2 步中所述的令牌。
现在,在第 3 步中,我需要使用 POST 将该令牌发送到 SharePoint。下面是它应该是什么样子的示例:
POST http://yourdomain.sharepoint.com/_forms/default.aspx?wa=wsignin1.0 HTTP/1.1
Host: yourdomain.sharepoint.com
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Content-Length: [calculate]
t=EwBgAk6hB....abbreviated
我目前使用以下代码生成我的 POST。根据其他几个问题的指导,我省略了 content-length header 因为它应该是自动计算的。我不确定将令牌放在哪里,所以我只是将它推入 data.
headers = {
'Host': 'mydomain.sharepoint.com',
'Connection': 'keep-alive',
'User-Agent': 'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)'
}
data = {'t':'{}'.format(token[2:])}
data = urlencode(data)
postURL = "https://mydomain.sharepoint.com/_forms/default.aspx?wa=wsignin1.0"
req = Request(postURL, data, headers)
response = urlopen(req)
但是,这会产生以下错误消息:
urllib2.HTTPError: HTTP Error 302: The HTTP server returned a redirect error that would lead to an infinite loop.
The last 30x error message was:
Found
如何生成 POST 以正确 return 我需要的身份验证 cookie?
根据Remote Authentication in SharePoint Online Using Claims-Based Authentication and SharePoint Online authentication篇文章:
The Federation Authentication (FedAuth) cookie is for each top level site in SharePoint Online such as the root site, the MySite, the Admin site, and the Public site. The root Federation Authentication (rtFA) cookie is used across all of SharePoint Online. When a user visits a new top level site or another company’s page, the rtFA cookie is used to authenticate them silently without a prompt.
总而言之,要获取身份验证 cookie,需要将请求发送到以下端点:
url: https://tenant.sharepoint.com/_forms/default.aspx?wa=wsignin1.0
method: POST
data: security token
请求通过验证后,响应将在 HTTP header 中包含身份验证 cookie(FedAuth 和 rtFa),如您提到的文章中所述。
Python
的 SharePoint Online REST 客户端作为概念证明,SharePoint Online REST client for Python 已经发布,它展示了如何:
- 在 SharePoint Online 中执行远程身份验证
- 对 SharePoint 资源执行基本的 CRUD 操作,例如 使用 REST 的 Web、列表或列表项 API
实施细节:
AuthenticationContext.pyclass 包含 SharePoint 在线远程认证流程实现,特别是acquireAuthenticationCookie函数演示如何处理 身份验证 cookieClientRequest.pyclass 展示了如何使用 SharePoint Online REST API
例子
示例显示如何读取 Web 客户端 object 属性:
from client.AuthenticationContext import AuthenticationContext
from client.ClientRequest import ClientRequest
url = "https://contoso.sharepoint.com/"
username = "jdoe@contoso.onmicrosoft.com"
password = "password"
ctxAuth = AuthenticationContext(url)
if ctxAuth.acquireTokenForUser(username, password):
request = ClientRequest(url,ctxAuth)
requestUrl = "/_api/web/" #Web resource endpoint
data = request.executeQuery(requestUrl=requestUrl)
webTitle = data['d']['Title']
print "Web title: {0}".format(webTitle)
else:
print ctxAuth.getLastErrorMessage()
可以在 GitHub 存储库的 examples 文件夹下找到更多示例