HTTPS 的 HttpWebRequest 出现 403 禁止错误

HttpWebRequest for HTTPS got 403 Forbidden Error

我在从我的 C# 项目调用 GetListCollection 方法时收到错误消息“403 Forbidden”。在线 2013 和 URL 中的共享点版本以 HTTPS 开头。

我的 HTTP header 请求的代码是:

string _url = "https://my.sharepoint.com/"+ "_vti_bin/Lists.asmx";

string soapStr =
            @"<?xml version=""1.0"" encoding=""utf-8""?>
                <soap:Envelope xmlns:soap=""http://schemas.xmlsoap.org/soap/envelope/"" xmlns:xsi=""http://www.w3.org/2001/XMLSchema-instance"" xmlns:xsd=""http://www.w3.org/2001/XMLSchema"">
                    <soap:Body>
                        <GetListCollection xmlns=""http://schemas.microsoft.com/sharepoint/soap/"" />
                    </soap:Body>
                </soap:Envelope>";

HttpWebRequest req = (HttpWebRequest)WebRequest.Create(_url);

req.Headers.Add("SOAPAction", "\"http://schemas.microsoft.com/sharepoint/soap/GetListCollection\"");
req.ContentType = "text/xml; encoding='utf-8'";
req.Credentials = new NetworkCredential(userName, userPassword);
req.Method = "POST";

            using (Stream stm = req.GetRequestStream())
            {
                soapStr = string.Format(soapStr);
                using (StreamWriter stmw = new StreamWriter(stm))
                {
                    stmw.Write(soapStr);
                }
            }
            StreamReader responseReader = new StreamReader(req.GetResponse().GetResponseStream());

谁能告诉我哪里错了或者我还需要做什么?

在fiddler中,我得到了如下响应。

HTTP/1.1 403 Forbidden
Cache-Control: private, max-age=0
Content-Type: text/plain; charset=utf-8
Server: Microsoft-IIS/8.5
X-SharePointHealthScore: 0
X-Forms_Based_Auth_Required: https://my.sharepoint.com/_forms/default.aspx?ReturnUrl=/_layouts/15/error.aspx&Source=%2f_vti_bin%2fLists.asmx
X-Forms_Based_Auth_Return_Url: https://my.sharepoint.com/_layouts/15/error.aspx
X-MSDAVEXT_Error: 917656; %e3%82%a2%e3%82%af%e3%82%bb%e3%82%b9%e3%81%8c%e6%8b%92%e5%90%a6%e3%81%95%e3%82%8c%e3%81%be%e3%81%97%e3%81%9f%e3%80%82%e3%81%93%e3%81%ae%e5%a0%b4%e6%89%80%e3%81%ae%e3%83%95%e3%82%a1%e3%82%a4%e3%83%ab%e3%82%92%e9%96%8b%e3%81%8f%e5%89%8d%e3%81%ab%e3%80%81Web+%e3%82%b5%e3%82%a4%e3%83%88%e3%82%92%e5%8f%82%e7%85%a7%e3%81%97%e3%81%a6%e3%80%81%e8%87%aa%e5%8b%95%e7%9a%84%e3%81%ab%e3%83%ad%e3%82%b0%e3%82%a4%e3%83%b3%e3%81%99%e3%82%8b%e3%82%aa%e3%83%97%e3%82%b7%e3%83%a7%e3%83%b3%e3%82%92%e9%81%b8%e6%8a%9e%e3%81%97%e3%81%a6%e3%81%8f%e3%81%a0%e3%81%95%e3%81%84%e3%80%82
X-AspNet-Version: 4.0.30319
SPRequestGuid: 7dbaf69c-a0f4-1000-ba3c-f5906d15f5d7
request-id: 7dbaf69c-a0f4-1000-ba3c-f5906d15f5d7
X-FRAME-OPTIONS: SAMEORIGIN
SPRequestDuration: 66
SPIisLatency: 0
X-IDCRL_AUTH_PARAMS_V1: IDCRL Type="BPOSIDCRL", EndPoint="/_vti_bin/idcrl.svc/", RootDomain="sharepoint.com", Policy="MBI"
X-Powered-By: ASP.NET
MicrosoftSharePointTeamServices: 16.0.0.3819
X-Content-Type-Options: nosniff
X-MS-InvokeApp: 1; RequireReadOnly
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Date: Fri, 27 Mar 2015 04:26:16 GMT
Content-Length: 13

403 FORBIDDEN

403 Forbidden 是尝试通过 HTTPS 访问服务且未在客户端正确设置证书时收到的典型错误代码。也就是说,问题可能出在多个地方,而且还取决于您尝试访问的服务器上的身份验证设置方式。

我认为 this article will be helpful to boot. Then see this thread,因为讨论指出了几个可能对您有帮助的问题和想法。

此错误发生于 NetworkCredential class could not be utilized in Office 365, Microsoft supports claims-based authentication in Office 365

SharePoint Online Client Components SDK 已发布,其中包含
SharePointOnlineCredentials class 访问 SharePoint Online 资源。

如何在 Office 365 中使用 SharePoint Web 服务

以下示例演示了如何在 Office 365 中对请求进行身份验证:

string endpointUrl = webUri + "/_vti_bin/Lists.asmx";
var envelope = 
                  "<?xml version=\"1.0\" encoding=\"utf-8\"?>" +
                  "<soap:Envelope xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\">" +
                    "<soap:Body>" +
                       "<GetListCollection xmlns=\"http://schemas.microsoft.com/sharepoint/soap/\" />" +
                    "</soap:Body>" +
                  "</soap:Envelope>";


var request = (HttpWebRequest) WebRequest.Create(endpointUrl);
request.ContentType = "text/xml; encoding='utf-8'";
request.Credentials = GetCredentials(userName, password);
request.Headers.Add("X-FORMS_BASED_AUTH_ACCEPTED", "f");
request.Method = "POST";
using (var requestStream = request.GetRequestStream())
{
    using (var streamWriter = new StreamWriter(requestStream))
    {
       streamWriter.Write(envelope);
    }
}


using (var response = request.GetResponse())
{
     using (var responseStream = response.GetResponseStream())
     {
        var streamReader = new StreamReader(responseStream);
        var data = streamReader.ReadToEnd();
     }         
}

哪里

 public static SharePointOnlineCredentials GetCredentials(string userName, string password)
 {
     var securePassword = new SecureString();
     foreach (var ch in password) securePassword.AppendChar(ch);
     return  new SharePointOnlineCredentials(userName, securePassword);
 }