调试时身份验证成功但在 Azure 应用服务上失败

Authentication Succeeds when Debugging but Fails on Azure App Service

我只是通过以下方法使用 CSOM 从 SharePoint 获取一些用户。这对我一直有效,我没有遇到任何问题。

突然间,当我今天尝试调用此方法时,它失败并出现此错误

The sign-in name or password does not match one in the Microsoft account system.
at Microsoft.SharePoint.Client.Idcrl.IdcrlAuth.GetServiceToken(String securityXml, String serviceTarget, String servicePolicy)
    at Microsoft.SharePoint.Client.Idcrl.IdcrlAuth.GetServiceToken(String username, String password, String serviceTarget, String servicePolicy)
    at Microsoft.SharePoint.Client.Idcrl.SharePointOnlineAuthenticationProvider.GetAuthenticationCookie(Uri url, String username, SecureString password, Boolean alwaysThrowOnFailure, EventHandler`1 executingWebRequest)
    at Microsoft.SharePoint.Client.SharePointOnlineCredentials.GetAuthenticationCookie(Uri url, Boolean refresh, Boolean alwaysThrowOnFailure)
    at Microsoft.SharePoint.Client.ClientRuntimeContext.SetupRequestCredential(ClientRuntimeContext context, HttpWebRequest request)
    at Microsoft.SharePoint.Client.SPWebRequestExecutor.GetRequestStream()
    at Microsoft.SharePoint.Client.ClientContext.GetFormDigestInfoPrivate()
    at Microsoft.SharePoint.Client.ClientContext.EnsureFormDigest()
    at Microsoft.SharePoint.Client.ClientContext.ExecuteQuery()
    at SharePointLibrary.SPClient.GetAllUsers() in C:\Users\bassie\source\repos\TFS\ADVWKSP\SharePointLibrary\SPClientUsers.cs:line 39

但只有发布到 Azure 后才会失败。

我已经记录了用于 Azure 应用程序流的用户名和密码,它们绝对正确,并且在我的机器上调试时使用的是相同的。

这怎么可能?我要疯了吗?

构造函数

public SPClient(string url)
{
    baseUrl = url;
    var userName = ConfigurationManager.ConnectionStrings["SPsvcUsername"].ConnectionString;
    var password = ConfigurationManager.ConnectionStrings["SPsvcPassword"].ConnectionString;
    Trace.TraceInformation(userName);
    Trace.TraceInformation(password);

    var securePassword = new SecureString();
    foreach (var c in password)
    {
        securePassword.AppendChar(c);
    }
    credentials = new SharePointOnlineCredentials(userName, securePassword);
}

获取用户方法

public IEnumerable<SharePointUser> GetAllUsers()
{
    var spUsers = new List<SharePointUser>();

    using (var clientContext = new ClientContext(baseUrl))
    {
        clientContext.Credentials = credentials;

        var web = clientContext.Web;
        var list = clientContext.Web.SiteUserInfoList;
        var users = list.GetItems(new CamlQuery());
        clientContext.Load(users, includes => includes.Include(
            f => f["GUID"],
            f => f["FirstName"],
            f => f["LastName"],
            f => f["UserName"],
            f => f["Picture"],
            f => f.DisplayName));

        clientContext.ExecuteQuery();

        foreach (var user in users)
        {
            var imagePath = (FieldUrlValue)user.FieldValues["Picture"];
            spUsers.Add(new SharePointUser()
            {
                FirstName = (user.FieldValues["FirstName"] is string firstName) ? firstName : string.Empty,
                LastName = (user.FieldValues["LastName"] is string lastName) ? lastName : string.Empty,
                UserName = (user.FieldValues["UserName"] is string userName) ? userName.ToLower() : string.Empty,
                ImagePath = (user.FieldValues["Picture"] is FieldUrl pictureUrl) ? pictureUrl.ToString() : string.Empty,
                DisplayName = user.DisplayName
            });
        }
    }

    return spUsers;
}

由于凭据正确,可能是启用了多重身份验证,并且可能为此帐户触发了策略。如果是这种情况,您可以为该特定帐户禁用 MFA。

此外,作为 PnP Core library 一部分的 AuthenticationManager class 可能会有所帮助,因为它有助于各种身份验证方案。