我已经使用Windows Server 2012 R2、ADFS和SharePoint 2013建立了一个测试环境。我可以成功使用ADFS作为声明标识提供者登录到SharePoint 2013。现在,我正在尝试从我的C#应用程序登录到SharePoint。
我能够使用以下方法从ADFS请求SAML断言令牌。
现在,我需要帮助将SAML令牌发布到SharePoint并检索FedAuth cookie,以便我可以通过C#应用程序被动登录到SharePoint 2013并上传文档。
当我调用最后一个方法PostSharePointSTS()时,没有设置Cookies。
大部分代码都是在Leandro Boffi的帮助下完成的。
我能够使用以下方法从ADFS请求SAML断言令牌。
现在,我需要帮助将SAML令牌发布到SharePoint并检索FedAuth cookie,以便我可以通过C#应用程序被动登录到SharePoint 2013并上传文档。
当我调用最后一个方法PostSharePointSTS()时,没有设置Cookies。
大部分代码都是在Leandro Boffi的帮助下完成的。
[TestMethod]
public void GetSamlTestMethod()
{
var client = new WebClient();
client.Headers.Add("Content-Type", "application/soap+xml; charset=utf-8");
string username = "Administrator@2012r2.local";
string password = "Password1";
string adfsServer = "https://logon.2012r2.local/adfs/services/trust/2005/UsernameMixed";
string sharepoint = "https://portal.2012r2.local/_trust/";
var samlRequest = GetSAML()
.Replace("[Username]", username)
.Replace("[Password]", password)
.Replace("[To]", adfsServer)
.Replace("[applyTo]", sharepoint);
var result = client.UploadString(
address: "https://logon.2012r2.local/adfs/services/trust/2005/UsernameMixed",
method: "POST",
data: samlRequest);
PostSharePointSTS( GetSAMLAssertion(result) );
}
private static string GetSAMLAssertion(string response)
{
XDocument samlResponse = XDocument.Parse( response);
// Check response xml for faults/errors
if(samlResponse.Root == null)
throw new ApplicationException("Invalid response received from authentication service.");
XNamespace s = "http://www.w3.org/2003/05/soap-envelope";
XNamespace psf = "http://schemas.microsoft.com/Passport/SoapServices/SOAPFault";
XNamespace wst = "http://schemas.xmlsoap.org/ws/2005/02/trust"; // "http://docs.oasis-open.org/ws-sx/ws-trust/200512";//
XNamespace wsp = "http://schemas.xmlsoap.org/ws/2004/09/policy";
XNamespace wsa = "http://www.w3.org/2005/08/addressing";
XNamespace wsse = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
const string saml = "urn:oasis:names:tc:SAML:1.0:assertion";
// the logon token is in the SAML assertion element of the message body
XDocument xDoc = XDocument.Parse(response, LoadOptions.PreserveWhitespace);
var assertion = from e in xDoc.Descendants()
where e.Name == XName.Get("Assertion", saml)
select e;
string samlAssertion = assertion.FirstOrDefault().ToString();
// for some reason the assertion string needs to be loaded into an XDocument
// and written out for for the XML to be valid. Otherwise we get an invalid
// XML error back from ADFSs
XDocument doc1 = XDocument.Parse(samlAssertion);
samlAssertion = doc1.ToString(SaveOptions.DisableFormatting);
return samlAssertion;
}
private static string GetSAML()
{
const string saml = @"<?xml version='1.0' encoding='utf-8' ?>
<s:Envelope xmlns:s='http://www.w3.org/2003/05/soap-envelope' xmlns:a='http://www.w3.org/2005/08/addressing' xmlns:u='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'>
<s:Header>
<a:Action s:mustUnderstand='1'>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action>
<a:ReplyTo>
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<a:To s:mustUnderstand='1'>[To]</a:To>
<o:Security s:mustUnderstand='1' xmlns:o='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'>
<o:UsernameToken>
<o:Username>[Username]</o:Username>
<o:Password>[Password]</o:Password>
</o:UsernameToken>
</o:Security>
</s:Header>
<s:Body>
<t:RequestSecurityToken xmlns:t='http://schemas.xmlsoap.org/ws/2005/02/trust'>
<wsp:AppliesTo xmlns:wsp='http://schemas.xmlsoap.org/ws/2004/09/policy'>
<a:EndpointReference>
<a:Address>[applyTo]</a:Address>
</a:EndpointReference>
</wsp:AppliesTo>
<t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType>
<t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
<t:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>
</t:RequestSecurityToken>
</s:Body>
</s:Envelope>";
return saml;
}
private static void PostSharePointSTS(string assertion)
{
// Submit the BinarySecurityToken to SPO and retrieve response
var loginUri = new Uri("https://logon.2012r2.local/adfs/ls?wa=wsignin1.0&wtrealm=urn:sharepoint:portal");
var requestCookies = new CookieContainer();
var request = (HttpWebRequest)WebRequest.Create(loginUri);
request.AllowAutoRedirect = false;
request.ContentType = "application/x-www-form-urlencoded";
request.ContentLength = assertion.Length;
request.CookieContainer = requestCookies;
request.Method = "POST";
request.UserAgent = "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)";
using(var requestWriter = new StreamWriter(request.GetRequestStream()))
{
requestWriter.Write(assertion);
requestWriter.Close();
}
var response = (HttpWebResponse)request.GetResponse();
switch(response.StatusCode)
{
case HttpStatusCode.OK:
case HttpStatusCode.Found:
break;
// TODO: Log error?
//default:
//return false;
}
}
当我尝试向SharePoint发送给定的SAML令牌时,我得到了以下反馈信息。但是没有设置任何cookie。
HTTP/1.1 302 Found
Content-Length: 0
Content-Type: text/html; charset=utf-8
Location: https://logon.2012r2.local:443/adfs/ls/wia?wa=wsignin1.0&wtrealm=urn:sharepoint:portal
Server: Microsoft-HTTPAPI/2.0
Date: Sat, 16 Aug 2014 10:55:51 GMT
This response did not set any cookies.
This response did not contain a P3P Header.
Validate P3P Policies at: http://www.w3.org/P3P/validator.html
Learn more at: http://fiddler2.com/r/?p3pinfo