REST - Authentication to online Sharepoint
https://sharepoint.stackexchange.com/questions/222917
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I am using this pice of code to authenticate to on premise installation on Sharepoint (and get list of files in remote folder). This is Java, but I don't believe this has anything to do with language?!
public List<String> getFilesFromFolder(String url, String userName, String password, String folder) {
List<String> fileList = new ArrayList<>();
try {
CredentialsProvider credsProvider = new BasicCredentialsProvider();
credsProvider.setCredentials(AuthScope.ANY, new NTCredentials(userName, password, url, "")); //domain is empty..
HttpClient httpClient = HttpClientBuilder.create().setDefaultCredentialsProvider(credsProvider).build();
String folderName = URLEncoder.encode(folder, "UTF-8");
String uri = url + "/" + "_api/web/GetFolderByServerRelativeUrl(\'" + folderName + "\')/files";
HttpGet httpGet = new HttpGet(uri);
httpGet.addHeader("Accept", "application/json;odata=verbose");
// Make the request.
HttpResponse response = httpClient.execute(httpGet);
// Process the result
int statusCode = response.getStatusLine().getStatusCode();
if (statusCode == 200) {
String response_string = EntityUtils.toString(response.getEntity());
//Just get list of files
JSONObject json = new JSONObject(response_string);
JSONObject jsonD = json.getJSONObject("d");
JSONArray jsonResults = jsonD.getJSONArray("results");
for (int i = 0; i < jsonResults.length(); i++) {
JSONObject file = jsonResults.getJSONObject(i);
fileList.add(file.getString("Name"));
}
}
}catch (Exception e) {
log.error("", e);
}
return fileList;
}
This works as expected.
Now, I have opened xxx.sharepoint.com
When I run this code on my instance of xxx.sharepoint.com I am getting this error as response:
This link has been removed. Sorry, access to this document has been removed. Please contact the person who shared it with you. Technical Details Troubleshoot issues with Microsoft SharePoint Foundation. Correlation ID: e3510d9e-4074-4000-3de3-d790ea7566c6 Date and Time: 8/8/2017 10:43:04 AM Go back to site
I tried to put differnet things for domain in line : credsProvider.setCredentials(AuthScope.ANY, new NTCredentials(userName, password, url, "")); //domain is empty.. I tried: xxx.sharepoint.com, xxx, but I always get same error. Can somebody help me with this? What I am missing here.
Thanks
Solution
SharePoint online needs an Authentication Cookie to sign you in! You cannot just throw a user name and password at it.
.NET applications can use the GetAuthenticationCookie(Uri) method of the SharePointOnlineCredentials class to get the cookie and use it for subsequent REST calls. If you cannot find a suitable library then it's also possible to get it directly through a series of HTTP requests.
Make a HTTP GET request to your SharePoint site with the HTTP header:
X-IDCRL_ACCEPTED: tExpect a 401 (Unauthorized) response and inspect the response header WWW-Authenticate, which will look like:
IDCRL Type="BPOSIDCRL", EndPoint="/_vti_bin/idcrl.svc/", RootDomain="sharepoint.com", Policy="MBI"You need to know the EndPoint URL later for obtaining the cookie.
Make a HTTP POST request to https://login.microsoftonline.com/extSTS.srf with the headers:
Content-Type: text/plain; charset=utf-8** Content-Length: <length of body>and the body:
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <s:Header> <a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action> <a:ReplyTo> <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address> </a:ReplyTo> <a:To s:mustUnderstand="1">https://login.microsoftonline.com/extSTS.srf</a:To> <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <o:UsernameToken> <o:Username>{username}</o:Username> <o:Password>{password}</o:Password> </o:UsernameToken> </o:Security> </s:Header> <s:Body> <t:RequestSecurityToken xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust"> <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> <a:EndpointReference> <a:Address>{endpoint}</a:Address> </a:EndpointReference> </wsp:AppliesTo> <t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType> <t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType> <t:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType> </t:RequestSecurityToken> </s:Body> </s:Envelope>Replace the {username} and {password} tokens with your Office 365 credentials. Replace the {endpoint} token with your SharePoint online domain xxx.sharepoint.com.
Expect a 200 (OK) response with a body like:
<?xml version="1.0" encoding="utf-8" ?> <S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsa="http://www.w3.org/2005/08/addressing"> <S:Header> <wsa:Action xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Action" S:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue</wsa:Action> <wsa:To xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="To" S:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:To> <wsse:Security S:mustUnderstand="1"> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="TS"> <wsu:Created>2017-08-09T11:56:20Z</wsu:Created> <wsu:Expires>2017-08-09T12:01:20Z</wsu:Expires> </wsu:Timestamp> </wsse:Security> </S:Header> <S:Body> <wst:RequestSecurityTokenResponse xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:psf="http://schemas.microsoft.com/Passport/SoapServices/SOAPFault"> <wst:TokenType>urn:passport:compact</wst:TokenType> <wsp:AppliesTo xmlns:wsa="http://www.w3.org/2005/08/addressing"> <wsa:EndpointReference> <wsa:Address>https://xxx.sharepoint.com</wsa:Address> </wsa:EndpointReference> </wsp:AppliesTo> <wst:Lifetime> <wsu:Created>2017-08-09T11:56:20Z</wsu:Created> <wsu:Expires>2017-08-10T11:56:20Z</wsu:Expires> </wst:Lifetime> <wst:RequestedSecurityToken> <wsse:BinarySecurityToken Id="Compact0">t=EwAoA06hBwAUamW55wMmWmxpdUrikyyDcCuRBpIAAdKspZPNA1eTQZZMDxF5+ni2vFP0ipkVW02411bLype33fFB2ZcmtQjhMkQLDWGoOl3Q50HYe8o+tATyjAgrUykhBSSZr38akepofPLY25M7iE5VhPtWRkDjsJdIoVv1HXQHSE9LSzHUoVhwORyUWBq/IBdd9i4Xzc6Ghf9J1rHjmPQNYk5Pt2U6vk5ezeoEJ+rf1ZVzanOL+5FWzg0p1xPSaFZfCaGdKZEBaC1P07+utTp9qffJ7r6Vmw6oMRfJu2wF2XFtDpW9jefhfhGoqN+zbuqo4PG1tiQ2ADrcidGwJAETkbJ71HreW+rJs5PUWHhPn4DOMrWbXaobuDySlZIDZgAACHNsVOynsXRj+AGv4T/+wBU5Y+01e21utKaFmQe5hTg2IFE7ZjYU1ttlL76XAo6dGILlAnb9/pR6919fxuR1muR4/CBdrYfMWfG0vQqX0Q/aJTPQ+rW6/ub4gN96izXmus+O3q4phIQRAq40+qn41HzRuL94I+Fc1QaAP3krYebXI7I8lFD691FICOlVgoBiXA90mAzGSLsVeyk0UHOcDAl7V0ImZXvGOzyxzUOWpMTkUuOgTM6jOwQtay7oGV7Q4t10j0U7CIzfO6pR4lwVD37+Xnqn6O4qxGBsVaZ2xxZg7I+kMZBMlcH6jbOopokTF83oH/i1xcbnnNvG5B99k9+6SWAi1SlyJUFSSEfaKMZF/RJbqo+CQpha36ShF8MOXibcZWk96gP96dmJLKbxpbhNlEdbzWG/Ex2SMzrVhCfkRCwBoLXz88lcZiZ//S2wv4luTUBjpuysrQ8I5Ua2Q05PYB524S4uk4EepLf7BsLY3K85fJ++yaoM654OdrVoccI1YlrZKMfsh+BYUvd+i6WTkF8c+rLanQrZ7TDVl/Aaq60Z/VPSrojjKjRgDVi8y4Co+t8XRwzeiFrtudXa3ss2F5Nc7It98pCIq0BGvK49C35NKntlf5K3a1Zj1hUD964EeOCkDpU8COXpIoSzg7Er/alHSv6/tjokItoSy0+NCYReAg==&p=</wsse:BinarySecurityToken> </wst:RequestedSecurityToken> <wst:RequestedAttachedReference> <wsse:SecurityTokenReference> <wsse:Reference URI="GVtHy/++Q80TdekyoZ54fpEnLtc="></wsse:Reference> </wsse:SecurityTokenReference> </wst:RequestedAttachedReference> <wst:RequestedUnattachedReference> <wsse:SecurityTokenReference> <wsse:Reference URI="GVtHy/++Q80TdekyoZ54fpEnLtc="></wsse:Reference> </wsse:SecurityTokenReference> </wst:RequestedUnattachedReference> </wst:RequestSecurityTokenResponse> </S:Body> </S:Envelope>Parse out the security token from the wsse:BinarySecurityToken element.
Make a HTTP GET request to https://xxx.sharepoint.com/_vti_bin/idcrl.svc with the headers:
X-IDCRL_ACCEPTED: t Authorization: BPOSIDCRL {securitytoken}Replace {securitytoken} with the security token obtained above.
Expect a 200 (OK) response and retrieve the authentication cookie SPOIDCRL from the Set-Cookie header.
You are now ready to make REST calls to SharePoint. Just set the cookie on all requests. Note that the cookie has an expiration time after which you need to get a new one.
OTHER TIPS
It doesn't seem to have anything to do with authentication. The error message suggest that the folder you pass in refers to an URL created by the "Share" function, or just an incorrect path. Double-check the uri variable you create. Should you really URL Encode folder?
