All geek questions in one place

Remote authentication in SharePoint Online

I am trying to write a script with a SharePoint package to access files in my SharePoint company. The textbook indicates

First you need to create a SharePointSite object. Suppose you are using basic auth; if you do not, you need to create the corresponding urllib2 Opener yourself.

However, after several attempts, I came to the conclusion that basic auth is not enough. Analyzing how to try to make it work, I came across this article , which gives a good overview of the general authentication scheme. What I'm struggling with is implementing this in Python.

I managed to capture the base auth in the SharePoint module. To do this, I took the XML message in a related article and used it to replace the XML generated by the SharePoint module. After making a few more changes, I now get the token, as described in step 2 of the related article.

Now, in step 3, I need to send this token to SharePoint using POST. The following is an example of how it should look:

 POST http://yourdomain.sharepoint.com/_forms/default.aspx?wa=wsignin1.0 HTTP/1.1 Host: yourdomain.sharepoint.com User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Content-Length: [calculate] t=EwBgAk6hB....abbreviated

I am currently using the following code to generate my POST. With a guide to a few other questions, I omitted the content-length header as it should be automatically calculated. I did not know where to put the token, so I just clicked it in data .

 headers = { 'Host': 'mydomain.sharepoint.com', 'Connection': 'keep-alive', 'User-Agent': 'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)' } data = {'t':'{}'.format(token[2:])} data = urlencode(data) postURL = "https://mydomain.sharepoint.com/_forms/default.aspx?wa=wsignin1.0" req = Request(postURL, data, headers) response = urlopen(req)

However, this causes the following error message:

 urllib2.HTTPError: HTTP Error 302: The HTTP server returned a redirect error that would lead to an infinite loop. The last 30x error message was: Found

How do I create a POST that will correctly return the authentication cookies I need?

+5
source share
1 answer

According to Remote Authentication in SharePoint Online using Claims-Based Authentication and SharePoint Online Authentication :

The authentication federation cookie (FedAuth) is for each top level site in SharePoint Online, such as the root site, MySite, Admin site, and public site. Root Federation Authentication (rtFA) cookie is used throughout SharePoint Online. When a user visits a new top-level website or other company page, the rtFA cookie is used to authenticate them without a hint.

To summarize, in order to receive authentication cookies, the request must be sent to the following endpoint:

 url: https://tenant.sharepoint.com/_forms/default.aspx?wa=wsignin1.0 method: POST data: security token

After validating the request, the response will contain authentication cookies ( FedAuth and rtFa ) in the HTTP header, as described in the article.

SharePoint REST Client for Python

As a proof of concept, the SharePoint REST Client for Python was released, which shows how:

  • perform remote authentication in SharePoint Online
  • Perform basic CRUD operations with respect to SharePoint resources such as the Web, list, or list item using the REST API

Implementation Details :

  • AuthenticationContext.py class contains a SharePoint implementation of the remote authentication flow on the Internet, in particular, the acquireAuthenticationCookie Function demonstrates how to handle authentication cookies.
  • ClientRequest.py class shows how to use the SharePoint Online REST API

<strong> Examples

This example shows how to read the properties of a web client object:

 from client.AuthenticationContext import AuthenticationContext from client.ClientRequest import ClientRequest url = "https://contoso.sharepoint.com/" username = " jdoe@contoso.onmicrosoft.com " password = "password" ctxAuth = AuthenticationContext(url) if ctxAuth.acquireTokenForUser(username, password): request = ClientRequest(url,ctxAuth) requestUrl = "/_api/web/" #Web resource endpoint data = request.executeQuery(requestUrl=requestUrl) webTitle = data['d']['Title'] print "Web title: {0}".format(webTitle) else: print ctxAuth.getLastErrorMessage()

Additional examples can be found in the examples folder in the GitHub repository

+8
source

Source: https://habr.com/ru/post/1242244/

More articles:


All Articles