Sharepoint 2013 MVC 5提供程序托管的应用程序.无法使用[SharePointContextFilter]在HttpPost上进行身份验证 [英] Sharepoint 2013 MVC 5 provider-hosted app. Fails to authenticate on HttpPost using [SharePointContextFilter]
问题描述
过去一周来,我一直在努力工作,无法解决针对Sharepoint提供商托管的应用程序进行正确身份验证的问题.
I have been banging my head for the past week unable to resolve some issues with proper authentication for sharepoint provider-hosted app.
我目前正在为公司的Sharepoint在线开发一个sharepoint应用程序.我正在使用Visual Studio2013.我将应用程序作为云服务部署在公司的Windows Azure门户上.当我需要制作HttpPost时,一切都会顺利进行,然后该应用程序无法通过身份验证.控制器的设计如下:
I am currently developing a sharepoint app for a company's Sharepoint online. I am using Visual Studio 2013. I deploy the app as a Cloud-service on the company's Windows Azure portal. Everything goes smooth up to the point when i need to make a HttpPost, then the app fails to authenticate. The design of the Conroller is as it follows:
[SharePointContextFilter]
public ActionResult Index()
{
UserSingleton user_temp = UserSingleton.GetInstance();
User spUser = null;
SharePointContext spContext = SharePointContextProvider.Current.GetSharePointContext(HttpContext);
using (var clientContext = spContext.CreateUserClientContextForSPHost())
{
if (clientContext != null)
{
spUser = clientContext.Web.CurrentUser;
clientContext.Load(spUser, user => user.Title, user => user.Email);
clientContext.ExecuteQuery();
....code....
}
}
....code....
return View();
}
加载索引页面很好,该操作创建了用户上下文,这一切都很好.当我尝试按照以下方式提交HttpPost时,问题就来了:
Loading the index page goes fine, the the action creates user context and it's all good. The problem comes when i try to submit a HttpPost as it follows:
[HttpPost]
[ValidateAntiForgeryToken]
[SharePointContextFilter]
public ActionResult GetService(System.Web.Mvc.FormCollection fc)
{
PlannedHours ph = this.PopulateModel(fc);
if (ph == null)
return View("NoInfoFound");
ViewData["PlannedHours"] = ph;
return View("Index");
}
当我通过发布"按钮致电时,我得到无法确定您的身份.请启动您网站上安装的应用,然后重试." Shared/Error.cshtml视图.问题是,当我删除[SharePointContextFilter]时,它可以工作,但这意味着请求未通过[SharePointContextFilter],因此未正确通过身份验证?还是吗?因为它无法验证用户的合法性.
When I call this via the post button, i get a "Unable to determine your identity. Please try again by launching the app installed on your site." The Shared/Error.cshtml view. The thing is that when i remove the [SharePointContextFilter] then it works, but that means that the request doesn't pass through[SharePointContextFilter] thus it is not properly authenticated? Or is it? Because it fails to validate the user's legitimacy.
当我不删除[SharePointContextFilter]并调用该帖子时,我注意到的一件事是,该URL最终没有{StandardTokens}查询.是否假设是这样-我的意思是像hostname.com/Home/GetService一样,但是当我使用actionlink时,spcontext.js总是将{StandardTokens}查询附加到基本URL上-smth像hostname.com/Home/ActionNAme/?SPHostUrl = https%3A%2F%2FSHAREPOINTPAGEURL ....
One thing that i noticed when i don't remove [SharePointContextFilter] and invoke the post, then the url ends up without the {StandardTokens} query. Is it suppose to be like that - i mean it is smth like hostname.com/Home/GetService, however when i use actionlink the spcontext.js always appends the {StandardTokens} query to the base url - smth like hostname.com/Home/ActionNAme/?SPHostUrl=https%3A%2F%2FSHAREPOINTPAGEURL....
我注意到的是,我在不附加查询的情况下调用hostname.com/Home/ActionNAme/时,它无法通过[SharePointContextFilter].
What i notice is that i call hostname.com/Home/ActionNAme/ without appending the query it fails to pass the [SharePointContextFilter].
对于sharepoint 2013和MVC 5(Razor),我还很陌生,因此,如果您知道为什么我的HttpPost无法通过[SharePointContextFilter],请尝试向我解释或提出任何建议.我尝试使用HttpGet,但是,当我调用具有[SharePointContextFilter]的HttpGet并附加SPHostUrl =令牌时,它可以工作.但是,然后我不能使用[ValidateAntiForgeryToken].因为[SharePointContextFilter]总是检查用户的合法性,所以在这样的应用程序中甚至还需要[ValidateAntiForgeryToken]吗?我现在很困惑.网上有大量材料可供阅读,几乎没有什么东西可以解释何时添加这些标准令牌,何时使用[SharePointContextFilter]等.事实上,我是第一次开发Sharepoint应用程序生活,而我仅在过去3周内一直在研究和编码.所以我的知识还很有限,回答时请记住这一点.在此先感谢您,希望我能对所发生的事情有所了解!
I am fairly new to sharepoint 2013 and MVC 5 ( Razor ) so please if you know why my HttpPost fails to pass the [SharePointContextFilter] try to explain me or give any suggestion. I have tried using HttpGet However, when I Invoke the HttpGet having the [SharePointContextFilter] and appending the SPHostUrl= token it works. But then i cannot use the [ValidateAntiForgeryToken]. Is [ValidateAntiForgeryToken] even needed in such an app since the [SharePointContextFilter] always checks the legitimacy of the user? I am quire confused now. There is tons of material to read on the net and nothing is close to explain when to append these Standard tokens, when to use the [SharePointContextFilter] etc. The matter of fact is that I am developing a sharepoint app for the first time in my life and i've been researching and coding only for the past 3 weeks. So my knowledge is yet pretty limited, have that in mind when answering. Thanks in advance, I hope that i get some clarification about what is happening!
--------------------------------- UPDATE ----------------- -----------------------
-----------------------------UPDATE----------------------------------------
好的,快速更新.我发现了一些很奇怪的东西. SharePointContextFilterAttribute.cs
Ok, a quick update. I have found out something rather weird. The SharePointContextFilterAttribute.cs
public class SharePointContextFilterAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
Uri redirectUrl;
switch (SharePointContextProvider.CheckRedirectionStatus(filterContext.HttpContext, out redirectUrl))
{
case RedirectionStatus.Ok:
return;
case RedirectionStatus.ShouldRedirect:
filterContext.Result = new RedirectResult(redirectUrl.AbsoluteUri);
break;
case RedirectionStatus.CanNotRedirect:
filterContext.Result = new ViewResult { ViewName = "Error" };
break;
}
}
}
始终返回最后一种情况(RedirectionStatus.CanNotRedirect),因为方法SharePointContextProvider.CheckRedirectionStatus(filterContext.HttpContext,redirectUrl)包含我无法解决的问题.
Always returns the last case ( RedirectionStatus.CanNotRedirect ) because the method SharePointContextProvider.CheckRedirectionStatus(filterContext.HttpContext, out redirectUrl) contains something that I cannot wrap my head around.
首先:
Uri spHostUrl = SharePointContext.GetSPHostUrl(httpContext.Request);
if (spHostUrl == null)
{
return RedirectionStatus.CanNotRedirect;
}
好的,我知道-如果httpContext.Request不包含spHostUrl,它将无法重定向.出于某种原因,它必须存在.
Ok i understand that - if the httpContext.Request does no contain the spHostUrl it will fail to redirect. That for some reason has to be there.
但以下内容:
if (StringComparer.OrdinalIgnoreCase.Equals(httpContext.Request.HttpMethod, "POST"))
{
return RedirectionStatus.CanNotRedirect;
}
等待WHAAAT吗?!?没有开机自检?!?这里发生了什么?我真的不知道我是在做完全错误的事情还是什么?我甚至可以玩SharePointContext.cs吗?我真的需要有人弄清楚到底发生了什么...我将不胜感激!
Wait WHAAAT?!? No POST allowed?!!? What is going on here? I really don't know if I am doing something totally wrong or what? Am I even allowed to play around with the SharePointContext.cs ? I really need someone to clarify what exactly is going on... I'd appreciate!
推荐答案
上述解决方案不适用于我.我在发布时遇到了同样的问题,但是对我来说,这是
Above solution didn't work for me. I had the same problem with post, but for me it was the
return RedirectToAction("Index");
导致错误.
我将其更改为:
return RedirectToAction("Index", new {SPHostUrl = SharePointContext.GetSPHostUrl(HttpContext.Request).AbsoluteUri});
它奏效了.
在执行返回视图时,我不确定这是否是解决您问题的方法,但它可能会对某人有所帮助:)
I am not sure this is the solution for your problem as you are doing return view, but it may help someone :)
这篇关于Sharepoint 2013 MVC 5提供程序托管的应用程序.无法使用[SharePointContextFilter]在HttpPost上进行身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!