Sharepoint 2013 MVC提供商托管的应用程序。无法在HttpPost上传递[SharePointContextFilter] [英] Sharepoint 2013 MVC provider-hosted app. Fails to pass [SharePointContextFilter] on HttpPost

问题描述

过去一周我一直在敲打我无法解决一些针对sharepoint提供商托管应用程序的正确身份验证的问题。

I have been banging my head for the past week unable to resolve some issues with proper authentication for sharepoint provider-hosted app.

我目前正在为公司的Sharepoint在线开发一个sharepoint应用程序。我正在使用Visual Studio 2013.我将该应用程序部署为公司的Windows Azure门户上的云服务。一切顺利到我需要制作HttpPost时，然后
应用程序无法进行身份验证。 Conroller的设计如下：

I am currently developing a sharepoint app for a company's Sharepoint online. I am using Visual Studio 2013. I deploy the app as a Cloud-service on the company's Windows Azure portal. Everything goes smooth up to the point when i need to make a HttpPost, then the app fails to authenticate. The design of the Conroller is as it follows:

[SharePointContextFilter]
    public ActionResult Index()
    {
        UserSingleton user_temp = UserSingleton.GetInstance();

        User spUser = null;

        SharePointContext spContext = SharePointContextProvider.Current.GetSharePointContext(HttpContext);

        using (var clientContext = spContext.CreateUserClientContextForSPHost())
        {
            if (clientContext != null)
            {
                spUser = clientContext.Web.CurrentUser;

                clientContext.Load(spUser, user => user.Title, user => user.Email);

                clientContext.ExecuteQuery();

                ....code....

            }
        }

           ....code....

        return View();
    }

加载索引页面很好，操作创建用户上下文，这一切都很好。问题来自于我尝试提交
HttpPost，如下所示：

    [HttpPost]
    [ValidateAntiForgeryToken]
    [SharePointContextFilter]
    public ActionResult GetService(System.Web.Mvc.FormCollection fc)
    {
        PlannedHours ph = this.PopulateModel(fc);

        if (ph == null)
            return View("NoInfoFound");

        ViewData["PlannedHours"] = ph;

        return View("Index");
    }

当我通过帖子按钮调用时，我得到一个"无法确定你的身份。请通过启动您网站上安装的应用再试一次。" Shared / Error.cshtml视图。问题是当我删除  [SharePointContextFilter]  然后
它有效，但这意味着请求不会通过 [SharePointContextFilter]  因此未经过适当的身份验证？或者是吗？因为
它无法验证用户的合法性。

When I call this via the post button, i get a "Unable to determine your identity. Please try again by launching the app installed on your site." The Shared/Error.cshtml view. The thing is that when i remove the [SharePointContextFilter] then it works, but that means that the request doesn't pass through[SharePointContextFilter] thus it is not properly authenticated? Or is it? Because it fails to validate the user's legitimacy.

当我不删除时我注意到的一件事 [SharePointContextFilter]  并调用帖子，然后网址最终没有  {StandardTokens}   query。
假设它是这样的 - 我的意思是它像hostname.com/Home/GetService一样，但是当我使用actionlink时，
spcontext.js 总是附加  {StandardTokens}  查询基本网址 - smth like hostname.com/Home / ActionNAme /？SPHostUrl = https％3A％2F％2FSHAREPOINTPAGEURL ....

One thing that i noticed when i don't remove [SharePointContextFilter] and invoke the post, then the url ends up without the {StandardTokens} query. Is it suppose to be like that - i mean it is smth like hostname.com/Home/GetService, however when i use actionlink the spcontext.js always appends the {StandardTokens} query to the base url - smth like hostname.com/Home/ActionNAme/?SPHostUrl=https%3A%2F%2FSHAREPOINTPAGEURL....

我注意到的是我没有呼叫hostname.com/Home/ActionNAme/附加查询无法通过  [SharePointContextFilter] 。

我是sharepoint 2013和MVC 5（Razor）的新手，所以如果你知道为什么我的HttpPost无法通过  [SharePointContextFilter]  尝试
来解释我或提出任何建议。我尝试过使用 HttpGet  然而，当我调用具有  [SharePointContextFilter]  和
追加  SPHostUrl =  令牌有效。但是我无法使用  [ValidateAntiForgeryToken]。
是  ; [ValidateAntiForgeryToken] 甚至在这样的应用程序中也需要，因为  [SharePointContextFilter]
总是检查用户的合法性？我现在很困惑。网上有大量的资料可供阅读，没有什么可以解释何时附加这些材料标准代币，何时使用  [SharePointContextFilter]
等。事实上，我正在开发一个我生命中第一次的sharepoint应用程序，而且我一直在研究和编码过去3所以我的知识还很有限，在回答时请记住这一点。在此先感谢，
我希望我能对所发生的事情做一些澄清！

I am fairly new to sharepoint 2013 and MVC 5 ( Razor ) so please if you know why my HttpPost fails to pass the [SharePointContextFilter] try to explain me or give any suggestion. I have tried using HttpGet However, when I Invoke the HttpGet having the [SharePointContextFilter] and appending the SPHostUrl=  token it works. But then i cannot use the [ValidateAntiForgeryToken]. Is [ValidateAntiForgeryToken] even needed in such an app since the [SharePointContextFilter] always checks the legitimacy of the user? I am quire confused now. There is tons of material to read on the net and nothing is close to explain when to append these Standard tokens, when to use the [SharePointContextFilter] etc. The matter of fact is that I am developing a sharepoint app for the first time in my life and i've been researching and coding only for the past 3 weeks. So my knowledge is yet pretty limited, have that in mind when answering. Thanks in advance, I hope that i get some clarification about what is happening!

推荐答案

好的，快速更新。我发现了一些相当奇怪的东西。  SharePointContextFilterAttribute.cs 

 public class SharePointContextFilterAttribute : ActionFilterAttribute
    {
        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            if (filterContext == null)
            {
                throw new ArgumentNullException("filterContext");
            }

            Uri redirectUrl;
            switch (SharePointContextProvider.CheckRedirectionStatus(filterContext.HttpContext, out redirectUrl))
            {
                case RedirectionStatus.Ok:
                    return;
                case RedirectionStatus.ShouldRedirect:
                    filterContext.Result = new RedirectResult(redirectUrl.AbsoluteUri);
                    break;
                case RedirectionStatus.CanNotRedirect:
                    filterContext.Result = new ViewResult { ViewName = "Error" };
                    break;
            }
        }
    }

始终返回最后一个案例（  RedirectionStatus.CanNotRedirect）因为方法  SharePointContextProvider.CheckRedirectionStatus（filterContext.HttpContext，out redirectUrl）
包含一些我无法解决的问题。 

Always returns the last case ( RedirectionStatus.CanNotRedirect ) because the method SharePointContextProvider.CheckRedirectionStatus(filterContext.HttpContext, out redirectUrl) contains something that I cannot wrap my head around. 

首先：

Uri spHostUrl = SharePointContext.GetSPHostUrl(httpContext.Request);

            if (spHostUrl == null)
            {
                return RedirectionStatus.CanNotRedirect;
            }

好的，我理解 - 如果httpContext.Request不包含spHostUrl，它将无法重定向。由于某种原因必须存在。

Ok i understand that - if the httpContext.Request does no contain the spHostUrl it will fail to redirect. That for some reason has to be there.

但是以下内容：

if (StringComparer.OrdinalIgnoreCase.Equals(httpContext.Request.HttpMethod, "POST"))
            {
                return RedirectionStatus.CanNotRedirect;
            }

等待WHAAAT？！？不允许POST？!!？这里发生了什么？我真的不知道我做错了什么或什么？我甚至可以使用
SharePointContext.cs 来玩游戏？我真的需要有人澄清到底发生了什么......我很感激！

Wait WHAAAT?!? No POST allowed?!!? What is going on here? I really don't know if I am doing something totally wrong or what? Am I even allowed to play around with the SharePointContext.cs ? I really need someone to clarify what exactly is going on... I'd appreciate!

这篇关于Sharepoint 2013 MVC提供商托管的应用程序。无法在HttpPost上传递[SharePointContextFilter]的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！