用于不合理用户的内部高信任应用程序和401（appredirect.aspx） [英] On-premise High-trust App and 401 (appredirect.aspx) for anomyous user

问题描述

您好，

我开发了一个托管App的提供商。该应用程序可供经过身份验证的用户使用。在我的开发平台上，App正在按预期在两种情况下工作。然后我配置了一个新的测试服务器（我为高可信应用程序做了所有步骤）并安装了
新应用程序（注册应用程序，在Visual Studio中创建了一个新包，对TokenHelper类进行了更改等等） 。现在，该应用程序仅适用于经过身份验证的用户。对于匿名用户，appredirect页面要求提供凭据。 SharePoint
日志仅包含有关该问题的一些信息：

I've developed a provider hosted App. The App can be used by authenticated and anonymous users. On my development platform the App is working in both cases as expected. Then I configured a new test Server (I did all the steps for high trusted Apps) and installed the new App (Register app, created a new package in Visual Studio, did the changes for the TokenHelper class and so on). Now, the App ist working for authenticated users only. For anonymous users the appredirect page is asking for credentials. The SharePoint log contains only a few Information about the problem:

client_id：i：0i.t | ms.sp.ext | .....和instance_id：< a href ="https：//xxx/Pages/AppPartPage.aspx?SPHostUrl = http％3A％2F％2FXXXXXXX％2FDE％2FSP2013Standard&SPHostTitle = SP2013％20Standard％20Layout&SPAppWebUrl =">
https：// xxx / Pages / ？AppPartPage.aspx SPHostUrl = HTTP％3A％2F％2FXXXXXXX％2FDE％2FSP2013Standard&安培; SPHostTitle = SP2013％20Standard％20Layout&安培; SPAppWebUrl = QUOT;"&安培; SPLanguage = DE％2DCH&安培; SPClientTag = 1&安培; SPProductNumber = 15％2E0％ 2E4420％2E1017& wpId = g％5F5b8feaca％5F038f％5F473d％5F8001％5F0a91849f9a05& editmode = 0& SenderId = 1DD84F040
来自查询字符串

redirectLaunUrl从查询中获取后字符串，网络或应用实例：
https：//remote-domain-app/Pages/AppPartPage.aspx？SPHostUrl = http％3A％2F％2FXXXXXXX％2FDE％2 FSP2013Standard&安培; SPHostTitle = SP2013％20Standard％20Layout&安培; SPAppWebUrl = QUOT;"&安培; SPLanguage = DE％2DCH&安培; SPClientTag = 1&安培; SPProductNumber = 15％2E0％2E4420％2E1017&安培; wpId =克％5F5b8feaca％5F038f％5F473d％5F8001％获得令牌替换后，5F0a91849f9a05& editmode = 0& SenderId = 1DD84F040
$
redirectLaunUrl：
https：//remote-domain-app/Pages/AppPartPage.aspx?SPHostUrl = http％3A％2F％2FXXXXXXX％ 2FDE％2FSP2013Standard&安培; SPHostTitle = SP2013％20Standard％20Layout&安培; SPAppWebUrl = QUOT;"&安培; SPLanguage = DE％2DCH&安培; SPClientTag = 1&安培; SPProductNumber = 15％2E0％2E4420％2E1017&安培; wpId =克％5F5b8feaca％5F038f％5F473d％ 5F8001％5F0a91849f9a05& editmode = 0& SenderId = 1DD84F040
$
m_oauthAppId在NormalizeAppIdentifier（）之后i：0i.t | ms.sp.ext | 548 ...... 现在获取应用程序主体信息。

决定我们需要对应用程序进行POST。

没有更多

client_id: i:0i.t|ms.sp.ext|..... and instance_id: https://xxx/Pages/AppPartPage.aspx?SPHostUrl=http%3A%2F%2FXXXXXXX%2FDE%2FSP2013Standard&SPHostTitle=SP2013%20Standard%20Layout&SPAppWebUrl=""&SPLanguage=de%2DCH&SPClientTag=1&SPProductNumber=15%2E0%2E4420%2E1017&wpId=g%5F5b8feaca%5F038f%5F473d%5F8001%5F0a91849f9a05&editmode=0&SenderId=1DD84F040 from query string
redirectLaunUrl after getting it from query string, web or app instance: https://remote-domain-app/Pages/AppPartPage.aspx?SPHostUrl=http%3A%2F%2FXXXXXXX%2FDE%2FSP2013Standard&SPHostTitle=SP2013%20Standard%20Layout&SPAppWebUrl=""&SPLanguage=de%2DCH&SPClientTag=1&SPProductNumber=15%2E0%2E4420%2E1017&wpId=g%5F5b8feaca%5F038f%5F473d%5F8001%5F0a91849f9a05&editmode=0&SenderId=1DD84F040
redirectLaunUrl after getting token replacement: https://remote-domain-app/Pages/AppPartPage.aspx?SPHostUrl=http%3A%2F%2FXXXXXXX%2FDE%2FSP2013Standard&SPHostTitle=SP2013%20Standard%20Layout&SPAppWebUrl=""&SPLanguage=de%2DCH&SPClientTag=1&SPProductNumber=15%2E0%2E4420%2E1017&wpId=g%5F5b8feaca%5F038f%5F473d%5F8001%5F0a91849f9a05&editmode=0&SenderId=1DD84F040
m_oauthAppId after NormalizeAppIdentifier() i:0i.t|ms.sp.ext|548......  Now getting app principal info.
decided that we need to do a POST to the app.
NOTHING MORE

远程IIS Web允许匿名访问，我可以以匿名用户身份打开远程网站。试图再次设置App Principal权限，但没有运气。 当远程网络停止时，401错误仍然存​​在 - 没有其他错误。

The remote IIS web allows anonymous access and I can open the remote web site as anonymous user. Tried to set the the App Principal permission again, but without luck.  When the remote web is stopped the 401 error still exist - no other error.

我不知道我接下来可以检查什么。

I've no idea what I can check next.

-

推荐答案

1.请查看以下博客：

1.Please check the blog below:

如何 - 为SharePoint 2013设置高信任度应用程序&故障排除提示

How to - Set up High Trust Apps for SharePoint 2013 & Troubleshooting Tips

http://blogs.msdn.com/b/shariq/archive/2013/05/07/how-to-set-up-high -trust-apps-for-sharepoint-2013-amp-troubleshooting-tips.aspx

2。确保web.config文件中的证书的路径和密码正确，并且已成功应用于IIS中站点的SSL绑定。

2. Ensure that the path and password are correct for the certificate in the web.config file and that it has been applied successfully to the SSL binding for the site in IIS.

3。在运行PowerShell命令之前，请在远程Web上启用匿名身份验证。然后必须将其删除才能建立有效的Windows身份。

3. Leave anonymous authentication enabled on the remote web until after the PowerShell commands have been run. Then it must be removed in order for a valid windows identity to be established.

4. SPTrustedSecurityTokenService" Name"和SPAppPrincipal"DisplayName"值必须是唯一的。如果在配置期间出错，请使用每个实体的新值重新运行命令。

4. The SPTrustedSecurityTokenService "Name" and SPAppPrincipal "DisplayName" values must be unique. If a mistake is made during configuration, re-run the commands using new values for each of these entities.

谢谢，

Dennis Guo

TechNet社区支持

请记住标记如果他们提供帮助，则回复作为答案，如果他们没有提供帮助则取消标记。如果您对TechNet订户支持有反馈，请联系
tnmff@microsoft.com 。

这篇关于用于不合理用户的内部高信任应用程序和401（appredirect.aspx）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！