远程服务器返回错误:(401) 未经授权.在 ASP.NET 中使用 CSOM [英] The remote server returned an error: (401) Unauthorized. Using CSOM in ASP.NET
问题描述
我试图提取一些我创建的 SharePoint 2013 列表数据,这些数据在我的机器上本地运行时以及在服务器本地运行时都可以正常工作.在本地和本地服务器上运行时,我使用相同的凭据.问题是当我在服务器上发布并导航到我的 ASP.NET 应用程序时,我收到远程服务器返回错误:(401) 未经授权".错误...
I'm tried to pull some SharePoint 2013 list data I created which works fine when running locally on my machine and when run locally one the server. I'm user the same credentials when running both locally and locally on the server. The issue is when I publish and navigate to my ASP.NET app on the server I get the "The remote server returned an error: (401) Unauthorized." Error...
我看了一堆关于 stackoverflow 的帖子和网络上的其他一些文章
I've looked at a bunch of the posts on stackoverflow and some other articles on the web
这指出上下文似乎使用了IUSR:http://blogs.msdn.com/b/sridhara/archive/2014/02/06/sharepoint-2013-csom-call-from-web-part-fails-with-401-for-all-users.aspx
This points out that the context seems to be using IUSR: http://blogs.msdn.com/b/sridhara/archive/2014/02/06/sharepoint-2013-csom-call-from-web-part-fails-with-401-for-all-users.aspx
这里提到尝试设置默认网络凭据:https://sharepoint.stackexchange.com/questions/10364/http-401-unauthorized-using-the-managed-client-object-model
This one mentions to try setting the default network credentials: https://sharepoint.stackexchange.com/questions/10364/http-401-unauthorized-using-the-managed-client-object-model
我已尝试使用文章中提到的修复程序,并尝试强制上下文使用 DefaultNetworkCredentials,但没有成功.我希望应用程序使用登录用户的凭据而不是机器...
I've tried using the fixes mentioned in the article as well as trying to force the context to use DefaultNetworkCredentials but no luck. I would like for the app to use the credentials of the logged in user and not the machine...
这是我正在使用的代码:
Here is the code I'm using:
SP.ClientContext context = new SP.ClientContext("MySPDevInstance");
context.Credentials = CredentialCache.DefaultNetworkCredentials;
Entity entity = context.Web.GetEntity(collectionNamespace, collectionName);
LobSystem lobSystem = entity.GetLobSystem();
LobSystemInstanceCollection lobSystemInstanceCollection = lobSystem.GetLobSystemInstances();
context.Load(lobSystemInstanceCollection);
context.ExecuteQuery();
LobSystemInstance lobSystemInstance = lobSystemInstanceCollection[0];
FilterCollection filterCollection = entity.GetFilters(filter);
filterCollection.SetFilterValue("LimitFilter", 0, 1000);
EntityInstanceCollection items = entity.FindFiltered(filterCollection, filter, lobSystemInstance);
服务器运行的是 IIS 6.0
The server is running IIS 6.0
任何建议将不胜感激!
谢谢
推荐答案
我认为您的 ASP.NET 网站正在使用 Windows 集成 (NTLM) 身份验证.以这种方式进行身份验证的用户无法从服务器端(Web 服务器)向第二个位置进行身份验证.您正在经历 NTLM 所谓的双跳"(1) 限制.您必须在服务器端使用专用帐户,或者如果您确实想使用已登录用户的身份,则必须使用允许委托的身份验证方案,例如 Kerberos.
I presume your ASP.NET web site is using Windows Integrated (NTLM) authentication. A user authenticated this way cannot authenticate to a second location from the server side (the web server.) You are experiencing what is known as the "double-hop" (1) limitation of NTLM. You must use a dedicated account on the server side, or if you really do want to use the logged-in user's identity, you must use an authentication scheme that permits delegation, such as Kerberos.
如果您确实需要用户的身份来访问 SharePoint 数据并且您无法更改身份验证方案,那么最好的方法是使用 JavaScript CSOM.这意味着用户直接对 SharePoint 服务器进行身份验证(单跳,而不是双跳),并且您的 ASP.NET 站点向用户提供包含此脚本的页面.
If you really need the user's identity to access SharePoint data and you cannot change the authentication scheme, then the best way to do this is to use the JavaScript CSOM. This means the user is authenticating directly to the SharePoint server (a single hop, not double) and your ASP.NET site serves the page containing this script to the user.
(1) http://blogs.msdn.com/b/knowledgecast/archive/2007/01/31/the-double-hop-problem.aspx
这篇关于远程服务器返回错误:(401) 未经授权.在 ASP.NET 中使用 CSOM的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
