Menu
We have used Remote Authentication to SharePoint Online to access a target O365 sharepoint site and retrieve the FedAuth and rtFA cookies. This works fine for a target url having a xxx.sharepoint.com domain. Now if this domain has been customized to example.com, the authentication mechanism fails throwing the error - "The partner DNS used in the login request cannot be found". Is there a way we can authenticate against a sharepoint online site whose domain has been customized to not reflect .sharepoint.com. ?
520
The root Federation Authentication (rtFA) cookie is used across all of SharePoint. When a user visits a new top-level site or another company's page, the rtFA cookie is used to authenticate them silently without a prompt. When a user signs out of SharePoint, the rtFA cookie is deleted.
SharePoint supports the following types of authentication: Windows: All Internet Information Services (IIS) and Windows authentication integration options, including Basic, Digest, Certificates, Windows NT LAN Manager (NTLM), and Kerberos are supported.
SharePoint Server has a built-in LDAP provider.
As I understand, the custom domain for SharePoint no longer remains claims aware. So, if you really want to get the cookie, the solution won't be very ideal but some hacky stuff. Given the number of limitations from Microsoft, there is no direct solution to this problem but screen scrapping. I succeeded and could get the fedAuth cookie via screen scrapping. I know, its not very easy but it is very much possible. It will require you to make around 6 web request to the SharePoint portal.
First one is a web request to the custom domain.
Second, Get the value of "X-Forms_Based_Auth_Required" from response headers, and make request to it.
Third, fetch the value of SetCookie(rps context cookie) and Location from the response header, and make request to Location.
Fourth, get the value of SetCookie, "srf_uPost", "PPFT" and make request to ResponseUri of the response. Set the value of Cookie and ppft in the request header and make request to value of "srf_uPost". Also include "login=" + username + "&passwd=" + password in the request stream.
Fifth, get value of "action" element and "T" element from html. And make request to url that you got from value of action element. Include element T as poststring.
Sixth, repeat the fifth step, and you'll get fedAuth cookie in response this time.
You should easily be able to get through, however if you want you can find all the code in my blog
139
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
