/// <summary> /// Sends a JSON OData request appending the SharePoint canary to the request header. /// Appending the canary to the request is necessary to perform write operations (e.g. create, update, delete list items) /// The canary is a security measure to prevent cross site scripting attacks /// </summary> /// <param name="uri">The request uri</param> /// <param name="method">The http method</param> /// <param name="requestContent">A stream containing the request content</param> /// <param name="clientHandler">The request client handler</param> /// <param name="authUtility">An instance of the auth helper to perform authenticated calls to SPO</param> /// <returns></returns> public static async Task<byte[]> SendODataJsonRequestWithCanary(Uri uri, HttpMethod method, Stream requestContent, HttpClientHandler clientHandler, SharePointAuthentication authUtility) { // Make a post request to {siteUri}/_api/contextinfo to get the canary var response = await HttpUtility.SendODataJsonRequest( new Uri(String.Format("{0}/_api/contextinfo", SharePointAuthentication.Current.SiteUrl)), HttpMethod.Post, null, clientHandler, SharePointAuthentication.Current); Dictionary<String, IJsonValue> dict = new Dictionary<string, IJsonValue>(); HttpUtility.ParseJson(JsonObject.Parse(Encoding.UTF8.GetString(response, 0, response.Length)), dict); // parse the JSON response containing the canary string canary = dict["FormDigestValue"].GetString(); // the canary is contained in the FormDigestValue of the response body // Make the OData request passing the canary in the request headers return await HttpUtility.SendODataJsonRequest( uri, method, requestContent, clientHandler, SharePointAuthentication.Current, new Dictionary<string, string> { { "X-RequestDigest", canary } }); }
public static async Task <bool> Create(Uri spSiteUrl, string username, string password, bool useIntegratedWindowsAuth) { var utility = new SharePointAuthentication(spSiteUrl, username, password, useIntegratedWindowsAuth); CookieContainer cookieContainer = await utility.GetCookieContainer(); if (cookieContainer != null && cookieContainer.Count > 0) { var cookies = from Cookie cookie in cookieContainer.GetCookies(spSiteUrl) where cookie.Name == "FedAuth" select cookie; if (cookies.Any()) { current = utility; return(true); } //throw new Exception("Could not retrieve Auth cookies"); } return(false); }
/// <summary> /// Sends a JSON OData request appending SPO auth cookies to the request header. /// </summary> /// <param name="uri">The request uri</param> /// <param name="method">The http method</param> /// <param name="requestContent">A stream containing the request content</param> /// <param name="clientHandler">The request client handler</param> /// <param name="authUtility">An instance of the auth helper to perform authenticated calls to SPO</param> /// <param name="headers">The http headers to append to the request</param> public static async Task<byte[]> SendODataJsonRequest(Uri uri, HttpMethod method, Stream requestContent, HttpClientHandler clientHandler, SharePointAuthentication authUtility, Dictionary<string, string> headers = null) { if (clientHandler.CookieContainer == null) clientHandler.CookieContainer = new CookieContainer(); CookieContainer cookieContainer = await authUtility.GetCookieContainer(); // get the auth cookies from SPO after authenticating with Microsoft Online Services STS foreach (Cookie c in cookieContainer.GetCookies(uri)) { clientHandler.CookieContainer.Add(uri, c); // apppend SPO auth cookies to the request } return await SendHttpRequest( uri, method, requestContent, "application/json;odata=verbose;charset=utf-8", // the http content type for the JSON flavor of SP REST services clientHandler, headers); }
public static async Task<bool> Create(Uri spSiteUrl, string username, string password, bool useIntegratedWindowsAuth) { var utility = new SharePointAuthentication(spSiteUrl, username, password, useIntegratedWindowsAuth); CookieContainer cookieContainer = await utility.GetCookieContainer(); if (cookieContainer != null && cookieContainer.Count > 0) { var cookies = from Cookie cookie in cookieContainer.GetCookies(spSiteUrl) where cookie.Name == "FedAuth" select cookie; if (cookies.Any()) { current = utility; return true; } //throw new Exception("Could not retrieve Auth cookies"); } return false; }