none
Get rtFA and FedAuth Cookie using XMLHTTP in vbscript RRS feed

  • Question

  • Hi,

    This is my first post so, let me know if I don't ask my question clearly.

    I'm trying to do authentication on office 365 sharepoint site using vbscript.

    After searching the web, I was trying to implement this step by step guide using XMLHTTP object in vbscript:

    =========================================

    "http://paulryan.com.au/2014/spo-remote-authentication-rest/"

    =============================================

    So far, I've been able to get access token by sending POST request to https://login.microsoftonlinesite/extSTS.srf

    The next step authentication should be sending POST request to https://yoursharepointdomain/_forms/default.aspx?wa=wsignin1.0 then rtFA and FedAuth Cookie would show up.

    Instead of receiving this rtFA and FedAuth value, I just received some cookie with information like this:




    Cache-Control: private, max-age=0
    Content-Type: text/html; charset=utf-8
    Expires: Mon, 23 Jan 2017 11:42:10 GMT
    Last-Modified: Tue, 07 Feb 2017 11:42:10 GMT
    Server: Microsoft-IIS/8.5
    P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
    Set-Cookie: https%3A%2F%2Fxxxxxxx%2Esharepoint%2Ecom%2FDiscovery=WorkspaceSiteName=QWdhdGU=&WorkspaceSiteUrl=aHR0cHM6Ly9hZ2F0ZXN0dWRpby5zaGFyZXBvaW50LmNvbQ==&WorkspaceSiteTime=MjAxNy0wMi0wN1QxMTo0MjoxMQ==; expires=Thu, 09-Mar-2017 11:42:11 GMT; path=/_vti_bin/Discovery.asmx; secure
    X-SharePointHealthScore: 0
    X-AspNet-Version: 4.0.30319
    SPRequestGuid: e6a8d29d-5060-3000-d5b5-bccd9b3511b6
    request-id: e6a8d29d-5060-3000-d5b5-bccd9b3511b6
    Strict-Transport-Security: max-age=31536000
    X-FRAME-OPTIONS: SAMEORIGIN
    SPRequestDuration: 213
    SPIisLatency: 1
    X-Powered-By: ASP.NET
    MicrosoftSharePointTeamServices: 16.0.0.6126
    X-Content-Type-Options: nosniff
    X-MS-InvokeApp: 1; RequireReadOnly
    X-MSEdge-Ref: Ref A: C95FF5E17603428ABE92CE69D295CAD0 Ref B: SG2SCHEDGE0408 Ref C: Tue Feb  7 03:42:11 2017 PST
    Date: Tue, 07 Feb 2017 11:42:10 GMT



    Here's my code:

    'request auth token to microsoft
    Set httpRequest = CreateObject("MSXML2.XMLHTTP")
    httpRequest.Open "POST",loginmicrosoftsite & "/extSTS.srf", false
    httpRequest.SetRequestHeader "Content-Type", "text/xml"
    httpRequest.setRequestHeader "Accept", "application/json; odata = verbose"
    httpRequest.SetRequestHeader "Content-Length" , Len(strData)
    httpRequest.send strData
    token = httpRequest.responsetext
    xmlDoc.LoadXml(token)
    set tnodes = xmlDoc.selectNodes("//wst:RequestedSecurityToken")
    for each objNode in tnodes
    	token = objNode.text
    next
    'request auth cookie to destination url
    Set httplogin = CreateObject("MSXML2.XMLHTTP")
    urlsplit = split (url,".com/")
    httplogin.Open "POST", urlsplit(0) & "/_forms/default.aspx?wa=wsignin1.0", false
    httplogin.setRequestHeader "User-Agent", "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)"
    httplogin.SetRequestHeader "Content-Type", "text/xml"
    httplogin.SetRequestHeader "Content-Length", Len(token)
    httplogin.send token
    response =  httplogin.getallresponseheaders()
    wscript.echo response
    wscript.quit


    strdata variable consists of xml file which is looked like this:

    <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"
          xmlns:a="http://www.w3.org/2005/08/addressing"
          xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
      <s:Header>
        <a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action>
        <a:ReplyTo>
          <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
        </a:ReplyTo>
        <a:To s:mustUnderstand="1">https://login.microsoftonline.com/extSTS.srf</a:To>
        <o:Security s:mustUnderstand="1"
           xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
          <o:UsernameToken>
            <o:Username>username</o:Username>
            <o:Password>password</o:Password>
          </o:UsernameToken>
        </o:Security>
      </s:Header>
      <s:Body>
        <t:RequestSecurityToken xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
          <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
            <a:EndpointReference>
              <a:Address>endpoint</a:Address>
            </a:EndpointReference>
          </wsp:AppliesTo>
          <t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType>
          <t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
          <t:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>
        </t:RequestSecurityToken>
      </s:Body>
    </s:Envelope>

    However, when I'm trying to use Fiddler to send POST request to https://yoursharepointdomain/_forms/default.aspx?wa=wsignin1.0, I'm able to retrieve the rtFA and FedAuth value.

    How can I get the value programatically? Am I missing something?

    Sry I can't insert hyperlink because of my account is waiting to be verified.

    Appreciate your help. Thank you guys.





    • Edited by LeeMarvinn Tuesday, February 21, 2017 8:32 AM
    Tuesday, February 21, 2017 8:22 AM

Answers

All replies