Forum Discussion

Ravleen's avatar
Ravleen
Copper Contributor
Jan 17, 2019
Solved

Is there any way to bypass the authentication page in SharePoint through HTTP request or SOAP API

I am facing a problem in uploading document to SharePoint through my JAVA application. I have tried to do this in two ways.
First: By HTTP POST/PUT When I am sending an HTTP POST or PUT request, it responses me back with 302 error or Redirecting. The URL in the response I am getting from Postman is authorization page of our SharePoint.
Second: Through SOAP API When I try to use CopyIntoItems SOAP API, the response I get asks me to “sign in to the account”

Response from Postman:

<head>
    <title>Redirecting</title>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=2.0, user-scalable=yes">
    <meta http-equiv="Pragma" content="no-cache">
    <meta http-equiv="Expires" content="-1">
    <meta name="PageID" content="BssoInterrupt" />
    <meta name="SiteID" content="" />
    <meta name="ReqLC" content="1033" />
    <meta name="LocLC" content="en-US" />
    <meta name="robots" content="none" />
    <script type="text/javascript">//
        <![CDATA[$Config={"iMaxStackForKnockoutAsyncComponents":10000,"fShowButtons":true,"urlCdn":"https://secure.aadcdn.microsoftonline-p.com/ests/2.1.8502.9/","urlPost":"/37103be3-f23d-4b49-a5f6-c2123a7950a1/oauth2/authorize?client_id=00000003-0000-0ff1-ce00-000000000000\u0026response_mode=form_post\u0026response_type=code+id_token\u0026resource=00000003-0000-0ff1-ce00-000000000000\u0026scope=openid\u0026nonce=B7A6C40AABADD6F2D2F5676775130A02CFB1954280151809-4EB1FD94042CD8A88025CCE071FD0C33FE895812E3993FC03DCB709B4504E662\u0026redirect_uri=https%3a%2f%2fkymerasystems.sharepoint.com%2f_forms%2fdefault.aspx\u0026wsucxt=1\u0026cobrandid=11bd8083-87e0-41b5-bb78-0bc43c8a8e8a\u0026client-request-id=37f3b69e-e0a6-8000-a4f4-be889fa0ed85\u0026sso_reload=True"..

I need help in bypassing this authentication page so that the document can be uploaded successfully to Sharepoint. Also, I did send the credentials with the request.

SharePoint Online
  • Anonymous's avatar
    Anonymous
    Jan 17, 2019

    You cannot bypass authentication, what you can do is make a request as an authenticated user/app. 

     

    First, you can register your application in Azure AD to have a taken that you can use to make requests. https://sharepoint.stackexchange.com/questions/236286/sharepoint-online-rest-api-authentication-in-postman explain how to go for it, but there are a lot of resources out there to learn from, including https://docs.microsoft.com/en-us/sharepoint/dev/sp-add-ins/register-sharepoint-add-ins.

     

    The second way is to sign in as a user, as https://paulryan.com.au/2014/spo-remote-authentication-rest/ suggests. Although it may be a bit long, it teaches how to "hack" your way into Sharepoint, in case you need some quick HTTP requests. Basically, all you need in order to make requests to Sharepoint are two cookies, FedAuth and rtFa. This post shows how to sign in and create these tokens. Bonus is, if you have a package debugging tool like Fiddler, you can make a request from your browser and get these cookies. Then you can make requests to sharepoint as you want. These cookies are temporary so it is not valid to use them for a permanent application.

1 Reply

  • Anonymous's avatar
    Anonymous
    Jan 17, 2019

    You cannot bypass authentication, what you can do is make a request as an authenticated user/app. 

     

    First, you can register your application in Azure AD to have a taken that you can use to make requests. https://sharepoint.stackexchange.com/questions/236286/sharepoint-online-rest-api-authentication-in-postman explain how to go for it, but there are a lot of resources out there to learn from, including https://docs.microsoft.com/en-us/sharepoint/dev/sp-add-ins/register-sharepoint-add-ins.

     

    The second way is to sign in as a user, as https://paulryan.com.au/2014/spo-remote-authentication-rest/ suggests. Although it may be a bit long, it teaches how to "hack" your way into Sharepoint, in case you need some quick HTTP requests. Basically, all you need in order to make requests to Sharepoint are two cookies, FedAuth and rtFa. This post shows how to sign in and create these tokens. Bonus is, if you have a package debugging tool like Fiddler, you can make a request from your browser and get these cookies. Then you can make requests to sharepoint as you want. These cookies are temporary so it is not valid to use them for a permanent application.

Resources