8
votes

We have used Remote Authentication to SharePoint Online to access a target O365 sharepoint site and retrieve the FedAuth and rtFA cookies. This works fine for a target url having a xxx.sharepoint.com domain. Now if this domain has been customized to example.com, the authentication mechanism fails throwing the error - "The partner DNS used in the login request cannot be found". Is there a way we can authenticate against a sharepoint online site whose domain has been customized to not reflect .sharepoint.com. ?

1

1 Answers

10
votes

As I understand, the custom domain for SharePoint no longer remains claims aware. So, if you really want to get the cookie, the solution won't be very ideal but some hacky stuff. Given the number of limitations from Microsoft, there is no direct solution to this problem but screen scrapping. I succeeded and could get the fedAuth cookie via screen scrapping. I know, its not very easy but it is very much possible. It will require you to make around 6 web request to the SharePoint portal.

  • First one is a web request to the custom domain.

  • Second, Get the value of "X-Forms_Based_Auth_Required" from response headers, and make request to it.

  • Third, fetch the value of SetCookie(rps context cookie) and Location from the response header, and make request to Location.

    • Fourth, get the value of SetCookie, "srf_uPost", "PPFT" and make request to ResponseUri of the response. Set the value of Cookie and ppft in the request header and make request to value of "srf_uPost". Also include "login=" + username + "&passwd=" + password in the request stream.

    • Fifth, get value of "action" element and "T" element from html. And make request to url that you got from value of action element. Include element T as poststring.

    • Sixth, repeat the fifth step, and you'll get fedAuth cookie in response this time.

You should easily be able to get through, however if you want you can find all the code in my blog