4
votes

I have a C# app which authenticates to SharePoint Online by using web requests. It works great for me, but someone else is getting the following error:

<?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust" xmlns:psf="http://schemas.microsoft.com/Passport/SoapServices/SOAPFault">
  <S:Body>
    <S:Fault>
      <S:Code>
        <S:Value>S:Sender</S:Value>
        <S:Subcode>
          <S:Value>wst:FailedAuthentication</S:Value>
        </S:Subcode>
      </S:Code>
      <S:Reason>
        <S:Text xml:lang="en-US">Authentication Failure</S:Text>
      </S:Reason>
      <S:Detail>
        <psf:error>
          <psf:value>0x80048821</psf:value>
          <psf:internalerror>
            <psf:code>0x80041034</psf:code>
            <psf:text>The specified member name is either invalid or empty.&#x000D;&#x000A;</psf:text>
          </psf:internalerror>
        </psf:error>
      </S:Detail>
    </S:Fault>
  </S:Body>
</S:Envelope>

What does this error mean? I'm pretty sure they are entering the correct username and password. Is there a list of SharePoint Online error codes I can find somewhere that would help me identify the problem?

Here's my C# code:

var request = (HttpWebRequest)WebRequest.Create(@"https://login.microsoftonline.com/extSTS.srf");
request.AllowAutoRedirect = false;
request.ContentType = @"application/json; odata=verbose";
request.CookieContainer = this.CookieContainer;
request.Method = @"POST";
request.UserAgent = @"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)";

string soapRequest = Strings.SharePointOnlineAuthenticationRequest
    .Replace(@"$(UserName)", this.UserName)
    .Replace(@"$(Password)", this.Password)
    .Replace(@"$(Address)", this.SiteUrl);
byte[] contentBytes = new ASCIIEncoding().GetBytes(soapRequest);
request.ContentLength = contentBytes.Length;
using (var requestStream = request.GetRequestStream())
{
    requestStream.Write(contentBytes, 0, contentBytes.Length);
}

Strings.SharePointOnlineAuthenticationRequest

This is the SOAP request I am sending. The "$(UserName)", "$(Password)", and "$(Address)" tokens are replaced at runtime.

<value>
  <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <s:Header>
  <a:Action s:mustUnderstand="1=">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action>
  <a:ReplyTo>
  <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
  </a:ReplyTo>
  <a:To s:mustUnderstand="1=">https://login.microsoftonline.com/extSTS.srf</a:To>
  <o:Security s:mustUnderstand="1=" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <o:UsernameToken>
  <o:Username>$(UserName)</o:Username>
  <o:Password>$(Password)</o:Password>
  </o:UsernameToken>
  </o:Security>
  </s:Header>
  <s:Body>
  <t:RequestSecurityToken xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
  <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
  <a:EndpointReference>
  <a:Address>$(Address)</a:Address>
  </a:EndpointReference>
  </wsp:AppliesTo>
  <t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType>
  <t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
  <t:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>
  </t:RequestSecurityToken>
  </s:Body>
  </s:Envelope>
</value>
1

1 Answers

0
votes

Has the user's name recently changed, I have seen issues where the ADFS claims are missing after a name change: see techet article AD FS 2.0: Claims Are Missing From The Output Claim Set After A User's Name Has Changed