身份驗證在調試時成功但在Azure App Service上失敗

Question

我只是使用CSOM使用以下方法從SharePoint獲取一些用戶。 這一直對我有用，我沒有任何問題。

突然間，當我今天嘗試調用此方法時，它會因此錯誤而失敗

The sign-in name or password does not match one in the Microsoft account system.
at Microsoft.SharePoint.Client.Idcrl.IdcrlAuth.GetServiceToken(String securityXml, String serviceTarget, String servicePolicy)
    at Microsoft.SharePoint.Client.Idcrl.IdcrlAuth.GetServiceToken(String username, String password, String serviceTarget, String servicePolicy)
    at Microsoft.SharePoint.Client.Idcrl.SharePointOnlineAuthenticationProvider.GetAuthenticationCookie(Uri url, String username, SecureString password, Boolean alwaysThrowOnFailure, EventHandler`1 executingWebRequest)
    at Microsoft.SharePoint.Client.SharePointOnlineCredentials.GetAuthenticationCookie(Uri url, Boolean refresh, Boolean alwaysThrowOnFailure)
    at Microsoft.SharePoint.Client.ClientRuntimeContext.SetupRequestCredential(ClientRuntimeContext context, HttpWebRequest request)
    at Microsoft.SharePoint.Client.SPWebRequestExecutor.GetRequestStream()
    at Microsoft.SharePoint.Client.ClientContext.GetFormDigestInfoPrivate()
    at Microsoft.SharePoint.Client.ClientContext.EnsureFormDigest()
    at Microsoft.SharePoint.Client.ClientContext.ExecuteQuery()
    at SharePointLibrary.SPClient.GetAllUsers() in C:\Users\bassie\source\repos\TFS\ADVWKSP\SharePointLibrary\SPClientUsers.cs:line 39

但它只有在發布到Azure后才會失敗。

我已將使用的用戶名和密碼記錄到Azure應用程序流中，它們肯定是正確的，並且在我的計算機上進行調試時使用的是相同的。

這怎么可能？ 我瘋了嗎？

構造函數

public SPClient(string url)
{
    baseUrl = url;
    var userName = ConfigurationManager.ConnectionStrings["SPsvcUsername"].ConnectionString;
    var password = ConfigurationManager.ConnectionStrings["SPsvcPassword"].ConnectionString;
    Trace.TraceInformation(userName);
    Trace.TraceInformation(password);

    var securePassword = new SecureString();
    foreach (var c in password)
    {
        securePassword.AppendChar(c);
    }
    credentials = new SharePointOnlineCredentials(userName, securePassword);
}

獲取用戶方法

public IEnumerable<SharePointUser> GetAllUsers()
{
    var spUsers = new List<SharePointUser>();

    using (var clientContext = new ClientContext(baseUrl))
    {
        clientContext.Credentials = credentials;

        var web = clientContext.Web;
        var list = clientContext.Web.SiteUserInfoList;
        var users = list.GetItems(new CamlQuery());
        clientContext.Load(users, includes => includes.Include(
            f => f["GUID"],
            f => f["FirstName"],
            f => f["LastName"],
            f => f["UserName"],
            f => f["Picture"],
            f => f.DisplayName));

        clientContext.ExecuteQuery();

        foreach (var user in users)
        {
            var imagePath = (FieldUrlValue)user.FieldValues["Picture"];
            spUsers.Add(new SharePointUser()
            {
                FirstName = (user.FieldValues["FirstName"] is string firstName) ? firstName : string.Empty,
                LastName = (user.FieldValues["LastName"] is string lastName) ? lastName : string.Empty,
                UserName = (user.FieldValues["UserName"] is string userName) ? userName.ToLower() : string.Empty,
                ImagePath = (user.FieldValues["Picture"] is FieldUrl pictureUrl) ? pictureUrl.ToString() : string.Empty,
                DisplayName = user.DisplayName
            });
        }
    }

    return spUsers;
}

Answer 1

由於憑據是正確的，因此可能啟用了多重身份驗證，並且策略可能會為此帳戶觸發它。 如果是這種情況，您可以為該特定帳戶停用MFA。

此外，作為PnP核心庫一部分的AuthenticationManager類可能是有益的，因為它有助於各種身份驗證方案。