Monday, September 15, 2014

Cookie365 Update

Hi,
thanks to the test credentials provided by Roel, I was able to reproduce the error "Retrieving Cookies....[ERROR]:Buffer cannot be null" many of you encountered.

As far as I was able to understand, this happens when there is not an ADSF federation in place with Office365.
So I did a change on the code and it seems to be working fine. Please let me know.

I also added the possibility do mount directly a sharepoint disk from the utility.

Regarding the minor bug pointed out by Yu Zhang about cookie expiration, I think this is the correct behavior. The utility is setting in IE the same expiry date/time as it's received from the server. Anyway, just to do some tests, I added a command line option to augment the expiry date. This way the cookies will be stored on disk. However I'm not so sure it will work, since on the server side the validity of the cookie will expire before.

Here is the Cookie365 v0.2 ChangeLog:

  1. Corrected a bug related to non ADSF federated sharepoint sites which caused the ""Retrieving Cookies....[ERROR]:Buffer cannot be null" error
  2. Introduced a feature to mount (-mount [disk]) a sharepoint site as a disk directly from cookie365
  3. Introduced a feature to lengthen the expiration of the cookies stored in the browser (-expire [minutes]). Beware, the correct expiration is set by the server and Cookie365 sets the same expiration in the browser... so changing it on the client side could lead to unexpected behaviors.
  4. Minor revisions to the command line parsing logic


Please let me know how it works.

Here you can download the latest version Cookie365 v.02.
Here you can find the latest Beta version Cookie365 v0.4

Special thanks to Roel for providing me with a test account to reproduce the issues.

Cheers,
Fabio

53 comments:

  1. The download link gives me version 0.1.

    ReplyDelete
    Replies
    1. Ops... :-)
      You are right... should be ok now.

      Delete
    2. I am still getting the buffer error. I have checked the details on the file and it says 0.1.0.0. I assume I have the wrong file.

      Delete
    3. Never mind I see the version is correct when I run the file. I do still get the buffer error. This is a non-domain joined workstation and we are not using ADFS. I am able to map using IE so not sure what I am doing wrong.

      Delete
    4. Hi Aaron,
      if you want I can try to diagnose the issue...
      You can contact me via Linkedin so we can share private information.
      Ciao,
      Fabio

      Delete
  2. Hmm... I still get the "buffer cannot be null" error.

    ReplyDelete
    Replies
    1. Just noticed, this only happens when using integrated authentication.

      Did you apply the fix I mentioned in my second reply on the previous blog post?

      Delete
    2. I still get the "buffer cannot be null" when using an incorrect username/password.

      Delete
    3. Hi Roel, thank you for the feedback. I will try to introduce the fix you are mentioning in the next few days.

      Delete
    4. Hi Roel, as far as I can understand the issue is not related to missing initialization of a variable. If I try to call the public Home Realm Discovery service with the account you provided I cannot get the AuthURL parameter, so it's not possible to initialize correctly the variable you mentioned.

      This is the url for Home Realm Discovery
      https://login.microsoftonline.com/getuserrealm.srf?login=xxx@yyy.com&xml=1

      Reference: http://social.msdn.microsoft.com/Forums/sharepoint/en-US/a388c9bf-7b50-4c52-902b-e30a0329d7ed/sharepoint-office-365-authentication?forum=sharepointdevelopment

      So I suppose you should check your ADFS configuration because the Home Realm Discovery should be functioning in order to get the AuthUrl parameter.

      Fabio

      Delete
  3. Hi Fabio
    Thanks for doing a great job fixing something Microsoft should have fixed long time ago :)
    I know I have no right to ask you to do anything, still - a suggestion. In our case, the windows credentials do not quite fit the office365 credentials (our local domain is different). However, to use the credentials in a plain text script in the parameter would be a hughe security risk for us. So I was wondering, would either of the following two possibilities be feasible in some future version?
    1. supply a username through command line, but use the windows password
    2. use the password saved by the browser (this is what e.g. the harmon.ie software does).

    Thanks again!

    Ondrej

    ReplyDelete
    Replies
    1. Hi Ondrej,
      thank you for your feedback. I agree with you and I hope Microsoft will introduce an official feature...

      Regarding your question, I need to better understand what your need. You have a local domain (let's say aaa.com) which is different from the Office365 domain (bbb.com), but the passwords are the same. Is this correct. ?

      So you would need to use a different username but the same password ?

      Fabio

      Delete
    2. Hello again!

      Yes, we have a local domain "ff" and an Office365 domain "ff.cuni.cz", but the username and password are the same.

      So we either need to set the username@domain separately (as a plain-text parameter), but take the password from windows, or we need to set the domain separately (as a plain-text parameter).

      Maybe setting the domain separately is not such a bad idea since that may be a rather common situation and makes the tool very easy to implement (domain being common for all users). But setting the whole username@domain separately may potentially cover more uses and users, though it may be more difficult to setup - probably involving the use of %username& or something like that.

      Best

      Ondrej

      Delete
    3. And just to make myself clearer, if one uses:

      Cookie365 -s https://yoursite.sharepoint.com

      all the credentials are taken from the domain.

      What I would like is to use:

      Cookie365 -s https://yoursite.sharepoint.com -user user@domain.com

      where the password would be taken from the domain, or possibly:

      Cookie365 -s https://yoursite.sharepoint.com -domain domain.com

      where both username and password would be taken from the domain, but the domain name given in the parameter would be used to construct the office365 login name.

      Best

      Ondrej

      Delete
    4. Very clear, thank you. I need you to test this beta release http://1drv.ms/1v0L0lf

      I added the -d domain.com option.
      Please let me know the results,
      Regards,
      Fabio

      Delete
    5. Hi!

      Thanks, the beta works fine, even the domain parameter (my username@domain login is constructed correctly), but it finishes ok only if I supply the password parameter. If I leave out the -p, it says
      ...
      Retrieving Cookies....[ERROR]:Vyrovnávací paměť nemůže mít hodnotu NULL.
      Název parametru: buffer
      [ERROR]:Došlo k jedné nebo více chybám.

      which is the same error as reported above, just in Czech :)

      It would be great if this could be solved as well, but in any case, thumbs up!

      on.

      p.s. why is the expiration set only to ca. an hour into the future and not longer?

      Delete
    6. Hi Ondrej,
      I was reviewing the code but I don't think this can be done... :-(
      I can either:
      a) Specify username AND password, and it will work
      b) OR I can ask windows to use integrated authentication, in this case the authentication is made via kerberos tokens and I cannot specify a different domain
      I have not found a way to have a mix.

      If someone can suggest a solution, I would be happy to apply it...
      Regards,
      Fabio

      Delete
    7. Ah, that is a pitty! But thank you very much for trying!

      There probably is no way we could supply the password in an encrypted form I guess?

      Best

      Ondrej

      Delete
    8. One more thought - could the utility use browser credentials or key manager instead as I have seen other apps (like harmon.ie) do it? There the credentials are complete and correct...

      Best

      Ondrej

      Delete
    9. Sorry for spamming you like this, but now I actually tried to login with just the -s parameter and I can see in the output that it acutally has the correct username with the correct domain, but there is the buffer error again - is this something new or the old bug is still around? ;)

      Thanks

      Ondrej

      Delete
    10. No worries.. :-)
      If the username and domain are correct it should work. I suggest we get in touch via linkendin so we can share (privately) some more details.
      Regards,
      Fabio

      Delete
    11. Hi Ondrej,
      I did some research... but it seems if you don't have a federated domain it's not possible to use windows integrated authentication (and SSO).

      You can take a look at this good article
      http://blog.kloud.com.au/2013/06/05/office-365-to-federate-or-not-to-federate-that-is-the-question/

      Regarding the other questions.. I have no hints on how to use the credentials stored in the browser...
      What you could do is to setup a powershell logon script asking the user to re-enter its password.

      If anyone has suggestions... they are welcome.
      Best Regards,
      Fabio

      Delete
    12. Hi Fabio

      Thanks a lot for your research! Just watching e.g. the harmon.ie add-in authentication process seems to corroborate your conclusions.

      When set to use the browser credentials, it just uses the cookie and if that is expired it displays an integrated IE window with the Office365 login page. Windows credentials settings in the same add-in also does not work once the cookie is expired (probably since we are not federated).

      This gives me an idea - having the user prompted every hour or so by the powershell may be a bit annoying, but if there were an easy way to test the cookie expiration, we could create shortcuts that would open WebDav folders if cookie is fresh and ask for re-login if it is not (essential what harmony does).

      This is quite beyond the scope of Fabio's utility, but if anybody has a good tip how to achieve this easily, I'd be very grateful.

      Best

      Ondrej

      Delete
  4. Thank you for your work on this project!

    I'm trying to get cookie365 to mount a drive but I am having no luck. I've pasted my command line and cookie365 output. Am I doing something wrong?

    cookie365 -s https://mysite.sharepoint.com -user me@mydomain.com -p mypassword -mount L

    ============ Cookie365 v0.2 - (C)opyright 2014 by Fabio Cuneaz =============
    SharePoint URL: https://mysite.sharepoint.com
    User: me@mydomain.com
    Use Windows Integrated Authentication: False
    Mount as disk L
    Retrieving ADFS URL...[KO] (Probably not ADFS Federated)
    Retrieving STS Token...[OK]
    Retrieving Cookies....[OK]
    Setting Cookies in OS...PS

    ReplyDelete
    Replies
    1. Hi Altidude, you should add a colon to the drive letter chosen. So it would be L:

      Delete
  5. Hi,

    I am still getting the [ERROR]:Buffer cannot be null. I'm using the command: cookie365 -s https://mysite.sharepoint.com -user me@mydomain.com -p mypassword

    ============= Cookie365 v0.2 - (C)opyright 2014 by Fabio Cuneaz =============

    SharePoint URL: https://mysite.sharepoint.com
    User:
    Use Windows Integrated Authentication: False
    Mount as disk
    Retrieving ADFS URL...[KO] (Probably not ADFS Federated)
    Retrieving STS Token...[OK]
    Retrieving Cookies....[ERROR]:Buffer cannot be null.
    Parameter name: buffer
    [ERROR]:One or more errors occurred.

    ReplyDelete
    Replies
    1. Found the error in source code, in SpoAuthUtility, line 418: you have the condition "string.IsNullOrEmpty(password)" this should be "!string.IsNullOrEmpty(password)" as you want it to return true if the user has entered their password.

      Delete
    2. Sorry Marcus, I did not see your post before. You should try with the beta release I created for otichy, mentioned in the comments above. Here is the link

      http://1drv.ms/1v0L0lf

      Delete
    3. That worked :) Do you have an email for me to contact you? Have some questions that are best left out of the comment section.

      Delete
    4. Hi Marcus, yes no problem. You can contact me on linkedin.
      Ciao

      Fabio

      Delete
    5. Hi Fabio, I have just tried beta version 0.4 and it say that username cannot be emty.
      command line here:
      C:\Users\user\Downloads\office 365 network drive>cookie365 -s https://xxxx.sharepoint.com -user xx@yy.zz -p password -mount O:
      Result error:
      Username cannot be empty

      Delete
    6. Hi Samson, the command line option you have to use is "-u", not "-user"

      Delete
  6. Hi - this looks really useful and I've been looking at this for a couple of days now. I have the vbs to map the drive but had to invoke IE to add the email address and click the "keep me logged in" tickbox to make it work. I've added the latest exe you've written but I get the following error:

    [error]:Could not load type 'system.runtime.compilerServices.IAsyncstatemachine' from assembly 'mscorlib, Version=4.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089

    Any ideas?

    Thanks in advance.

    Dylan (bungle15@outlook.com)

    ReplyDelete
    Replies
    1. Hi, you should check to have .NET 4.5 installed.
      Regards,
      Fabio

      Delete
  7. .net 4.5 was missing - works now! What a great tool, has saved me a sleepless night!

    Dylan.

    ReplyDelete
    Replies
    1. Hi Dylan, I am happy you solved the issue and everything works fine !

      Delete
  8. Fabio, have you any objection to me using this code in our college? I will reference you in any of our documents if you agree to allowing me to use.

    Thanks again.

    Dylan.

    ReplyDelete
    Replies
    1. Hi Dylan. Could you please contact me via Linkendin ?

      Delete
    2. Hi Dylan, I just released the latest version under GPL license. So if the license is ok for you you can use it in your college.
      Regards,
      Fabio

      Delete
  9. Hi Fabio,
    I've problem with latest beta. When I try to use it authentication process run without problem but It doesn't mount shared drive:

    == Cookie365 v0.3 - (C)opyright 2014 by Fabio Cuneaz ==

    SharePoint URL: https://rwe.sharepoint.com/sites/abcdef/ghij/Shared D
    ocuments
    User: ko***rek*@rwe.cz
    Use Windows Integrated Authentication: False
    HomeDir:
    Mount as disk Z:\
    Retrieving ADFS URL...[OK]
    Logging in and retrieving SAML Token...[OK]
    Retrieving STS Token...[OK]
    Using proxy...[http://proxy1.rwe.rwegroup.cz:xyz/]
    Retrieving Cookies....[OK]
    Setting Cookies in OS...

    Mounting part missing :( And I'm able to access SharePoint without another authentication in the web browser but not in Explorer. When I try to mount it manually it returns Path not found.

    Thanks for help
    Jakub

    ReplyDelete
    Replies
    1. Hi Jakub, apparently you are using the version 0.3, you should use the latest version, v0.4.
      Regards,
      Fabio

      Delete
  10. ..and Fabio could you give me the latest source code? I'd like to add password prompt to application because It's not secure to use command line option :)
    Thanks
    Jakub

    ReplyDelete
    Replies
    1. Hi Jakub,
      I just published the source code under GNU Public License.
      Yes the password in the command line is absolutely not secure, and you should not be using it in a production env !!
      The tool was designed to be used in a ADSF/Kerberos environment

      If you have to use user/password with user interaction I think it's simpler to use the office365 web interface.
      Regards,
      Fabio

      Delete
    2. Hi,
      I hoping you can help me. I'm trying to map to Onedrive Business on a PC in a workgroup and Cookie365 works up until the mount point, but when I try to use the -homedir switch and map to a personal folder of a specific user I get 'System error 53 has occurred' and at the end 'the network path was not found'. I've tried different syntax's for the path but none work. Many thanks, Chris

      Delete
  11. Hi Fabio,

    Thanks a lot for your efforts. The tool works great. Sometimes 'setting cookies in OS' seems to fail though. [OK] doesn't appear then and . I noticed that turning of the 'keep me signed in option' on SharePoint and logging off usually helps. Is this something you could fix?

    Btw, did you see the typo in the first "OK"? It is spelled as "KO" (knock-out)...

    ReplyDelete
    Replies
    1. Hi Erik, could you please post a sample result where you see the first "KO" ?
      Regards,
      Fabio

      Delete
    2. Hi Fabio,

      An example as requested: "Retrieving ADFS URL...[KO] "

      ============= Cookie365 v0.3 - (C)opyright 2014 by Fabio Cuneaz =============

      SharePoint URL: [removed]
      User: [removed]
      Use Windows Integrated Authentication: False
      HomeDir:
      Mount as disk
      Retrieving ADFS URL...[KO] (Probably not ADFS Federated)
      Retrieving STS Token...[OK]
      Retrieving Cookies....[OK]
      Setting Cookies in OS...

      Delete
    3. HI Erik, this is the correct behaviour since you are not using ADFS.

      Delete
  12. Hi Fabio,

    I really like this solution. Thank you for your excellent work and persistence.

    I'd like to make a GUI version of this.

    Would you be willing to share the source code of this.

    ReplyDelete
    Replies
    1. Hi,
      I just released a new version under GNU Public License, so you can access the source code.
      Please let me know when you will release a GUI based version...
      Good Work.
      Fabio

      Delete
    2. I will if successful.

      Thank you,
      Remco

      Delete
  13. Hi Fabio,

    The tool works great but i have the same issue as Erik. Sometimes 'setting cookies in OS' seems to fail. Removing the -my.sharepoint.com cookie and running the script again resolves it.

    I wonder if this is something that could be fixed?

    ReplyDelete
  14. Office 365 Project Online

    http://www.glms.com.au/project-online-and-office-365/

    Please Click below website here & Get information about Office 365 Project Online.

    ReplyDelete