1
votes

In a Windows Phone application, I'm trying to read SharePoint data that is protected by UAG, and want to support passing a session cookie to UAG.

The white paper, Building Windows Phone 7 applications with SharePoint 2010 Products and Unified Access Gateway (UAG), http://technet.microsoft.com/en-us/library/hh180841.aspx, demonstrates passing user credentials each time to UAG.
But, how do I store and reuse the session cookie that UAG passes back to the client?


    //Example from white paper
    string url = String.Format(“{0}/my/_layouts/activityfeed.aspx?consolidated=true", AppSettings.Url);
    System.Uri authServiceUri = new Uri(url);
    HttpWebRequest client = WebRequest.CreateHttp(authServiceUri) as HttpWebRequest;
    client.Headers["User-Agent"] = "Microsoft Office Mobile";
    client.Headers["Authorization"] = "Basic " 
     + Convert.ToBase64String(Encoding.UTF8.GetBytes(AppSettings.Username + ":" 
     + AppSettings.Password))+ System.Environment.NewLine;
    // Call and handle the response...

This Blog Post, Developing Windows Phone 7 Applications for SharePoint 2010, http://blogs.msdn.com/b/pstubbs/archive/2010/10/04/developing-windows-phone-7-applications-for-sharepoint-2010.aspx, shows how to authenticate with FBA and pass a cookie with request. But I don't know how much of this applies to UAG.


    private void Authenticate()
    {
    System.Uri authServiceUri =new Uri("http://phone.contoso.com/_vti_bin/authentication.asmx");

    HttpWebRequest spAuthReq = HttpWebRequest.Create(authServiceUri) as HttpWebRequest;
    spAuthReq.CookieContainer = cookieJar;
    spAuthReq.Headers["SOAPAction"] = "http://schemas.microsoft.com/sharepoint/soap/Login";
    spAuthReq.ContentType = "text/xml; charset=utf-8";
    spAuthReq.Method = "POST";

    //add the soap message to the request
    spAuthReq.BeginGetRequestStream(new AsyncCallback(spAuthReqCallBack), spAuthReq);
    }

    // After authenticated and cookie is set
    ListsService.ListsSoapClient lists = new ListsService.ListsSoapClient();
    lists.CookieContainer = cookieJar;

2

2 Answers

1
votes

Both approaches will work with UAG in some circumstances. If you use HttpWebRequest, You can authenticate to UAG by setting the basic authorization and useragent headers on each call. You don't have to pass the cookie to UAG. SharePoint will return the data on the next response.

You can also modify the above FBA example so that it works with UAG: You must add the useragent and basic authentication headers in the Authenticate method.

spAuthReq.Headers["User-Agent"] = "Microsoft Office Mobile";
spAuthReq.Headers["Authorization"] = "Basic " . . .  

Couple tips:

  • Since you'll be using HTTPS, you will also need to change the clientconfig security mode to transport.
  • Test the Office Hub against your UAG/SharePoint environment before you begin development.
0
votes

UAG signs cookies, which means they are obfuscated everytime a user logs in. Also UAG doesn't do cookie sign in - it uses them for sessions.