6
votes

I have been having a lot of difficulty setting up my WCF service to talk to Sharepoint Web services, specifically I am trying to use the Lists.asmx and Copy.asmx services.

I got it working using an http link to sharepoint for development, but now we need to switch to an HTTPS link. I got the web reference setup and updated for this link, but when it tries to call a service (ex: GetListItems) it errors out with the following error: The request failed with HTTP status 401: Unauthorized.

I then tried to see what type of authentication our Sharepoint Server uses, which turns out to be NTLM. I then tried to configure out web.config file for this. Here is the entire web.config file:

<?xml version="1.0"?>
<configuration>
    <configSections>
        <sectionGroup name="applicationSettings" type="System.Configuration.ApplicationSettingsGroup, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
            <section name="InventoryService.Properties.Settings" type="System.Configuration.ClientSettingsSection, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false"/>
        </sectionGroup>
    </configSections>
    <appSettings/>
    <connectionStrings/>
    <system.web>
        <compilation debug="true" targetFramework="4.0">
        </compilation>
        <!--
        The <authentication> section enables configuration 
        of the security authentication mode used by 
        ASP.NET to identify an incoming user. 
    -->
        <authentication mode="Windows"/>
        <!--
        The <customErrors> section enables configuration 
        of what to do if/when an unhandled error occurs 
        during the execution of a request. Specifically, 
        it enables developers to configure html error pages 
        to be displayed in place of a error stack trace.

        <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
         <error statusCode="403" redirect="NoAccess.htm" />
         <error statusCode="404" redirect="FileNotFound.htm" />
        </customErrors>
    -->
        <pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID"/></system.web>
    <!-- 
      The system.webServer section is required for running ASP.NET AJAX under Internet
      Information Services 7.0.  It is not necessary for previous version of IIS.
  -->
    <system.serviceModel>
        <bindings>
   <basicHttpBinding>
    <binding name="NewBinding0">
     <security mode="TransportCredentialOnly">
      <transport clientCredentialType="Ntlm" proxyCredentialType="None" />
     </security>
    </binding>
   </basicHttpBinding>
  </bindings>
  <services>
   <service behaviorConfiguration="InventoryService.Service1Behavior"
    name="InventoryService.InventoryService">
    <endpoint address="" binding="basicHttpBinding" bindingConfiguration="NewBinding0"
     contract="InventoryService.IInventoryService">
     <identity>
      <dns value="localhost" />
     </identity>
    </endpoint>
    <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
   </service>
  </services>
        <behaviors>
            <serviceBehaviors>
                <behavior name="InventoryService.Service1Behavior">
                    <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
                    <serviceMetadata httpGetEnabled="true"/>
                    <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
                    <serviceDebug includeExceptionDetailInFaults="true"/>
                </behavior>
            </serviceBehaviors>
        </behaviors>
    </system.serviceModel>
    <applicationSettings>
        <InventoryService.Properties.Settings>
   <setting name="InventoryService_WSCopy_Copy" serializeAs="String">
    <value>http://site/_vti_bin/Copy.asmx</value>
   </setting>
   <setting name="InventoryService_SharepointLists_Lists" serializeAs="String">
    <value>https://site/_vti_bin/Lists.asmx</value>
   </setting>
  </InventoryService.Properties.Settings>
    </applicationSettings>
</configuration>

If anyone has a clue if I setup this config file correctly for NTLM, that would be really helpful.

If this is setup correctly, then I guess I will move on to the next question about if I setup the credentials correctly:

inventoryList = new SharepointLists.Lists();
inventoryList.Url = "https://fullsiteurl/_vti_bin/Lists.asmx";
inventoryList.Credentials = new System.Net.NetworkCredential("user", "pass", "domain");

If someone could go over this, that would also be very helpful.

Again I know that the config file is pretty long and I highly appreciate it if you go through it let me know if I setup NTLM authentication correctly.

If all this checks out ok, then I have no idea where to start on getting the HTTPS link with sharepoint working (The existing HTTP link to sharepoint is still accessible for the time being, until I can get the service working with the HTTPS link).

2
Just to be sure, you have a WCF Service which calls into a Sharepoint Web Service right? First question: why aren't you directly using the Sharepoint API inside your WCF service? Second question: Are you able to browse the sharepoint site in HTTPS with the specified user credentials?Sam B
Yes, I am using a WCF service that calls a Sharepoint Web Service by using a Web Reference to the sites lists.asmx url. 1. I cant use the Sharepoint API because the service is not going to be on the same machine as Sharepoint, Sharepoint API is only usable if you are on the same machine as the Sharepoint Server. 2. Yes my user credentials work fine with the HTTPS link, I can add the web reference using those credentials too.PvpMan22

2 Answers

0
votes

Make sure the specified user has access to the ASMX with the browser.

Make sure the user has (at minimum) Read permission to the target library.

Also, make sure the user has the Use Remote Interfaces premission (WSS 3.0: Site settings, Advanced permissions, Settings - Permission Levels, choose corresponding permission level).

Also, if you are using MOSS 2007, SOAP access can be disabled in the central admin.

I don't have Sharepoint 2010 available at the moment so I cannot check, but I expect the settings to be corresponding.

Edit:

If everything works great under normal HTTP, I would look at the way that HTTPS was enabled.

Take a look at this site "How to enable SSL on a SharePoint 2010 web application", especially the second part (about 1/3rd of the page, regarding adding an alternate access mapping).

Hope this helps.

0
votes

You are getting this error because you have not specifed that the mexHttpBinding also use use the 'NewBinding0' binding configuration. What is happening is that prior to your actual WCF service call, WCF is attempting to obtain some information about the service. This request will fail if it does not transport any client credential information to the service since it is secured and you will recieve the 401 response from the server (Not Authorized). Make sure that your mexHttpBinding also sends up the NTLM credentials.

You could alternatively remove the mexHttpBinding