2

I've come across a strange behaviour when trying to make a rest call from outside an SharePoint app (specificly from a .NET console application). As long as I use DefaultCredentials everything is fine, as long as my webapplication does not allow FBA (form based authentication) I'm able to hand over NetworkCredentials without problems.

But as soon as FBA authentication is activated I'm not able to make the rest call and 401 Unauthorized is returned.

var req = (HttpWebRequest)HttpWebRequest.Create("http://{url}/_api/web/title");
req.Method = "GET";
req.Credentials = new NetworkCredential("{user}", "{pass}");
req.Headers.Add("X-FORMS_BASED_AUTH_ACCEPTED", "f");
var response = (HttpWebResponse)req.GetResponse();

I also tried this way to hand over credentials like this:

var req = (HttpWebRequest)HttpWebRequest.Create("http://{url}/_api/web/title");
req.Method = "GET";
req.Headers.Add("X-FORMS_BASED_AUTH_ACCEPTED", "f");
var ccache = new CredentialCache();
ccache.Add(new Uri("http://{url}"), "Basic", new NetworkCredential("{user}", "{pass}"));
req.Credentials = ccache;
var response = (HttpWebResponse)req.GetResponse();

Does anyone have a hint or idea what could be wrong and how I can achieve my goal to access rest api with credentials in a mixed authentication web app?

Uwe Keim
  • 39,551
  • 56
  • 175
  • 291
Andreas
  • 294
  • 1
  • 14

1 Answers1

0

A workaround that should work would be to extend your SharePoint web application to a second zone - and on that zone don't have FBA turned on. So you'd have something like this: www.mysharepointsite.com <- FBA + Windows Authentication access restapi.mysharepointsite.com <- Windows Authentication Only

And then just point your calls to restapi.mysharepointsite.com instead of www.mysharepointsite.com.

Chris Coulson
  • 494
  • 3
  • 10
  • Hey Chris, let me try that in our environment, but on an other note, why should that be necessary? I couldn't find any information why rest with credentials shouldn't be possible in a mixed webapp. I'll keep my eyes open. – Andreas Jan 30 '14 at 08:12
  • My guess would be that because you have both configured, it doesn't know what to authenticate - so it redirects the credentials to the login page (a dropdown asking which type of credential to use) - just like when you login interactively. Much like to have search crawl enabled you need windows only on the default zone: http://social.msdn.microsoft.com/Forums/sharepoint/en-US/ce02e735-43ad-41ac-90c6-b0b8a63228f0/confused-about-mixed-mode-fba-ntlm-authentication-search-crawl You may want to use fiddler to see what is actually getting returned, or check the contents of the response in debug. – Chris Coulson Jan 30 '14 at 14:13