8

My company is working on a new SharePoint site, which will use Forms Based Authentication to allow our customers to log into the site for subscriber specific content (downloads, license info, etc).

All these customers are located within our CRM, NetSuite, which is where we want our customer care teams to update a customers information and assign them to FBA roles (the roles are already added to Groups in SharePoint).

To do this, I'm looking to create SOAP XML files, that can be used by NetSuite's own development language, SuiteScript, which would send the SOAP request, and the process the response.

For example: Using soapUI I'm constructing the following XML:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/">
<soapenv:Header/>
  <soapenv:Body>
    <dir:GetUserInfo>
      <dir:userLoginName>myUserName</dir:userLoginName>
    </dir:GetUserInfo>
  </soapenv:Body>
</soapenv:Envelope>

The problem is that my XML response, when executing this XML using soapUI, is 403 FORBIDDEN - the Raw response is:

HTTP/1.1 403 Forbidden
Cache-Control: private, max-age=0
Server: Microsoft-IIS/7.5
SPRequestGuid: 36264ce4-9702-44bb-9693-23852a5e0c99
X-SharePointHealthScore: 1
X-Forms_Based_Auth_Required: http://mySPserver/_layouts/login.aspxReturnUrl=/_layouts/Error.aspx&Source=%2f_vti_bin%2fusergroup.asmx
X-Forms_Based_Auth_Return_Url: http://ec2-devmoss1/_layouts/Error.aspx
X-MSDAVEXT_Error: 917656; Access denied. Before opening files in this location, you must first browse to the web site and select the option to login automatically.
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
MicrosoftSharePointTeamServices: 14.0.0.4762
Date: Tue, 19 Jul 2011 19:25:47 GMT
Content-Length: 13

403 FORBIDDEN

I'm guessing I need to log in somehow using credentials within the XML, but how do I do that? I tried using this in my <soapenv:Header>...

<soapenv:Header> 
  <h:BasicAuth xmlns:h="http://soap-authentication.org/basic/2001/10/" SOAP-ENV:mustUnderstand="1"> 
    <Name>user</Name> 
    <Password>password</Password> 
  </h:BasicAuth> 
</soapenv:Header>

but then my Raw response becomes:

HTTP/1.1 400 Bad Request
Cache-Control: private
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
MicrosoftSharePointTeamServices: 14.0.0.4762
Date: Tue, 19 Jul 2011 19:43:12 GMT
Content-Length: 0

Can anyone advise on how to correctly form an XML SOAP call for this, or any, SharePoint web service method, or point me to an article/question (with answer) that explains it? I tried googling and looking through stackoverflow (of course ), but I just cannot find the information/solution I need.

(sorry for the really long question)

Kevin

QMKevin
  • 1,101
  • 3
  • 13
  • 26
  • 1
    Potentially the problem is now resolved. With the aid of a colleague we were able to define the issue more clearly and then Google'd again to find this article: [Accessing SharePoint Webservices behind Forms-based Authentication or ISA server](http://crouchingrabbit.blogspot.com/2010/10/accessing-sharepoint-webservices-behind.html). Essentially I was missing the correct header (cookie), and once this was added the SOAP response contained all the info I needed. – QMKevin Jul 21 '11 at 16:25

1 Answers1

0

In the warm, fuzzy .Net world...

Accessing webservices on a SharePoint site using FBA takes a little extra work.

In .Net, it's pretty simple. In fact, there's a MSDN article with code samples and all on precisely how to do that. In summary, you first call the Login method on Authentication.asmx, and use the returned cookie in all future web service requests.

Outside .Net

One dark and stormy night, I ventured out into the non-Microsoft world. No-man's land. Without the .Net generated web service proxies, we were rolling our own SOAP messages to communicate with SharePoint webservices.

Where's my cookie??

Without the .Net proxy, you can't use CookieContainer as the MSDN article suggests. Authentication.asmx's description for Login shows the following SOAP response: enter image description here

The response XML simply contains the authentication cookie's name. Where did the actual cookie go? GIMME MY COOKIE!!!

Getting the cookie

It turns out the cookie is sent in the SOAP header. If login is successful, the response's SOAP header will look something like this:

enter image description here The Set-Cookie field above gives us the FBA cookie called .ASPXAUTH, with value 987A98.......

Using the cookie

To use the cookie for web service requests, we need to include it in the SOAP request header by adding a Cookie field:

enter image description here

You can include multiple cookies by separating the name/value pairs with semi-colons. Once the .ASPXAUTH cookie is set, you can send the request and a response should be returned as normal.

No-man's land behind ISA lines

SharePoint sites behind an ISA server with Forms authentication can be handled similarly. The difference is that we have to get the authentication cookies from the ISA server instead of SharePoint. That can be done by POSTing to the /CookieAuth.dll?Logon url. I won't go over the details, but it shouldn't be hard to figure out the appropriate url and querystring to use.

I found this again after the original blog disappeared then reappeared. Added for posterity here in case the blog goes away.

New blog location.

Author Bio

Joe Johnston
  • 2,794
  • 2
  • 31
  • 54