2

For one of our FBA enabled SharePoint site, we need to access various web services. I know that we need to invoke Authentication.asmx before we make any other SP web service call.

How do I get the currently logged in user's username & password to pass to the Authentication.asmx service?

Thanks.

Update: I tried Marek's solution with a known username and password and got a 401 for Authentication.asmx. So probably some settings are off. The admin is looking into it.

noobDotNet
  • 35
  • 7

1 Answers1

1
MembershipUser user = Membership.GetUser();
string username = user.UserName;
string password = user.GetPassword();

Authentication auth = new Authentication();
auth.CookieContainer = new CookieContainer();
LoginResult result = auth.Login(username, password);

if (result.ErrorCode == LoginErrorCode.NoError)
{
    CookieCollection cookies = auth.CookieContainer.GetCookies(new Uri(auth.Url));
    Cookie authCookie = cookies[result.CookieName];
    Lists lists = new Lists();
    lists.CookieContainer = new CookieContainer();
    lists.CookieContainer.Add(authCookie);
    lists.GetListCollection();
}

However, depending on the settings of the membership provider (is password stored in plain text, encrypted or hashed? is it required to pass the security answer to get the password?) retrieving the password may be more difficult or even impossible and you will need to ask the user for it.

Marek Grzenkowicz
  • 17,024
  • 9
  • 81
  • 111
  • Thanks Marek. We need to access the web services from a number of custom aspx pages. – noobDotNet Nov 21 '11 at 16:52
  • PasswordFormat is "Hashed" and EnablePasswordRetrieval is set to false in the web.config. Is there a way around this? Thanks. – noobDotNet Nov 21 '11 at 18:11
  • @noobDotNet Hashing the passwords is the best option from the security point of view but it also means that you won't be able to retrieve them from the database.`Can you use a single, dedicated account to make all the Web service calls? – Marek Grzenkowicz Nov 21 '11 at 21:42
  • With different users having different levels of permissions, it is not possible to use single dedicated account for the web service calls. I am trying [another solution](http://social.technet.microsoft.com/Forums/en-AU/sharepoint2010programming/thread/fc5d6c36-db17-497c-90af-2a6580c44a41) solution as a work around. I hope it works. – noobDotNet Nov 21 '11 at 21:51