none
Can't authenticate SharePoint OOTB web services from Visual Studio 2008.

    Question

  • Hi, If I try to add a SP OOTB service reference (for instance the list service) into a Console application from VS 2008, I can't read data. It raises following exception

    "The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate,NTLM'.


    My SharePoint server is allowed for windows integretated auth, and anonymous access is disabled (this is the default settings  I believe). Spent few hours googling and found a similar problem into the following blog post.


    http://www.trentswanson.com/post/2008/01/Calling-SharePoint-web-services-using-Visual-Studio-20082c-WCF2c-and-Windows-Auth.aspx

    In this blog the author is suggesting to use the following block into the config

    <security mode="TransportCredentialOnly">
         <transport clientCredentialType="Windows" proxyCredentialType="None" realm=""
    />
         <message clientCredentialType="UserName" algorithmSuite="Default" />
    </security>

    Sadly, I tried this but didn't bring any luck for me. I am now getting the following exception ..

    "The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'NTLM'."

    It's really frustrating ...can anybody suggest me a easy way to resolve this non-trivial issue?? any suggestion would be appreciated very much.



    ----------------------

    (Moderator addition)

    Exactly ONE MINUTE later was a reply by the same poster to his own post. This is the text of that reply (which I then deleted)


    I am quite annoyed with this one for last 2 hours :(

    Folks,

    I am trying to access a SharePoint OOTB List web service from a Console application. My SharePoint site in IIS is set to Integrated Windows Auth mode, and anonymous access is disabled.

    Now at client side what I am doing is as follows

    try            
                {
                    BasicHttpBinding bind = new BasicHttpBinding();
                    bind.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly;
                    bind.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;
                    EndpointAddress endpoint = new EndpointAddress("http://abc:37379/_vti_bin/lists.asmx");
    
                    ServiceReference1.ListsSoapClient listService
                        = new ConsoleApplication1.ServiceReference1.ListsSoapClient(bind, endpoint);
    
                    var elm = listService.GetListItems("Tasks", null, null, null, "10", null, @"06dc3b48-a55e-4db8-8511-acbaf9748e15");
                }
                catch (Exception ex){
                    Console.WriteLine("Message:\n" + ex.Message + "\nDetail:\n" +
                    ex.ToString() + "\nStackTrace:\n" + ex.StackTrace);
                }
    
    Boom, this raises the exception "The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'NTLM'."

    I really wanted to do something like following what we used to do in old net 2.0 days

    serviceProxy.Credentials = new NetworkCredentials("username","password","domain");

    What is the easiest way to achieve this kind of credential handling in new proxy classes??

    (BTW as you have already noticed I am using the Binding /endpoint everything inside code rather a config file, this is a restriction for my app. please don't tell me to change this-its not possible).

    Can anyone help me with this?? It would be greatly appreciated.




    - Moim Hossain
    • Edited by Mike Walsh FIN Sunday, June 28, 2009 1:37 PM Text of poster's own reply added.
    Sunday, June 28, 2009 9:42 AM

Answers

  • Hi Moim,

    Please, try to kepp quiet. I believe it is rather frustrating to fighting with a problem for hours unsuccessfully, but you should know we try to help you, even if there are sometimes misunderstandings.

    Well, I think it should not be very difficult to call a web service from VS .NET 2008 (the WCF-way).

    I did that several times with code like this one:

    WSSListService.ListsSoapClient listService = new WSSListService.ListsSoapClient();
    listService.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Delegation;
    // these should come from config file
    String userName = "UserName";
    String password = "Password";
    String domain = "Domain";
    listService.Endpoint.Address = new System.ServiceModel.EndpointAddress(wssUrl + "/vtibin/Lists.asmx");
    if (userName != null)
    {
        listService.ClientCredentials.Windows.ClientCredential = new System.Net.NetworkCredential(userName, password, domain);
    }
    

    My config file looks like this:

    <?xml version="1.0" encoding="utf-8" ?>
    <configuration>
        <system.serviceModel>
            <bindings>
                <basicHttpBinding>
                    <binding name="ListsSoap" closeTimeout="00:01:00" openTimeout="00:01:00"
                        receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false"
                        bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
                        maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
                        messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
                        useDefaultWebProxy="true">
                        <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                            maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                        <security mode="TransportCredentialOnly">
                            <transport clientCredentialType="Ntlm" />
                        </security>
                    </binding>
                </basicHttpBinding>
            </bindings>
            <client>
                <endpoint address="http://myserver/_vti_bin/Lists.asmx" binding="basicHttpBinding"
                    bindingConfiguration="ListsSoap" contract="WSSListService.ListsSoap"
                    name="ListsSoap" />
            </client>
        </system.serviceModel>
    </configuration>

    I hope you need this information and it really helps you to solve your issue.

    Peter

    • Marked as answer by Moim Hossain Tuesday, June 30, 2009 2:53 PM
    Sunday, June 28, 2009 7:17 PM

All replies

  • I really wanted to do something like following what we used to do in old net 2.0 days

    serviceProxy.Credentials = new NetworkCredentials("username","password","domain");

    What is the easiest way to achieve this kind of credential handling in new proxy classes??

    System.Net.NetworkCredential cred = new System.Net.NetworkCredential("your username here", "your password here");

    Yes, still you can do that.
    Please refer http://geekswithblogs.net/mcassell/archive/2007/08/22/Accessing-Sharepoint-Data-through-Web-Services.aspx

    ---
    Rajesh (MCTS) My Blog
    Sunday, June 28, 2009 5:04 PM

  • System.Net.NetworkCredential cred = new System.Net.NetworkCredential("your username here", "your password here");

    Yes, still you can do that.
    Please refer http://geekswithblogs.net/mcassell/archive/2007/08/22/Accessing-Sharepoint-Data-through-Web-Services.aspx


    Com'on Man. Did you get my problem really? I am using the web service proxy that was genereted by the VS.net 2008. and I am using a "service reference", not a "web service reference", therefore, my proxy class is not a subclass of "SoapHttpClientProtocol" that has a nice "Credential" property to set with credentials. If I generate a proxy class using VS 2008 (the default- service reference, not web service refenrece ) the proxy class will not have any property named "Credentials", you have to assign this by means of Binding I guess.

    NOW I need to know "How to use the WCF like proxy to invoke a Sharepoint web service, when Windows Authentication is enabled and Anonymous access is disabled!!!".

    Did you get my problem now? I would be grateful to hear any useful advice from anyone. 
    - Moim Hossain [Please mark as answer if this post helps you]
    Sunday, June 28, 2009 6:18 PM
  • Hi Moim,

    Please, try to kepp quiet. I believe it is rather frustrating to fighting with a problem for hours unsuccessfully, but you should know we try to help you, even if there are sometimes misunderstandings.

    Well, I think it should not be very difficult to call a web service from VS .NET 2008 (the WCF-way).

    I did that several times with code like this one:

    WSSListService.ListsSoapClient listService = new WSSListService.ListsSoapClient();
    listService.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Delegation;
    // these should come from config file
    String userName = "UserName";
    String password = "Password";
    String domain = "Domain";
    listService.Endpoint.Address = new System.ServiceModel.EndpointAddress(wssUrl + "/vtibin/Lists.asmx");
    if (userName != null)
    {
        listService.ClientCredentials.Windows.ClientCredential = new System.Net.NetworkCredential(userName, password, domain);
    }
    

    My config file looks like this:

    <?xml version="1.0" encoding="utf-8" ?>
    <configuration>
        <system.serviceModel>
            <bindings>
                <basicHttpBinding>
                    <binding name="ListsSoap" closeTimeout="00:01:00" openTimeout="00:01:00"
                        receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false"
                        bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
                        maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
                        messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
                        useDefaultWebProxy="true">
                        <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                            maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                        <security mode="TransportCredentialOnly">
                            <transport clientCredentialType="Ntlm" />
                        </security>
                    </binding>
                </basicHttpBinding>
            </bindings>
            <client>
                <endpoint address="http://myserver/_vti_bin/Lists.asmx" binding="basicHttpBinding"
                    bindingConfiguration="ListsSoap" contract="WSSListService.ListsSoap"
                    name="ListsSoap" />
            </client>
        </system.serviceModel>
    </configuration>

    I hope you need this information and it really helps you to solve your issue.

    Peter

    • Marked as answer by Moim Hossain Tuesday, June 30, 2009 2:53 PM
    Sunday, June 28, 2009 7:17 PM
  • "The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'NTLM'."

    I think instead of that
    bind.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;
    you should configure the binding like this:
    bind.Security.Transport.ClientCredentialType = HttpClientCredentialType.Ntlm;

    Peter
    • Proposed as answer by Aviw_ Tuesday, August 23, 2011 3:28 PM
    Sunday, June 28, 2009 7:29 PM
  • Hi Thanks Peter. Your suggestions worked for me.
    - Moim Hossain [Please mark as answer if this post helps you]
    Tuesday, June 30, 2009 2:46 PM
  • Hi Moim,

    Nice to hear that. Congrats!

    Peter
    Tuesday, June 30, 2009 4:46 PM
  • What namespace is
    WSSListService

    Microsoft.Sharepoint?
    Tuesday, September 28, 2010 4:13 PM
  • is there any way out with wich we could access ootb web services ananymously ?
    Thursday, May 19, 2011 11:27 AM
  • Peter,

    Thank you for your help. I tried as you suggested but it still doesn't work in my case. Take a look

    public void Test()
            {
                var binding = new BasicHttpBinding();
                binding.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly;
                binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Ntlm;
                var endpoint = new EndpointAddress("http://portal.someserver.com/_vti_bin/People.asmx");
    
    
                var client = new Backend.PeopleService.PeopleSoapClient(binding, endpoint);
    
                var creds = client.ClientCredentials.Windows;
                creds.AllowedImpersonationLevel = TokenImpersonationLevel.Delegation;
                creds.ClientCredential = new NetworkCredential("some.user", "password", "domain");
                var people = client.SearchPrincipals("", 1000, SPPrincipalType.All);
            }

    I am getting this error anyway:

    The HTTP request is unauthorized with client authentication scheme 'Ntlm'. The authentication header received from the server was 'NTLM'.
    	System.ServiceModel.Security.MessageSecurityException: The HTTP request is unauthorized with client authentication scheme 'Ntlm'. The authentication header received from the server was 'NTLM'. ---> System.Net.WebException: The remote server returned an error: (401) Unauthorized.
    	at System.Net.HttpWebRequest.GetResponse()
    	at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
    	   --- End of inner exception stack trace ---

    Any thoughts on this?

    Tuesday, August 28, 2012 12:40 PM