Thursday, March 24, 2011

How to call SharePoint Web Services from the context of current logged in user from an asp.net web application?

Scenario:
How to call SharePoint Web Services from the context of current logged-in user from an ASP.NET Web Site/Application that has Windows Authentication enabled?

Explanation:
SharePoint 2010/2007 exposes most of its Object Model through web services.
SharePoint Web Services provide methods that you can use to work remotely with a deployment of SharePoint.

A list of SharePoint 2010 web services can be found here
A list of SharePoint 2007 web services can be found here


Its not always a straight forward process to call SharePoint Web Services from the context of current logged in user from an ASP.NET Web Site/Application that has Windows Authentication enabled.

In this post I will try to explain how to connect to SharePoint Web Services in both WCF and good old web service way.


Solution:


The WCF way:

Add a service reference to the web service (Ex: https://SharePointSite.com/_vti_bin/lists.asmx)
In this example, I have named it "ListsServiceReference"

            ListsServiceReference.ListsSoapClient listsServiceReference = new ListsServiceReference.ListsSoapClient();
            listsServiceReference.ClientCredentials.Windows.ClientCredential = System.Net.CredentialCache.DefaultNetworkCredentials;
       
            listsServiceReference.Endpoint.Address = new System.ServiceModel.EndpointAddress("https://SharePointSite.com/_vti_bin/lists.asmx");

            try
            {
                //Check whether the current user has access to the site.
                //Assuming that all the authorized SharePoint users have access to the list "Form Templates", just check if the current user has access to the list.

                var list = listsServiceReference.GetList("Form Templates");

                _isUserAuthenticated = true;
            }
            catch (Exception ex)
            {
                //User does not seem to have access to the list.
                _isUserAuthenticated = false;
            }

Web.Config Modifications:

<system.serviceModel>
  <bindings>
   <basicHttpBinding>
    <binding name="ListsSoap" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true">
     <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
     <security mode="Transport">
      <transport clientCredentialType="Windows" />
     </security>
    </binding>
   </basicHttpBinding>
  </bindings>
  <client>
   <endpoint address="" binding="basicHttpBinding" bindingConfiguration="ListsSoap" contract="ListsServiceReference.ListsSoap" name="ListsSoap" />
  </client>
 </system.serviceModel>

The Web Service way:


Add a web reference to the SharePoint Web Service.
In this example, I have named it "ListsService"

                try
                {
                    ListsService.Lists listService = new ListsService.Lists();
                    listService.Credentials = System.Net.CredentialCache.DefaultNetworkCredentials;
                    listService.Url = "https://SharePointSite.com/_vti_bin/lists.asmx";

                    //Check whether the current user has access to the site.
                    //Assuming that all the authorized SharePoint users have access to the list "Form Templates", just check if the current user has access to the list.
                    var listNodes = listService.GetList("Form Templates");

                    _isUserAuthenticated = true;
                }
                catch (Exception ex)
                {
                    //User does not seem to have access to the list.
                    _isUserAuthenticated = false;
                }

The important thing to do to make the ASP.NET web service calls work is to make sure that the site needs to have ASP.NET Impersonation and Windows Authentication enabled and that the site  runs in "Classic .NET AppPool" Application Pool.

No comments:

Post a Comment