Is it possible to access a sharepoint web service without authenication? If you can't do it directley can you think of any ways to get round it such as haveing an open service inbetween that does authenicate for you using a public account.
+1
A:
I don't think you can, most actions the webservices perform need an explicit user with the correct permissions set. If both sites are internal, your options might include
Using automatic NTLM authentication, give the complete Authenticated Users group the necessary acecss. Using IE or the proper extensions to FireFox credentials will be automatically passed without user prompting. Your mileage may vary.
Passing the proper credentials to a default user explicitly in the call to the webservice from that other website.
If you feel creative, here is a blog from Reza Alirezaei where he walks through the steps of mapping the anonymous user onto a specific account. If you manage to give that acount the proper permissions, you are there. Not for the faint of heart, though.
Paul-Jan
2009-08-11 18:15:53
+2
A:
John,
The security model of the web application through which you're trying to access the web service in question is going to drive whether or not you can access the service anonymously. If you're attempting to access the web service through a web application on which anonymous access is enabled, then you'll be able to hit the web service. Go ahead and try this on an anonymous site (if you have one): http://yoursitehere/_vti_bin/lists.asmx. You'll get the friendly service page back, no auth required.
Here's the catch: once you traverse the web service layer, you've got another layer of security to deal with. SharePoint itself is going to want to check permissions for access via the web services just as it normally would, so unless you are attempting an operation or trying to access data that is allowed for anonymous users, you're going to get blocked.
You have a handful of options:
Simply ensure that everything you're trying to do is permitted anonymously. This may sound easy, but it can actually be pretty difficult for anything but the simplest and straightforward of operations. Most organizations, too, don't care for opening things up to this extent.
If you control the code that's calling the web service, then you have the ability to attach credentials to the web service request. I recommend starting here, as it is going to make things a lot easier than trying to throw everything wide open. Plenty of examples exist on attaching credentials to a web service proxy (e.g., http://msdn.microsoft.com/en-us/security/cc178918.aspx)
Finally, you could write your own web service that wraps the SharePoint web service (or services) of interest. You could permit anonymous access to your web service and then adopt an appropriate security context within your own service to access SharePoint with the required permissions level.
I hope this helps!
- Sean
Sean McDonough
2009-08-11 18:21:03
Sean - I too thought that if BOTH IIS and SharePoint was setup for anon access then you would be able to access web services anonymously. Turns out you can't - give it a go!
Ryan
2009-08-12 16:02:18
Your comment got me thinking, Ryan, and so I did some additional research and playing around. Despite all my digging, I couldn't come up with an example of accessing SharePoint data through a web service anonymously. Though the web service endpoints are available, it doesn't look like it's possible to drill through. Thanks for catching this, and my apologies to anyone I may have mislead. Of the options I cite above, #2 and #3 look to be the only "real" options. As a small follow-up: this MS article covers what's open anonymously: http://technet.microsoft.com/en-us/library/ee191479.aspx
Sean McDonough
2009-08-12 19:57:55