Environment:
- SharePoint 2007 (Integrated Windows Authentication)
- Silverlight 3.0 (Communicating with SharePoint via WCF)
On the SharePoint site, we have a list that contains links to other sites throughout the SharePoint web application. The silverlight app traverses this first list via Web Service call to /_vti_bin/Lists.asmx and makes other web service calls on the other sites to gather data for a chart. The user is not guaranteed to have permission to read these sites.
Note: They are all on one web application with the appropriate client access policy file.
Problem:
Initially, I used the Browser Http stack to make the calls, and it worked great unless the user did not have permission to access any of the services on the subsite. So, I changed to the Client Http stack and this was successful in trapping the unauthorized exception. In the event of an unauthorized response, the app would catch the error and continue to the next service call.
There is a large amount of data, so we don't pull all of the data at once, but rather a subset based on some paramters. As those parameters change, we make more calls to fetch the new data. As I begun to test further, I noticed that all my initial calls worked fine, but after a minute or two, all calls returned unauthorized even as a Site Collection admin.
Is there a work around to keep this authentication/authorization from 'timing out'?
Attempted Solution:
I tried this approach: http://greenicicleblog.com/2009/10/27/using-the-silverlight-httpclient-in-wcf-and-still-passing-cookies/, but no cookies were read in the ReadCookies method. Moreover, AFAIU windows authentication isn't using cookies, correct?
Also, I would prefer to keep this a SL3 solution, but if that is impossible, is this something that SL4 will solve?