tags:

views:

32

answers:

1
Q: 

SharePoint search web service error (NTLM) when called from HttpHandler

Here is my scenario: I have a SharePoint site I am working on, and it is on one server farm. In this site, I have created an HttpHandler that uses a SharePoint search webservice that is located on a different server. So that looks something like this:

  1. SharePoint Server A, where my site lives
    • Has a service reference to SharePoint search web service on Server B
    • Has an http handler that uses the service reference to call the search service
  2. SharePoint Server B, where the search service lives

My code looks like this:

BasicHttpBinding binding = new BasicHttpBinding();

binding.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly;
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Ntlm;

QueryServiceSoapClient _queryService = new QueryServiceSoapClient(binding, new EndpointAddress("http://easearch.ea.com/_vti_bin/search.asmx"));
_queryService.ClientCredentials.Windows.AllowNtlm = true;
_queryService.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;
_queryService.ClientCredentials.Windows.ClientCredential = CredentialCache.DefaultNetworkCredentials;
//_queryService.ClientCredentials.Windows.ClientCredential = new NetworkCredential("MyUsername", "MyPassword", "MyDomain"); //This is the only way it seems to work
//NetworkCredential userCredential = CredentialCache.DefaultCredentials.GetCredential(_queryService.Endpoint.ListenUri, "NTLM");
//_queryService.ClientCredentials.Windows.ClientCredential = userCredential;

string status = _queryService.Status();

If I use this code from a console application on my dev box, it works as expected. But when I try to use the same code from my http handler, it gives the error

The HTTP request is unauthorized with client authentication scheme 'Ntlm'. The authentication header received from the server was 'NTLM'.

I've tried a number of different combinations of the code above and the only one that works from my HttpHandler is when I directly provide my credentials. Anyone have any ideas?

Thanks.

+1  A: 

NTLM cannot delegate credentials to a remote server.

This is known as the "double hop" issue. http://blogs.technet.com/b/askds/archive/2008/06/13/understanding-kerberos-double-hop.aspx

You'll have to configure Kerberos. Basically:

  • Configure SharePoint to use Kerberos (in "authentication provider" in central administration)
  • Create a SPN for SharePoint on your application pool account (with command line "setspn")
  • Create a SPN for the website runnong on server B on the application account running this site
  • Configure delegation between the 2

Yes, Kerberos is not that easy to put in place...

Nico  2010-08-13 09:59:20
Thanks. I also used another post, http://stackoverflow.com/questions/262442/sharepoint-2007-ntlm-issue-with-asp-net-web-app-hosted-on-sharepoint-server/263226#263226, that had this same information with another few options for using the search web service as well. Unfortunately for me, in my organization, it appears as though Kerberos isn't well supported and so I likely won't be able to use it. I've also been told that the DisableLoopbackCheck as suggested in that other post won't fix my problem either. Looks like I'll have to find another way to do what I need. Thanks again though.
TehOne  2010-08-17 17:47:40

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?