views:

1509

answers:

1

I'm going nuts with this one and can't find any decent information ANYWHERE ..

There is lots of info around about connecting to SharePoint 3.0 Web Services with WCF and Ntlm impersonation. However, when the client accessing the SharePoint services is remote to the SharePoint network and needs to authenticate, how does one best configure and pass credentials to the SharePoint service.

Can I specify a windows username and password local to the SharePoint box inside the servicemodel.config .. our SharePoint instance is running as standalone outside the domain that is accessing it. Therefore impersonation is irrelevant as the domain users do not exist on the sharepoint box.

I have tried many combinations like the following codes.. however I repeatedly get exceptions such as:

"The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'NTLM,Basic realm="wss.internaldev.local"'.

Can anyone provide an example of connecting to a "remote" SharePoint web service with Windows credentials?

ListsSoapClient proxy = new ListsSoapClient();

proxy.ClientCredentials.Windows.ClientCredential.UserName = "admin_user";
proxy.ClientCredentials.Windows.ClientCredential.Password = "admin_password";
proxy.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Identification;

listItems = proxy.GetListItems(...);

proxy.Close();

Binding examples:

<security mode="TransportCredentialOnly">
  <transport clientCredentialType="Windows" proxyCredentialType="None" />
</security>

or..

<security mode="TransportCredentialOnly">
  <transport clientCredentialType="Ntlm" />
</security>

behaviour:

<behavior name="behavior_WSS">
  <clientCredentials>
    <windows allowedImpersonationLevel="Impersonation" allowNtlm="true" />
  </clientCredentials>
</behavior>

or

    <windows allowedImpersonationLevel="Delegation" allowNtlm="true" />
+1  A: 

Did you try the things suggested here?

eg, in code:

proxy.ClientCredentials.Windows.AllowedImpersonationLevel = TokenImpersonation.Impersonate;
// AllowNtlm = false;
Cheeso
Yep I've tried so many combinations of impersonation/allow ntlm .. got to pulling hair out time and then gave up. I'm pretty sure I can't specify unless the process calling the service is already authenticated by windows. i.e. I can't specify a particular service account in code.
misteraidan