Hi,
We are in the process of migrating a system from SharePoint 2010->2013.
One of the main reasons is to take advantage of OWA 2013 for consumption of documents on mobile devices.
Now we have run into a bit of a problem, we have an Active-X control written in C# that consumes SharePoint web services via WCF to display certain facets from our SharePoint document management system to our users.
Now with classic auth set on our web app and NTLM auth, we have no issues everything works as expected, the moment we switch the webapp over to claims auth so we can integrate with OWA2013 all the service calls from our Active-X control then fail with unauthorised.
So far I have discovered that the call via WCF is completing the NTLM negotiation and the unauthorised is being thrown by SharePoint.
What I believe is happening here is the WCF client in the active-x control is unable to generate/pass the correct FedAuth / claims token to pass in the http header for claims auth on the server side to authorise it.
However after lots of googling around I’m no closer to solving the problem.
Does anybody out there know the correct way to consume SharePoint 2013 web services via WCF when claims auth is enabled on the SharePoint webapp?
Thanks,
Andy.
Hi mark, see code example of simple WCF service this throws the 401 un-auth when hosted in SharePoint under claims auth, but under classic auth works fine…
Client Config (WinForms App).
Â
               <binding name=”BasicHttpBinding_IActiveXSupportService”>
                   <security mode=”TransportCredentialOnly”>
                       <transport clientCredentialType=”Ntlm” proxyCredentialType=”None” realm=”” />
                   </security>
               </binding>
Â
           <endpoint address=”http://<servername>/_vti_bin/activexsupportservice.svc“
               binding=”basicHttpBinding” bindingConfiguration=”BasicHttpBinding_IActiveXSupportService”
               contract=”ActiveXTest.IActiveXSupportService” name=”BasicHttpBinding_IActiveXSupportService” />
Â
 Button Click Code in Winforms App
Â
           ActiveXTest.ActiveXSupportServiceClient client2 = new ActiveXTest.ActiveXSupportServiceClient();
           client2.ClientCredentials.Windows.ClientCredential = CredentialCache.DefaultNetworkCredentials;
Â
           Dictionary<string, string> returnData = client2.GetCharacterSubstitutions();
Â
           MessageBox.Show(returnData.Count.ToString()); Â
Â
 Server Side Code + Config
Â
Â
     <binding name=”BasicHttpBinding_IActiveXSupportService” closeTimeout=”00:05:30″ openTimeout=”00:05:30″ receiveTimeout=”00:10:00″ sendTimeout=”00:05:30″ maxBufferSize=”2147483647″ maxReceivedMessageSize=”2147483647″>
         <readerQuotas maxArrayLength=”2147483647″ maxDepth=”2147483647″ maxBytesPerRead=”2147483647″ maxNameTableCharCount=”2147483647″ maxStringContentLength=”2147483647″ />
         <security mode=”TransportCredentialOnly”>
           <transport clientCredentialType=”Ntlm” />
         </security>
       </binding>
Â
Â
       <behavior name=”<Assembly Name>.ActiveXSupportBehaviour”>
         <serviceDebug includeExceptionDetailInFaults=”True” />
         <serviceMetadata httpGetEnabled=”true” />
       </behavior>
Â
Â
     <service name=”<Assembly Name>.ActiveXSupport” behaviorConfiguration=”<Assembly Name>.ActiveXSupportBehaviour”>
       <endpoint contract=”<Assembly Name>.IActiveXSupportService” binding=”basicHttpBinding” bindingConfiguration=”BasicHttpBinding_IActiveXSupportService” />
     </service>
Â
Â
       public System.Collections.Generic.Dictionary<string, string> GetCharacterSubstitutions()
       {
Â
           System.Collections.Generic.Dictionary<string, string> list = new System.Collections.Generic.Dictionary<string, string>();
Â
           try
           {
               list.Add(“test”, “test”);
               return list;
           }
           catch (Exception ex)
           {
               Log.Error(ExceptionHandler.FormatException(ex));
           }
Â
           return list;
               }
You may try to disable Annonymous Impersonation for asp.net in the web.conf of your sp web app.
<appSettings>
<add key=”aspnet:AllowAnonymousImpersonation” value=”false” />
</appSettings>
Â
From <http://online.appdev.com/edge/blogs/doug_ware/archive/2011/04/16/beware-kb979917.aspx>
Andy – can you share the snippet of code that’s calling your web service?
