Forms Authentication for SharePoint : Part-6

Using Web Services with a Site Protected by Forms Authentication

SharePoint Web services with a site secured with forms authentication works but the process differs from common scenario and the difference is that we must obtain an authentication cookie and use that when accessing web services in site protected by forms authentication.

The Authentication Web service has a method named Login when called places an authentication cookie in proxys System.Web.Services.Protocols.HttpWebClientProtocol.CookieContainer collection. That cookie can then be used in subsequent requests to other Web services in the site that is protected by forms authentication to authenticate the request.

In default ,the zone that is configured to use forms authentication does not enable client integration features.The option found on Authentication provider must be turned on if we intent to use Sharepoint web services, and when is turned off Sharepoint turns off support to remote interfaces,such as web services.

We can use a windows authentication –protected site when creating web service proxies as adding Web references in Visual Studio).In common scenario Visual Studio Web Reference wizard does not work with a SharePoint site that is protected by forms authentication. Lists Web service

To retrieve all lists in the site by using the Lists Web services

1. Start Visual Studio, and create a Windows Application project.

2. Add a button and text box to Form1.

3. Change the text box properties so that Multiline is True and Scrollbars is Vertical.

4. Resize the text box to fill the form under the button.

5. Add a Web reference to the Authentication Web service in the site that is protected by forms authentication; the Authentication Web service can be found in the path http://siteCollectionName/_vti_bin/authentication.asmx. Name this Web reference fbaAuth.

6. Add a second Web reference to the Lists Web service; it can be found in the path http://siteCollectionName/_vti_bin/lists.asmx. Name this Web reference fbaLists.

7. On the form, double-click Button1 to switch to code view and create an event handler for the click event. Create two variables for the Web service proxies, as shown in the following code.

fbaAuth.Authentication auth = new fbaAuth.Authentication();

fbaLists.Lists lists = new fbaLists.Lists();

Visual Basic

Dim auth As New fbaAuth.Authentication()

Dim lists As New fbaLists.Lists()

8. Create a CookieContainer collection object for the Authentication class proxy; the authentication cookie will be stored in this container after calling the Login method.

9. Call the Login method, and check the result from that call, as shown in the following code.

auth.CookieContainer = new System.Net.CookieContainer();

auth.AllowAutoRedirect = true;

fbaAuth.LoginResult lr = auth.Login("myUserName", "myUserPassword");

if (lr.ErrorCode == fbaAuth.LoginErrorCode.NoError)

{

//Now we can talk to the Lists Web service.

}

Visual Basic

auth.CookieContainer = New System.Net.CookieContainer()

auth.AllowAutoRedirect = True

Dim lr As fbaAuth.LoginResult = auth.Login("myUserName", _

"myUserPassword")

If lr.ErrorCode = fbaAuth.LoginErrorCode.NoError Then

'Now we can talk to the Lists Web service.

End If

If the Login method succeeds the proxy for Authentication web service has a valid authentication cookie in CookieContainer collection and to reuse this cookie,we must set the CookieContainer property for the Lists Web service proxy equal to the CookieContainer property of the Authentication Web service proxy. We can then make calls to the Lists Web service, and the authentication cookie will be used to authenticate and authorize the request. That means that when we make a Web service request, the cookie will authenticate and authorize the request based on the permissions of whatever account was used to create the authentication cookie.