Tuesday, September 29, 2009

Workaround for 401 problem with POST and NTLM authentication

Context: Invoke SharePoint Lists.asmx webservice from a WPF client to retrieve listitems. The SharePoint site is hosted by an external provider, and secured via NTLM authentication. To invoke the Lists webservice a WCF proxy is generated. The client WCF binding is set to basicHttpBinding, with security = NTLM.
Issue: When invoking the service from the WPF client, a 401 is returned. Via Fiddler inspected the http-request. The NTLM authentication protocol handling in 3-steps is visible, but despite that no succesfull authentication. A simple GET via WebClient to the Lists.asmx page, with same NTLM credentials applied does succeed.
And strangely, in case this is done before sending the POST webrequest, the latter does also succeed. That is..., when Fiddler is active. Without Fiddler monitoring the http transfer, the HTTP-GET request still succeeds, however the WCF proxy call then again fails.
Although I love Fiddler, it's no option to oblige application end-users to run it just to allow the WCF proxy call to succeed...
Instead I tried to implement the SOAP behaviour explicity self via WebClient, and abandon the WCF framework in this particular case. And this works!

N.B. The probable cause of the POST malfunctioning with HttpWebRequest / WCF proxy and NTLM authentication is described in the post 401 Error on HttpWebRequest with NTLM Authentication.

No comments:

Post a Comment