How to solve web service access problem for an anonymous enabled site in SharePoint 2010?


Recently, I was trying to build an InfoPath 2010 form in SP 2010 where I created Data Connection using UserProfileService.asmx web service within my site collection. Although, while setting up the connection I didn’t face any problem and I could see all the properties in the advanced mode for that data connection. I checked the Web Service URL directly to see the methods which would return me the required parameter.

After configuring everything, I was getting an error which stated “Unauthorized operation” while previewing the form in InfoPath:

The SOAP response indicates that an error occurred on the server:

Server was unable to process request. —> Unauthorized operation

I realized that some permission issue need to be resolved. I then contacted our Administrator to configure the InfoPath form services settings from the Central Admin site.

There are few things which you need to know before you can use the web services such as UserProfileService.asmx.

There is a service application in SharePoint named as “User Profile Service” which need to be set up or could be setup already in your farm. I will not go into the details of configuring it. After activating this service, the user who need to access the web services related to this, need to have have full permission access for this service which you can configure by selecting the service (Central Administration->Application Management->Manage Service Account) and adding the user in two categories (Administration and Permission), both of which require to provide full access for that particular user.

image

image

After spending enough time, I figured out that although, my web application was anonymously enabled, SharePoint does not allow the web services to run anonymously by any means. It has to pass through authentication in the IIS.

There are few workarounds which you can follow:

First Option: If your web application uses Windows Authentication (To Check, which authentication your web application is using, go to Central Admin->Application Management->Manage Web Applications; select your web app and click on “Authentication Providers”, under Membership zone, click on “Default”; under Authentication Type, you will see whether your site is using Windows, Forms or Single Sign on), Disable Anonymous Access for this web application and the web service will run perfectly (Remember, if you disable anonymous access at the web app level, all the site collections under that web app will automatically disable anonymous access option). This option is an easy way to fix the web service access problem if all the site collections for your web app really does not require anonymous access.

Second Option: (If you want to enable “anoymouos access”)

To let the users access your site anonymously, and at the same time to access the web service within that web app or site collection level, you will need to change your Authentication Type from “Windows” to “Form Based”. Now, I will not go into the detailed steps of configuring form based authentication for your server which is described here.

Third Option: (The Best one which suited me)

Actually, if you want to keep intact all the settings of your existing web app, and don’t want to mess up the settings, this option could be the best one for you. First of all, you will need to extend your web application for Intranet use. To do this

Go to Central Admin->App Management->Manage Web App, select your web app and select “Extend” from the ribbon.

image

You will find the following window:

imageimage

Select the Public URL Zone as “Intranet”. and make sure to Disable Anonymous Access.

Let’s say your Default Zone URL is : http://teams.SPWebApp.com/ then the extended Web Application URL would be : http://servername:portnumber/

Now, while calling the web services from InfoPath, you will need to provide the Extended Zone (Intranet) URL and things will work like charm. That means, when the web services will be called from your forms, it will call the Intranet URL which has “Anonymous Disabled” which will not interfere with your Default Zone URL which has “Anonymous Enabled”. So, you will be able to use Windows Form Authentication while providing the anonymous access feature to the users to call your required web services. Now, that’s a great workaround to avoid setting up “Form Based Authentication” (second option).

Advertisements

5 thoughts on “How to solve web service access problem for an anonymous enabled site in SharePoint 2010?

  1. Hi, your post about User Profile web service is very nice, so interesting. I have one question. If I extend my web application, which is the user that InfoPath use while calling the User Profile web service from a InfoPath form?

  2. Nice post, it is very useful. I have one question. If I extend my web application to use Form-Based Authentication, which is the user that InfoPath would use to call User Profile web service when using the extended URL from the InfoPath form?

  3. The web service runs under a fixed user account (eg; system account, administrator account or any other account). When you call the web service from the InfoPath, it calls the user account associated with the web service.

  4. Pingback: SharePoint Anonymous Access blocking UserProfileService.asmx service in InfoPath 2010 « SharePoint Rider

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s