Tuesday, June 28, 2011

Authentication Methods for SP2010 Client OM

On 25 June 2011 I presented a session at SharePoint Saturday India on the topic of the ‘SharePoint 2010 Client Object Model’. One of the questions which were asked was around the various authentication methods when using the Client Object model.
This short post will describe the authentication methods available when using the SharePoint 2010 .Net Managed Client Object Model.

The 3 Object Models with their available authentication methods are:

  1. .NET Client Object model
    • The default is to authenticate users via their current Windows credentials (NTLM and Kerberos).
    • Possible for you to define other authentication methods like Anonymous or Forms Authentication.
  2. Silverlight Client Object model
    • Default is to authenticate users via their current Windows credentials (NTLM and Kerberos).
    • It is possible for you to define other authentication methods like Forms Authentication.
    • It is not possible to use the Silverlight client object model with anonymous authentication.
  3. ECMA Script Client Object model
    • No need for additional authentication as JavaScript already runs in an authenticated page.

Authentication Methods when using the .Net Client Object Model

image


The Microsoft.SharePoint.Client namespace provides a ClientAuthenticationMode enumerator.The members are:

  • Default: Represents the default authentication mode.
  • FormsAuthentication: Represents ASP.NET forms authentication mode.
  • Anonymous: Represents anonymous authentication mode.

So in order to specify the authentication type you will have something like:

//Create a client context for my site which uses Forms Authentication
ClientContext clientContext = new ClientContext("http://ltp-21:31890");
//Set the AuthenticationMode
clientContext.AuthenticationMode = ClientAuthenticationMode.FormsAuthentication;

If you use Forms Authentication you will have to set properties for an instance of FormsAuthenticationLoginInfo class and assign that to the client context (see example below).

Note:
All the examples below are based on creating a .Net Windows Console Application. Remember to please add references to:
Microsoft.SharePoint.Client: C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\ISAPI\Microsoft.SharePoint.Client.dll
Microsoft.SharePoint.Client.Runtime: C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\ISAPI\Microsoft.SharePoint.Client.Runtime.dll

The code for all three examples will:

  • Create a client context for my site which uses a specific authentication method.
  • Instruct the client context that I want to load the sub-site.
  • Get the title of the site and write it to console.

Default Authentication:
In this example the client object model will connect through using the current Windows credentials (NTLM / Kerberos).
Because the default authentication method for client object model is NTLM / Kerberos we do not explicitly need to specify an authentication method.
Remember to replace the URL of the site with that of your environment.
In my environment the URL http://ltp-21:13111 points to site configured for NTLM authentication.

using System;
using Microsoft.SharePoint.Client;
namespace StdAuthSample
{
class Program
{
static void Main(string[] args)
{
ClientContext clientContext = new ClientContext("http://ltp-21:13111");
Web site = clientContext.Web;
clientContext.Load(site);
clientContext.ExecuteQuery();
Console.WriteLine("Title: {0}", site.Title);
}
}
}

Forms Authentication:
In this example the client object model will connect through using Forms Authentication.
You have to explicitly set the authentication method to Forms Authentication by using the clientContext.AuthenticationMode.
Then you also have to specify the Authentication Login Info by creating an instance of FormsAuthenticationLoginInfo and setting the new clientContext.FormsAuthenticationLoginInfo to that of your FormsAuthenticationLoginInfo object.
Remember to replace the URL of the site with that of your environment.
In my environment the URL http://ltp-21:31890 points to a site configured for Forms Authentication.

ClientContext clientContext = new ClientContext("http://ltp-21:31890");
//Set the AuthenticationMode
clientContext.AuthenticationMode = ClientAuthenticationMode.FormsAuthentication;
//Instantiate a FormsAuthenticationLoginInfo object.
FormsAuthenticationLoginInfo formsAuthInfo = new
FormsAuthenticationLoginInfo("MyFormsTestUser", "MyUserPassword!2");
//Specify the login details using the FormsAuthenticationLoginInfo object.
clientContext.FormsAuthenticationLoginInfo = formsAuthInfo;
Web site = clientContext.Web;
clientContext.Load(site);
clientContext.ExecuteQuery();
Console.WriteLine("Title: {0}", site.Title);

Anonymous Authentication:
In this example the client object model will connect through using Anonymous Authentication.
You have to explicitly set the authentication method to Anonymous Authentication by using the clientContext.AuthenticationMode.
Remember to replace the URL of the site with that of your environment.
In my environment the URL http://ltp-21:12381 points to a site configured for Anonymous Authentication.

ClientContext clientContext = new ClientContext("http://ltp-21:12381");
//Set the AuthenticationMode
clientContext.AuthenticationMode = ClientAuthenticationMode.Anonymous;
Web site = clientContext.Web;
clientContext.Load(site);
clientContext.ExecuteQuery();
Console.WriteLine("Title: {0}", site.Title);

I hope this will give you a simple but complete overview of the 3 authentication methods available when using the .Net Managed SharePoint 2010 Client Object Model.
Enjoy!!

5 comments:

Anonymous said...

Very good Article..!

When I tried with FormsAuthentication, got an exception like "The request failed with HTTP status 417: Expectation failed" .

And it works with

System.Net.ServicePointManager.Expect100Continue = false;

Thank you.

lwnuclear said...

Hi

If a document gets added to a library, what would the Created By user show if ClientAuthenticationMode.Anonymous was used?

Mike Graham said...

Solved !! Why WPF Authentication wouldn't work when Silverlight works. (WPF was trying to use Kerberos, Silverlight was using NTLM) - Simple fix:

ClientContext _clientContext = new ClientContext(sharePointSiteUrl);
Web _web = _clientContext.Web;

_clientContext.Load(_web, website => website.Title);
_clientContext.Load(_web.Webs);

CredentialCache cc = new CredentialCache();
cc.Add(new Uri(sharePointSiteUrl), "NTLM", CredentialCache.DefaultNetworkCredentials);
_clientContext.Credentials = cc;
_clientContext.AuthenticationMode = ClientAuthenticationMode.Default;

_clientContext.ExecuteQuery();
ListCollection _listCollection = _web.Lists;

Mahmoud Hassan said...

in Client OM you dont have AuthenticationMode property, So for anonymous accessing sharepoint you need to run the following run the following PowerShell commands

$webapp = Get-SPWebApplication “http://URL”
$webapp.ClientCallableSettings.AnonymousRestrictedTypes.Remove([microsoft.sharepoint.splist], “GetItems”)
$webapp.Update()

hope this help :)

Mahmoud Hassan said...

i ment for Silverlight client OM
sorry for mistake

Post a Comment