WCF.&.WSS.Web.Services

If you ever need to access one of the out-of-the-box SharePoint Web Services, you may find this post valuable to you. I was tasked to access a SharePoint Web Services from .NET code and I ran into several issues which are quite frustrating. I'm using MOSS SP1 on Windows Server 2008 and developing on Visual Studio 2008 SP1.

You should know that SharePoint 2007 Web Services are still ASMX web services whereas I'm more of a WCF fan.

First of all, if you are using host headers in your SharePoint sites, you will be awaken to a rude surprise that you won't be able to use "Add Service Reference" from Visual Studio 2008 to generate a proxy for the SharePoint Web Service.

You will encounter a symptom where you will be asked repeatedly to enter your crendentials for the web service in a Discovery Credential dialog box. Despite entering the right credentials, the dialog box will not dismiss and will continue to prompt you (until you smash your PC). If you choose to cancel the dialog box, you will not be able to generate the proxy for the Web Service.

You may try to use the "Add Web Reference" option as an alternative but you will receive near similar problems in generating the proxy. After two days of searching the Internet, I finally discovered that this is caused by the host headers. If you are using port numbers instead of host headers, you will not encounter this issue.

To rectify this problem, follow one of the methods listed in this KB Article. Once you are done, you should be able to "Add Service Reference" with no problems and you can proceed with your code.

Once you are ready to test calling the web service, you will again be slapped with another surprise! You may encounter the following exception:

The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'NTLM'.

What you need to do is to modify some settings in the app.config of your .NET program. Locate the following security section in your binding (usually basicHttpBinding):



and replace it with



Then add the following line in your .NET code (my sample is in C#):

CopySoapClient proxy = new CopySoapClient();
proxy.ClientCredentials.Windows.AllowedImpersonationLevel =
TokenImpersonationLevel.Impersonation;

Now everything should work fine.

Take note that if you try to bypass the host header problem by getting someone else to generate the proxy for you, you may encounter a more confusing version of the error message when you execute your code:

The HTTP request is unauthorized with client authentication scheme 'Ntlm'. The authentication header received from the server was 'NTLM'.

You must solve the host header problem in order to get everything working.