NOTE: This posting is a very small part of one section of a new whitepaper coming out on claims and SharePoint 2010. Look the whitepaper later this year or early next year.
SharePoint 2010 provides the ability to retrieve list data through a REST interface. In this example I'll reuse the code to get the FedAuth cookie that was included with this post: http://blogs.technet.com/b/speschka/archive/2010/06/04/using-the-client-object-model-with-a-claims-based-auth-site-in-sharepoint-2010.aspx. Once I have the FedAuth cookie I'll reuse it to make a call to retrieve list data via REST. The call will be slightly different because we’ll need to do HTTP GETs directly against the listdata service in SharePoint. The listdata service is available within any site by navigating to the _vti_bin directory. For example, if you have a site at https://claims, then to get all of the items in the Contacts list in that site you could make a request to https://claims/_vti_bin/listdata.svc/Contacts. The data is returned as Xml, which you can then process as needed for your application.
Here’s an example of code that reuses the method to obtain a FedAuth ticket, and then retrieves a list of all the items in the Contacts list:
Stepping through the code, you can see that it starts out by getting the FedAuth cookie from SharePoint as demonstrated in the previous post I linked to above. Once the cookie is obtained, a new HttpWebRequest is made that will be used to call the REST interface in SharePoint to retrieve all items in the Contacts list. A new cookie is created where the FedAuth cookie that was retrieved can be placed; this is what allows SharePoint to view our request as being authenticated. Once the cookie has been added, the request is made to the REST interface in SharePoint to retrieve the data and the results are put into the string variable payload.
If you are experiencing an error like "The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate oW0wa6ADCgEBomQEYmBgBgkqhkiG9xIBAgIDAH5RME+gAwIBBaEDAgEepBEYDzIwMTEwODA1MjA1MTMzWqUFAgMDdRemAwIBKakPGw1DT05UT1NPLkxPQ0FMqhMwEaADAgEBoQowCBsGcG9ydGFs'.", then see the update in posting http://blogs.technet.com/b/speschka/archive/2010/06/04/using-the-client-object-model-with-a-claims-based-auth-site-in-sharepoint-2010.aspx for details on how to work through that.
Thanks for this post. Is it necessary to use this method when in a Claims-based authentication enabled site? Can't you just use a normal Web Reference and it's context?
I'm asking because I've been getting errors with my silverlight web part (which uses listdata.svc) in a claims-based authentication enabled site.
do you have a link to the GetSamlToken() method you're using? Can this method be modified to look into AD instead of a custom or Adfs provider?
I want to do this to connect to a site in a web app which is in claims mode (Active Directory only) and FBA (Ldaps). I don't know how to get the cookie. If I copy the cookie using Fiddler (and IE) and set it in the GET call it works.
Do we need to add servcice reference to use this service, the way you have described?
this is brutal man! :) it saved me a lot of investigation, thanx.
Nice Post !!. Is there any way to get this working using Jquery.ajax() ?
Although this article is very old, I hope you still get a notification for this. I got the problem that a site with mixed authentication windows + fba in sharepoint 2013 claims doesn't allow for specific credentials to be handed over. If I use DefaultCredentials
everything is fine, if not, 401 Unauthorized is returned. Thanks for your help
This seems to be serving my requirements. Thanks to you!However when I copied the code into my windows application in VS 2012, I found VS could not able to locate GetSamlToken() method, I searched in google too but no luck.Could you please help me which namespace I forgot to include in my project.Thanks in Advance.
I'm not sure what is SamlTxt.Text in the code. Could you please explain?