SharePoint serendipity is the effect by which one accidentally discovers something fortunate, especially while looking for something else entirely. In this case, it is the occassional musings, observations, and Ouija board readings about the phabulously

Retrieving REST Data Using NTLM From a Dual Auth Site in SharePoint 2010

Retrieving REST Data Using NTLM From a Dual Auth Site in SharePoint 2010

  • Comments 2
  • Likes

The title of this post actually makes this sound a lot more complicated than the final solution.  It's really a case of combining the techniques I discussed in two previous posts: and  The short version of the scenario is this - some folks wanted to do a something like a health check ping against a SharePoint site that used SAML authentication.  Previously they had only been working against sites that used on Windows authentication, and as soon as they tried those tools against a site that supported multiple authentication types - SAML and Windows - those tools stopped working.

The point of the health check is just to make a request to a site and make sure that data is returned; if some error code is returned instead then they can start digging into it.  I decided the easiest way to do this was just to make a call to the listdata.svc that is the REST endpoint for the site.  It is something that will always be there, and configuring it to force it into using NTLM in a multi-auth site is something that I figured would be pretty easy, and in fact it was.  The gist of the approach is just to make an HttpWebRequest and add the header I described in the second link above to force it use NTLM.  The result is a fairly straightforward looking chunk of code that looks like this:

string endpoint = UrlTxt.Text + "/_vti_bin/listdata.svc";
//make a request to the REST interface for the data
HttpWebRequest webRqst = (HttpWebRequest)WebRequest.Create(endpoint);
webRqst.UseDefaultCredentials = true;
webRqst.Method = "GET";
webRqst.Accept = "*/*";
webRqst.KeepAlive = true;
webRqst.Headers.Add("X-FORMS_BASED_AUTH_ACCEPTED", "f");

//read the response now
HttpWebResponse webResp = webRqst.GetResponse() as HttpWebResponse;

//make the request and get the response
StreamReader theData = new StreamReader(webResp.GetResponseStream(), true);
string payload = theData.ReadToEnd();

ResultsTxt.Text = payload;

So as you can see, I just create the request, set a few properties and then add my header that tells SharePoint to use Windows auth.  Then I just make my request and I'm good to go.  It's a pretty simple project, but I've attached the complete solution to this posting in case it's helpful.


  • <p>Hi Steve,</p> <p>Great post. &nbsp;I have a question that may or may not be related. &nbsp;I&#39;ve been working to create a Custom Claims Provider for SP2010. &nbsp;I am authenticating to ADFSv2 to get a SAML token with some claims, and I want a custom claims provider (farm feature in SP2010) to then augment those claims. &nbsp;However, I want it to access content from a SharePoint list (within the custom claims provider) to use in augmenting the user&#39;s claims. &nbsp;But, in the custom claims provider the SPContext.Current object is always NULL... so I can&#39;t get a Web and can&#39;t get the pre-defined list.</p> <p>So, I&#39;m wondering am I doing something wrong in trying to use the SPContext.Current object for this, or is using REST as you&#39;ve defined here the only way to access SharePoint list content from within a Custom Claims Provider?</p> <p>Thanks,</p> <p>A</p>

  • <p>After 4 days of fighting with dual- auth and getting 403 Forbidden errors, when trying to access the Excel REST services, you finally saved me!! That one line of code is magical. THANKS!</p>

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment