SharePoint User Group UK

I have a form which consumes a webservice I have written. It's not a SharePoint service and isn't hosted on SharePoint itself. It is however hosted within the domain on an IIS server.

When using Infopath client I can consume the webservice without any issue. However the issue comes when deploying to the server and trying the form in the browser. On loading the form the error is: An error occurred accessing a data source.

The problem seems to be that my authentication details aren't being passed from forms service to the webservice. The servers are all setup to use integrated authentication and kerberos delegation is all sorted too.

It would seem that I have to create a UDCX file but after trying this I've had no success either.

Anyone got a clue?!?!?!

Cheers

Stephen

I also have this issue!

Further to Stephen's question i would be insterested to know if anyone has managed to get an InfoPath form running inside a MOSS web part page. One option we are looking at is using a web part called SmartPart which hosts a .NET user control & pulls the form back into the web part page.

Any suggestions on both points will be very helpful.

Thanks - Hannah

---

Hannah Scott
http://bytelab.blogspot.com

Hannah - http://blogs.msdn.com/infopath/archive/2006/10/21/hosting-infopath-forms-in-a-custom-aspx-page.aspx

I used some of the articles on there to get hosting in a webpart working. To be honest though - don't do it unless you absolutely need to!

I was following the article by Andrew Woodward (http://www.21apps.com/2007/06/infopath-forms-in-webpart.html) which uses the XMLFormViewer - I wonder if you saw his presentaion on this at the Telford meeting.

Anyway, its nearly there - i have a very basic form with no data connections this time, published to a sharepoint library, but the form is stuck on the 'form closed' error. I have tried the suggested work-arounds but no luck yet.

I'd be interested to know the reasons why you say don't do it unless absolutely necessary? Apart from the obvious things like i will go grey pematurely :)

Thanks - Hannah

---

Hannah Scott
http://bytelab.blogspot.com

How about this fellow - http://www.keirgordon.com/2007/05/embed-infopath-form-in-sharepoint-page.html

The reason I don't like the whole form in a webpart is that I don't think it's in fitting with how SharePoint and Forms Server should work. But there are some scenarios where it can be useful. Like the one I'm doing.

Hi,

We have a similar implementation as you described in the first post on one of our projects.  SharePoint authenication is using Kerberos, we also have K2 BlackPearl to host a workflow process that uses InfoPath forms hosted in Forms Services (MOSS).  We became aware that their is a bug in Forms Services that it doesn't delegate authentication.  So even when the process is running with the required rights the call to a web service isn't authenticated.  The same form works fine when using the InfoPath client.

The work around we used was to explicity declare authentication credentials stored within the UDCX data connection.  This looks like:

<udc:Authentication>
    <udc:UseExplicit CredentialType="NTLM">
        <udc:UserId>MyUser</udc:UserId>
        <udc:Password/>MyPassword</udc:Password>
    </udc:UseExplicit>
</udc:Authentication>

For more information please see http://blogs.msdn.com/infopath/archive/2006/10/02/Data-Connections-in-Browser-Forms.aspx and http://msdn2.microsoft.com/en-gb/library/ms772017.aspx.

Hope this helps

Dave

---

My SharePoint Blog www.davehunter.co.uk/blog

The description of the UDCX makes it seem like you can use Kerberos authentication.

Storing passwords and usernames in UDCX files is not something I'm really wanting to do. I'd rather just allow anonymous access to the webservice instead. Which wouldn't really be an issue as the data it will be retrieving is open to everyone.

BUT! We're trying to build a proper middle tier for corporate applications and a core of this is to where ever possible use Kerberos.

In response to the form in a webpart query - Using that code worked a treat.

Hi all,

Seems like everyone is looking to turn sharepoint into a decent middle tier lately ;-) I am facing the exact same challenge as you guys are. Basically the setup I'm looking at is the following:

• MOSS2007 enterprise server = SRV4
• Member server with IIS and ASP.NET = SRV3
• Domain controller with SQL = SRV2
• Client = CLIENT :D

All systems have been properly configured so that the required SPN's are there and kerberos constrained delegation is enabled. Furthermore all IIS servers and sharepoint have been configured to support integrated authentication. I have verified that authentication is in fact taking place through kerberos, just to make sure NTLM is not in the way.

I've installed a basic webservice on SRV3 which connects to a DB on SRV2 using integrated authentication. All it does it read 1 column from the DB. It is setup properly to impersonate the user who accesses the webservice. When testing the webservice directly from the client everything works fine and I get the results back.

So we move on and create a basic form in infopath which uses the webservice to fill entries in a drop-down box. When I test this form in infopath everything works fine, without asking for authentication so integrated auth works. Next I convert the data connection to a udcx file which I put in a data connection library on SRV4. When testing the form again using infopath it works. So far so good. Now when I publish this form to a sharepoint library and try to open it from CLIENT it does not work and provide me with the well known error "An error occurred accessing a data source".

When I check in the sharepoint logs I get the following:

System.Net.WebException: The remote server returned an error: (401) Unauthorized. ...

When I check the entries in the IIS log on SRV3 I can see the 401, and it does not provide any user authentication. Also when I use a network sniffer to check kerberos traffic I can clearly see that Sharepoint isn't even trying to get a kerberos ticket for the user and the service HTTP/SRV3.

I've also checked out some other possibilities, such as MOSS sso, but to no avail. At this point I can only come to the conclusion that sharepoint does not attempt to authenticate to the back-end webservice with the users credentials (or any credentials for that matter).

So does anyone have a clue as to what the reason for this issue might be? Dues anyone have a clue?

I can get everything to work just fine when I define a static user in the webservice to connect to the DB and allow anonymous access to the webservice. However as stephen allready mentioned in the previous post this is NOT a base to build an enterprise solution on. Auditing should be available at all levels of the information chain, certainly on the DB level.

Any help would be appreciated,

Regards

 

 

The problem doesn't strictl lie with SharePoint as it is quite capable of doing the kerberos dance. Using webparts that access databases, or using the BDC with the pass through is all fine.

It's purely an issue with the Infopath forms service itself.

The temporary solution is to switch to a hard coded user and password for the connection to the webservice, then let the web service itself use pass through I believe.

However, this is totally not in keeping with the security model that we are trying to use and I'm sure a lot of you are to.

Has this been confirmed?

"It's purely an issue with the Infopath forms service itself"

Because if this would be the case then there is no workaround to get infopath forms in sharepoint working with kerberos constrained delegation... Not untill some sort of patch from MS comes around which could take quite some time...

I'm still hoping for the best :s

Regards

I don't know the official line from MS, but this has been confirmed by the number of posts on this subject and some other our partners we work with.

I'm not keen storing the user credentials in the UDCX but its the only work around available, before a patch is released.

Dave

---

My SharePoint Blog www.davehunter.co.uk/blog