SharePoint 2010 Client Object Model - Proxy Authentication Required - sharepoint

All,
A small but irritating issue.
I am trying to create a DLL that uses the Client Object model to change a Site Tile
Microsoft.SharePoint.Client.ClientContext myCContext = new Microsoft.SharePoint.Client.ClientContext(lsiteurl);
System.Net.NetworkCredential ReqCredential = new NetworkCredential("user", "pwd", "domain");
System.Net.WebProxy ReqProxy = new System.Net.WebProxy("IP:8080", false);
myCContext.Credentials = ReqCredential;
ReqProxy.Credentials = ReqCredential;
WebRequest.DefaultWebProxy = ReqProxy;
//GlobalProxySelection.Select = ReqProxy;
Microsoft.SharePoint.Client.Web lWeb = myCContext.Web;
myCContext.Load(lWeb);
lerror = "Load SPWeb";
myCContext.ExecuteQuery();
But What I try, Every time it throws an exception on the myCContext.ExecuteQuery()
Every time the same error "407 Proxy Authentication Required", please help me resolve this issue
the solution in How do I pass my proxy credentials to a SharePoint Client Context object...? (SharePoint Client Object Model) does nothing, even the creating the new Network credentials, Proxy, ...
Thx for any help

If you go in to your internet options -> connections -> Lan settings in internet explorer you should be able to get your proxy settings from there
in your web config the same as the above link
<system.net>
<defaultProxy>
<proxy proxyaddress="address:port" bypassonlocal="True" />
</defaultProxy>
</system.net>
Give the application pool that your site resides on a recycle or a IISreset and see if this does the trick.
This resolved the same issue you are currently experiencing
Also check the you are doing this in the correct web config, Sounds stupid but i have seen people do this before.

Related

ASP.NET Windows Authentication returns wrong user to the application

I have two domains A and B, with a user Administrator in each. Both admins have different objectGuids, SIDs and passwords. There's an IIS 8.5 in B configured with Windows Authentication (Methods Negotiate/NTLM, Extended Security disabled, Kernel mode auth enabled). Domain B trusts domain A (one-way trust).
When I now open IE as A\administrator, and connect to the IIS in B, the IIS returns to me that the user logged in is B\administrator (should be A\administrator).
This is my code:
public class UserController : ApiController
{
// GET api/<controller>
public User Get()
{
var usr = ((WindowsIdentity)User.Identity).User;
return new User() {
Name = User.Identity.Name,
SID = usr==null?"":usr.ToString()
};
}
}
Also, the same is in the IIS log:
2018-05-07 09:19:10 172.17.41.31 GET /winauthtest/User - 80 B\Administrator 172.17.42.11 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+10.0;+WOW64;+Trident/7.0;+.NET4.0C;+.NET4.0E) - 404 0 2 31
Is this intended behaviour or a bug, and if it's a bug, where to report the bug?
Can I fix it by changing Windows Authentication settings, or what else could I do about it?
Do you know any other possibility to get the true SID of the user that is accessing my IIS?
OMG, I had the same problem and your problem gave me a hint as to why this is happening. So, running my project in Chrome gives me the wrong domain, while opening in Edge gives me the correct domain. I have my project set up using Windows Authentication and it seems Chrome is in some way blocking Windows Authentication.
This link gives more info.
https://specopssoft.com/blog/configuring-chrome-and-firefox-for-windows-integrated-authentication/
In the end, another of my coworker had the same issue and we couldn't fix it properly. It would misbehave randomly. The only solution that seemed to work was restarting the PC.

.Net Client Object Model in Sharepoint returns 500 internal server error while executeQuery

I am trying to see all the lists in my Site using sharepoint Client Object model , following is my code
using (ClientOM.ClientContext ctx =
new ClientOM.ClientContext(UrlTextBox.Text))
{
//Get the site
ClientOM.Web site = ctx.Web;
ctx.Load(site);
//Get Lists
ctx.Load(site.Lists);
//Query
ctx.ExecuteQuery();
}
The above code throws following Error
"The remote server returned an error: (500) Internal Server Error" Tried passing in the credentials too, but didn't work, tried passing DefaultNetworkCredentials too. No luck..
Please advice.
Check everything below and make sure nothing has stopped running.
1. Check all of your app pools.
2. Check these SharePoint Services.
3. Check the IIS Admin Service.
You need a credential before every executeQuery() :
ctx.Credentials = new NetworkCredential("LoginID", "LoginPW","LoginDomain");

How to use a logged in person's credentials to search Active Directory?

I have a web app (.NET 3.5) which is sending notifications by email to users. In order to do this, I search Active Directory to find each person's email.
At the moment, I am hardcoding my own username and password like so in order to search AD:
Dim entry As New DirectoryEntry("LDAP://companyad", "myUsername", "myPassword", AuthenticationTypes.Secure)
Dim srch As New DirectorySearcher(entry)
srch.Filter = [String].Format("(&(objectClass=person)(sAMAccountName={0}))", "someOtherUsername")
Dim result As SearchResult = srch.FindOne()
Now, obviously, this is not ideal and I don't want those credentials hardcoded. My web app is using Windows Authentication. It also uses impersonation (as the logged in user) to access files and SQL Server. Is there also a way for me to "impersonate" the logged in user in order to search AD?
EDIT 1
I thought I'd better explain why I chose this answer. The problem turned out to not be the multi-hop issue or kerberos as it seems I have set these up correctly.
I had recently changed my app to only allow access to a certain group through the web.config settings. I had previously been only allowing access to myself. I set up the group and added myself to it. I then removed the hardcoded credentials and attempted to run the app WITHOUT RESTARTING my computer.
According to my network admin, I would not be logged on under that new group until I restarted my computer which I think is what was causing my problem. So, Preet's answer is actually the most accurate as I just needed to pass the LDAP path to DirectoryEntry.
EDIT 2
I also needed to register a Service Principal Name.
I ran this:
setspn -A HTTP/[dns name of the site] [machine name]
on my development machine.
Thanks to everyone else for their answers.
Doesn't
Dim entry As New DirectoryEntry("LDAP://companyad")
work?
Why not create a new user for this purpose alone? A user with only searching rights.
I set <identity impersonate="true"/> in my web.config and added the following code to my my page load event handler. It worked fine. Are you sure you are not dealing with a multi hop situation? In that case your app pool account needs to be configured for kerberos authentication to support impersonation in a multihop scenario. More info on this is here: http://support.microsoft.com/kb/329986
Response.Write(User.Identity.Name);
DirectoryEntry entry = new DirectoryEntry("LDAP://[mydomain.net]");
DirectorySearcher srch = new DirectorySearcher(entry);
srch.Filter = string.Format("(&(objectClass=person)(sAMAccountName={0}))", "[user]");
SearchResult result = srch.FindOne();
Response.Write(result.Path);
If you wish to use the Windows logged in user account as the credentials against AD, you have to use the following:
public bool IsExistingUser() {
DirectoryEntry de = new DirectoryEntry(Environment.UserDomainName)
DirectorySearcher ds = new DirectorySearcher(de)
ds.Filter = string.Format("((objectClass=user)(SAMAccountName={0}))", Environment.UserName)
try
SearchResult sr = ds.FindOne();
if (sr != null && sr.DirectoryEntry.Name.Contains(Environment.UserName))
return true;
catch (DirectoryServicesCOMException ex)
catch (COMException ex)
throw new Exception("Can't find logged in user in AD", ex);
return false;
}
Assuming this code would compile and run, it will verify whether the existing logged in user is known by your Domain Controller.
Impersonation is discouraged as it lets litteral password strings travel in your network. So, try to avoid it as much as possible.
EDIT Here's a pretty useful link for AD: Howto: (Almost) Everything In Active Directory via C# I found this post awesome!

System.Net.WebClient doesn't work with Windows Authentication

I am trying to use System.Net.WebClient in a WinForms application to upload a file to an IIS6 server which has Windows Authentication as
it only 'Authentication' method.
WebClient myWebClient = new WebClient();
myWebClient.Credentials = new System.Net.NetworkCredential(#"boxname\peter", "mypassword");
byte[] responseArray = myWebClient.UploadFile("http://localhost/upload.aspx", fileName);
I get a 'The remote server returned an error: (401) Unauthorized', actually it is a 401.2
Both client and IIS are on the same Windows Server 2003 Dev machine.
When I try to open the page in Firefox and enter the same correct credentials as in the code, the page comes up.
However when using IE8, I get the same 401.2 error.
Tried Chrome and Opera and they both work.
I have 'Enable Integrated Windows Authentication' enabled in the IE Internet options.
The Security Event Log has a Failure Audit:
Logon Failure:
Reason: An error occurred during logon
User Name: peter
Domain: boxname
Logon Type: 3
Logon Process: ÈùÄ
Authentication Package: NTLM
Workstation Name: boxname
Status code: 0xC000006D
Substatus code: 0x0
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 127.0.0.1
Source Port: 1476
I used Process Monitor and Fiddler to investigate but to no avail.
Why would this work for 3rd party browsers but not with IE or System.Net.WebClient?
I have seen a similar issue, where the Integrated / NTLM security will only work if you are accessing the host by machine name or localhost. In fact, it is a [poorly] document feature in Windows that is designed to protect against "reflection attacks".
Basically, you need to create a registry key on the machine that is trying to access the server, and whitelist the domain you are trying to hit. Each host name / FQDN needs to be on it's own line - there are no wildcards and the name must match exactly. From the KB Article:
Click Start, click Run, type regedit, and then click OK.
In Registry Editor, locate and then click the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
Right-click MSV1_0, point to New, and then click Multi-String Value.
Type BackConnectionHostNames, and then press ENTER.
Right-click BackConnectionHostNames, and then click Modify.
In the Value data box, type the host name or the host names for the sites that are on the local computer, and then click OK.
Exit Registry Editor, and then restart the computer.
http://support.microsoft.com/kb/956158/en-us
Have you tried ...
new NetworkCredential( "peter", "password", "boxname" );
You might also try ...
var credCache = new CredentialCache();
credCache.Add( new Uri ("http://localhost/upload.aspx"),
"Negotiate",
new NetworkCredential("peter", "password", "boxname"));
wc.Credentials = credCache;
Also, according to this it may be that IIS is configured wrong. Try replacing "Negotiate" with "Basic" in the above and checking your IIS config for the website. There's also a bunch of possible causes here.
Try going into IE's options and explicitly add the site to the Intranet Zone. Then re-run the program. You should also not run the program from an administrator login. This may trigger the Enhanced Security Configuration for Internet Explorer.
It could explain why you can hit the site with Firefox and Opera, but not with IE or WebClient.
Without knowing your IIS deployment, and assuming that you have the correct authorization rules for upload set in IIS (e.g. the right allow* ACL's on the right dirs you are trying to upload content to, etc), first thing I would try is to set UseDefaultCredentials to true instead of explicitly set Credential. (Maybe you think you are accessing the server with the Credentials you are setting but that's not the case? That would be possible if this works.)
This is a very common scenario, so I would focus on IIS authorization rules for the directory in which you are trying to upload the file, the actual ACL's on that directory. For ex. is your site impersonating or not? if it is, then you have to have actual ACL's on that dir, otherwise whatever account app pool is running on.

Sharepoint Lists.asmx: The request failed with an empty response

I'm writing a very small app to create and test caml querys for sharepoint. While executing the GetListItems method I'm receiving the following exception;
System.Net.WebException: "The request failed with an empty response."
The service is located on a https address (ssl). I setup the service as follows;
result = new ListService.Lists();
result.Url = siteUrl;
result.Credentials = new NetworkCredential(txtUserName.Text, txtPassword.Text, txtDomain.Text);
I invoke the GetListItems() method as follows;
xmlResult = spList.GetListItems(listName, string.Empty, camlQuery, null, string.Empty, null, string.Empty);
I'm trying to find out why I'm getting the empty result message. I've also tried other methods (i.e. GetListCollection) but to no avail.
At first I thought that the problem might be the URL (http instead of https), but that is not the case. I even checked it with wireshark to make sure the right URL is used.
Did someone come accross this problem and how did you solve it?
OMG...! I've solved it after all. After posting this question, I tried to get hold of the wsdl the check the service itself. When I checked it via internet explorer all was ok. When I tried to add it as a reference in VS it went wrong. So something was not ok. Then it occured to me that there was a new login screen for our company network.
After some quick phonecalls I learned what the problem was; IT Services installed a ISA 2006 server and 'forgot' to tell me. The ISA server was blocking all trafic on the HTTPS port (443) for unkown programs and or clients. That's why internet explorer presented me with a new and shiny login dialog.

Resources