CODEWITHSUNDEEP
c#authenticationsharepointntlmcsom
PsMaster
PsMaster

Reputation: 141

C# SharePoint 2013 CSOM multi-authentication

We have our on-premises SharePoint2013 and it has multiple authentication methods enabled (NTLM and FBA).

Now when I try to authenticate to this server with CSOM and try to get a List for example, the server returns: "Access denied. You do not have permission to perform this action or access this resource.", though I do have permissions (have full control and whatever is needed) and SharePoint provides me with FedAuth cookie. Checked out the requests with fiddler, seems like CSOM can't access client.svc service even though it is started and running? Code sample: 

using System;
using System.Net;
using System.Security;
using SP = Microsoft.SharePoint.Client;

namespace TestConsoleTemp
{
public class Program
{
  static void Main(string[] args)
  {
        using (SP.ClientContext context = new SP.ClientContext("https://mywebsite.com"))
        {
            var cc = new CredentialCache();
            var passWord = new SecureString();
            foreach (char c in "password".ToCharArray()) passWord.AppendChar(c);
            cc.Add(new Uri("https://myportal.sis.lt"), "NTLM", new NetworkCredential("username", passWord, "domain"));
            context.Credentials = cc;
            context.ExecutingWebRequest += new EventHandler<SP.WebRequestEventArgs>(clientContext_ExecutingWebRequest);
            var list = context.Web.Lists.GetByTitle("listName");
            context.Load(list);
            context.ExecuteQuery();
        }
    }
    static void clientContext_ExecutingWebRequest(object sender, SP.WebRequestEventArgs e)
    {
        e.WebRequestExecutor.WebRequest.Headers.Add("X-FORMS_BASED_AUTH_ACCEPTED", "f");
    } 
  }
}

Same code works with other servers where we have only NTLM authentication or on cloud (Office365) even without adding the header.

Could someone explain why CSOM does not work when both NTLM and FBA are enabled?

Upvotes: 1

Views: 5388

Answers (1)

Godwin
Godwin

Reputation: 600

We faced the same issue, for us it was related to the login page and authentication, If you are using a custom login page follow the steps described here to get the CSOM working. If you are not using a custom login page, you could still try the same activities with the SharePoint default login page.

Here is the relevant code:

context.ExecutingWebRequest += new EventHandler<WebRequestEventArgs>((obj, e) => {
    e.WebRequestExecutor.WebRequest.Headers.Add("X-FORMS_BASED_AUTH_ACCEPTED", "f");   
});

When you use Network credentials on a site collection that has FBA enabled, you must explicitly tell the auth method not to use forms based auth with that header X-FORMS_BASED_AUTH_ACCEPTED.

See also: https://learn.microsoft.com/en-us/previous-versions/office/developer/sharepoint-2010/hh124553(v=office.14)?redirectedfrom=MSDN

Upvotes: 1

Related Questions