Something strange …

That day, trying to unravel the mystery of (ideally, to find workaround) on the lack of access to data on Sharepoint sites with anonymous access allowed (!?).

Here is a test console program:

using System;
using GetListDataWCF.Lists_WS; // proxy for Lists.asmx
using System.Net;
using System.Xml;

namespace GetListDataWCF {
   class Program {
       static void Main(string[] args) {
           if (args.Length > 0)
               new Test().GetData(args[0]);
           else
               Console.WriteLine(
                   "Usage:{0} <url of site>",
                   typeof(Test).Assembly.ManifestModule.Name);
       }
   }
   class Test {
       public void GetData(string url) {
           Lists lists = new Lists();
           lists.Url = url.TrimEnd("/".ToCharArray()) +
                            "/_vti_bin/Lists.asmx";
           lists.Credentials = CredentialCache.DefaultCredentials;
           XmlNode tst =null;
           try {
               tst = lists.GetListCollection();
               Console.WriteLine(string.Format(
                      "success: {0} bytes",  tst.OuterXml.Length));
           } catch (Exception err) {
               Console.WriteLine(
                      string.Format("error: {0}", err.Message));
           }
       }
   }
}

The program applies to the site, the URL of which passed through the command-line switch causes the method GetListCollection () of Lists.asmx service, and if successful, displays the size of the response service (the contents of the response in this case does not matter). . Compiled software - are here. Actually, the algorithm taken from SDK, I have used it in various programs and until recently (at least until September-October 2008) was carried out successfully to all nodes, which allow anonymous access to the data.

Now, the bizarre result of the program depends on the user launching the program, and maybe even from some factors. Most often, the result is "error: The request failed with HTTP status 401: Unauthorized.", in the case of Forms-authentication - "403, forbidden". Cases of successful fulfillment of requests are rare. In doing so, such conduct "different" only WSS-3 sites, sites WSS-2 give the data as expected.

To check you can use nodes with addresses
http://sharepoint-community.ru:55555/ (Win-authentication)
http://sharepoint-community.ru/ (Forms-authentication)
http://www.sharepointcommunity.com/ (Win-authentication)
http://new.hse.ru/sites/ibs_test/ (WSS-2 site).
At all sites allow anonymous access to the data, the successful completion of the testing program is observed only at the last node.

Very similar to the result of "improvements" in security ...

Technorati Tags: Sharepoint