authentication - Formating TclSOAP request for login to Sharepoint

Question

I got this example from Sharepoint 2010 _vti_bin/Authentication.asmx?op=Login documentation.

POST /_vti_bin/Authentication.asmx HTTP/1.1
Host: webil.marvell.com
Content-Type: application/soap+xml; charset=utf-8
Content-Length: length

<?xml version="1.0" encoding="utf-8"?>
<soap12:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap12="http://www.w3.org/2003/05/soap-envelope">
  <soap12:Body>
    <Login xmlns="http://schemas.microsoft.com/sharepoint/soap/">
      <username>string</username>
      <password>string</password>
    </Login>
  </soap12:Body>
</soap12:Envelope>

How can I create the following Request to Sharepoint Server by TclSOAP? Let say that Sharepoint server address is:

http://web.myintranet.com/

Answer 1

I suggest using TclWS.

With that it is easy to do that:

package require WS::Client
set sdef [WS::Client::GetAndParseWsdl http://web.myintranet.com/_vti_bin/Authentication.asmx]
set service [dict get $sdef name] ; # Usually "Authentication", but who knows?
set response [::WS::Client::DoCall $service Login [list username Administrator password s3cr3t]]

I can't test that because our Sharepoint Server requires even some authentification to get the WSDL, so I usually fall back to my own scripts to do the authentification.

I suggest that you take a look at the headers that are returned, esp. the WWW-Authenticate headers. If NTLM is in that list, I could provide a script that can do that.

To get the headers simply execute:

puts [http::meta [http::geturl http://web.myintranet.com/_vti_bin/Authentication.asmx]]

Edit:

To do NTLM Authentification I wrote a wrapper arround http::geturl that could also be used for other things, but NTLM was at that time important.

So in your case you need that script and initialize it:

package require SASL::NTLM
source http-sasl.tcl; # That script is what I wrote on the wiki.
rename ::http::geturl ::http::geturl_orig; # Replace ::http::geturl with my wrapper.
set ::http::SASL::geturl ::http::geturl_orig; # Tell my wrapper the name of the original ::http::geturl
interp alias {} ::http::geturl {} ::http::SASL::geturl
proc ::http::SASL::WWW-SASLCB {reqt ctx cmd args} {
    switch -exact -- $cmd {
        login {return ""}
        username {return "Administrator"}
        password {return "s3cr3t"}
        realm {return "YOURDOMAIN"}
        hostname {return [info hostname]}
        default {return -code error unexpected}
    }
}
# Now the stuff from above:
package require WS::Client
set sdef [WS::Client::GetAndParseWsdl http://web.myintranet.com/_vti_bin/Authentication.asmx]
set service [dict get $sdef name] ; # Usually "Authentication", but who knows?
set resposne [::WS::Client::DoCall $service Login [list username Administrator password s3cr3t]]

But the request fails with a Server was unable to process request. ---> Site is not configured for Claims Forms Authentication. error message.
But as far as I remember you don't need to call the webservice for login. Just access the protected resource. And if you can, pass -keepalive 1 to every http::geturl.