InfoPath Web Forms + SSO

About Data Connections, Authentication, and Alternate Access Mapping

Office 2007

Other Versions

Using data connections in browser-enabled InfoPath form templates introduces some potential manageability and authentication issues that you should consider. These issues can be addressed by using Universal Data Connection (UDC) files to abstract the data connection information from the form template, by using Office Single Sign-On (SSO) services to handle authentication issues in multi-tier architectures, and by using the Web service proxy available with InfoPath Forms Services.

How to: Create and Use a Data Connection Library

Office 2007

Other Versions

A Data Connection Library (DCL) in Microsoft Office SharePoint Server 2007 is a library that can contain two different types of data connections: an Office Data Connection (ODC) file or a Universal Data Connection (UDC) file. Microsoft Office InfoPath 2007 uses data connections that conform to the Universal Data Connection (UDC) file schema and typically have either a *.udcx or *.xml file extension. Data sources described by these data connections are stored on the server and can be used in standard form templates and browser-enabled form templates.

Configure single sign-on (Office SharePoint Server)

Updated: 2009-03-26

Single sign-on (SSO) is a Microsoft Office SharePoint Server feature that provides storage and mapping of credentials such as account names and passwords. Using SSO, portal site–based applications can retrieve information from third-party applications and back-end systems such as Enterprise Resource Planning (ERP) and Customer Relations Management (CRM) systems.

The use of single sign-on functionality enables users to authenticate only once when they access portal site–based applications that need to obtain information from other business applications and systems.

Configuring single sign-on consists of five tasks:

SharePoint 2007 Single Sign-On Setup

I went through and ran through setting up SSO for a test environment to see what all the hype was about. I can’t believe that the administration accounts are that confusing to setup. Here are the steps that I took to get the SSO configured and the database created.

MSDN Blogs > Onsighting Microsoft products and technologies Implementing single sign-on (SSO) with MOSS 2007

Implementing single sign-on (SSO) with MOSS 2007

I needed to build up MOSS 2007 portal that would integrate some of the existing Line Of Business (LOB) applications. We also needed to use SSO, because some of the applications weren’t AD-enabled. To use SSO, you can create your own custom web part and connect to the SSO services through there.

MOSS 2007 + SSO + ISA 2006 + Office 2007 Clients Integration = ?

Category: Systems — Joaquim Anguas @ 7:51 pm

MOSS 2007 provides a tight integration with Office 2007 client applications, allowing you to do things like open / create files from MOSS 2007 document libraries and save them right to the library itself (with a local copy in case you want to work offline). ISA 2006 offers Single Sign On (SSO) so you can embed / link other sites of yours (like OWA) on your sharepoint sites. One expects (or at least users do) that these “star” features work out of the box when he installs a server in a standard scenario, right?

Not quite so…

Single Sign-on (SSO) functionality in MOSS 2007


Let me discuss about Single Sign-on (SSO) functionality in MOSS 2007.  This is a very useful feature in MOSS 2007 that lets you interact with external data in a secure manner.

I have seen many useful blogs that give you introduction to MOSS 2007 SSO. I am going to try to differ a little bit by walking you through basic steps of configuring external data sources and accessing the data using a web part in MOSS 2007.

InfoPath Forms Services – Web service will not work in browser. 5566 error.

SITUATION
A couple of forms have been developed to deliver automated IT New Starter & IT Request procedures. These forms have been created using the following web services;
• GetUserProfileByName
• GetUserCollectionFromGroup

These forms have been published to a test forms library within the SharePoint site collection and function correctly (importing all requisite data as defined by the data connection) when opened using the InfoPath 2007 client.

When these forms are opened in the web browser the following error is received;
An error occurred accessing a data source.
An entry has been added to the Windows event log of the server.
Log ID:5566

Works in client, but not in forms services.

I get the below erroe if I try to open my form uisng browser.

An entry has been added to the Windows event log of the server.

Log ID:5337

I checked my client cumuper event log and the server, I could not find an entry.

Where is this logging?

Little background..

1) My form has code on loading event, it get a query parameter and passes to webservice.

Please help.

WebDev2000  Wednesday, May 23, 2007 7:18 PM

update –

I could see the error in the log file (C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\LOGS\).

"Security settings on the server prevent the use of this data connection. Security settings on the server prevent the use of this data connection"

Not sure which security settings

Configure Web service proxy for InfoPath Forms Services (SharePoint Server 2010)

Updated: June 17, 2010

The InfoPath Forms Services Web service proxy enables Microsoft InfoPath forms that are running in a Web browser to connect to Web services by using authentication credentials trusted by the Web service, while separately passing the identity of the form user to the Web service for authorization purposes. Using the InfoPath Forms Services Web service proxy makes possible the following two scenarios that are not otherwise achievable with Microsoft InfoPath forms that are running in a Web browser:

  • Authentication to a Web service on a third tier when Windows NTLM authentication would normally prevent re-use of user credentials.

  • Symmetrical authentication between a form in Microsoft InfoPath Filler 2010 and the same form that is running in a Web browser.

To use the InfoPath Forms Services Web service proxy from an InfoPath form, a form designer completes the following steps:

  1. Create a Web service connection from within Microsoft InfoPath Designer 2010.

  2. Convert the Web service data connection to use settings from a data connection file in a data connection library.
  3. Modify the data connection file by using a text or XML editor to add the following:

Using NTLM authentication with Web Service Proxy

Hi Everyone! 

The short version of my trouble is that I have forms that are trying to call a web service through the forms services web service proxy but they are being denied access to the web service because the proxy is not properly authenticating with the web service.  I understand that the proxy is supposed to authenticate using the MOSS service account but it is trying to impersonate the logged on user which doesn’t work because I don’t have Kerberos enabled.   I just want to make a secure web service connection without having to enable Kerberos or SSO.

Here is the long version:  I created several web enabled forms that use a web service for querying and submitting data. They were all working fine except that when I got ready to move them to production I realized that I had left anonymous access enabled for the web service the whole time and my client frowns upon anonymous access in production.  Go figure!  I then changed the IIS settings for my web service to Integrated Windows Authentication only and made the appropriate changes in the web.config to only allow authorized users. 

Web Service NTLM Authentication Trouble

Reply Contact

Hi Everyone! 

The short version of my trouble is that I have forms that are trying to call a web service through the forms services web service proxy but they are being denied access to the web service because the proxy is not properly authenticating with the web service.  I understand that the proxy is supposed to authenticate using the MOSS service account but it is trying to impersonate the logged on user which doesn’t work because I don’t have Kerberos enabled.   I just want to make a secure web service connection without having to enable Kerberos or SSO.

Here is the long version:  I created several web enabled forms that use a web service for querying and submitting data. They were all working fine except that when I got ready to move them to production I realized that I had left anonymous access enabled for the web service the whole time and my client frowns upon anonymous access in production.  Go figure!  I then changed the IIS settings for my web service to Integrated Windows Authentication only and made the appropriate changes in the web.config to only allow authorized users.  The result is that my forms work when I am logged in locally to the MOSS server, but if I access them from a different computer it becomes a double hop scenario and the form calls the web service without authenticating and is denied access.  I just want the form to use the MOSS service account to call the web service and after doing some research it appears that the Forms Service Proxy is designed to allow me to do just that.  I enabled the Forms Service Proxy in SharePoint Central Admin and in all my UDC files, but my forms are still trying to impersonate my account when they call the web service instead of using the MOSS service account as I would expect.  I have verified this by checking the IIS logs.  I know that the forms are using the proxy because if I disable the proxy in SharePoint Central Admin I receive errors in the SharePoint logs saying that an exception occurred in the Forms Service Proxy.  That error goes away when I re-enable the proxy.  I know SSO is another option but I don’t want to use it because I understand that the users will have to enter their passwords the first time they use it and that is really not an option.

 Does anyone have any ideas of how I can troubleshoot this?  Please help!

 Russ

Configure Web service proxy for InfoPath Forms Services (SharePoint Server 2010)

Updated: June 17, 2010

The InfoPath Forms Services Web service proxy enables Microsoft InfoPath forms that are running in a Web browser to connect to Web services by using authentication credentials trusted by the Web service, while separately passing the identity of the form user to the Web service for authorization purposes. Using the InfoPath Forms Services Web service proxy makes possible the following two scenarios that are not otherwise achievable with Microsoft InfoPath forms that are running in a Web browser:

  • Authentication to a Web service on a third tier when Windows NTLM authentication would normally prevent re-use of user credentials.

  • Symmetrical authentication between a form in Microsoft InfoPath Filler 2010 and the same form that is running in a Web browser.

To use the InfoPath Forms Services Web service proxy from an InfoPath form, a form designer completes the following steps:

  1. Create a Web service connection from within Microsoft InfoPath Designer 2010.

  2. Convert the Web service data connection to use settings from a data connection file in a data connection library.
  3. Modify the data connection file by using a text or XML editor to add the following:
Kategória: Nincs kategorizálva | A közvetlen link.

Elnézést, a hozzászólás ezen a részen nem engedélyezett.