Sharepoint Web Services and NTLM Authentication

I noticed this strange behaviour and thought its worth a post – till I find a solution/explanation.

Scenario: I have a custom web service running under sharepoint. This means that the .asmx is in “c:\Program Files\Common Files\Microsoft Shared\web server extensions\60\ISAPI” and the binaries in the bin folder under it. The url of the web service is


The _vti_bin has NTLM authentication enabled.

When I paste the url in a browser, I go straight through to the page without any authentication! (I’ve set “Prompt for username and password” in IE).

In the web service, Context.Request.IsAuthenticated returns False and Context.User.Identity.Name returns an empty string. This is as expected.

I have a small program that connects to the web service. In the program I’m setting the credentials for the web service.

The fun starts when I create an SPSite object in the web service code. The SPWeb.CurrentUser.ToString() returns the username of the credentials set on the client!!! How the heck is the identity being passed on to Sharepoint? Or is it a bug in sharepoint that it doesnt set the Context properties? I’m stumped!!!



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s