I have a SharePoint portal that is working correctly when "Enable Windows Authentication"/"Integrated Windows authentication" is activated (we are using "Claims Based Authentication"), I can browse the SharePoint portal, and I can call "https://my-shp/_vti_bin/Lists.asmx" from my custom c# application (and from Postman).
The problem starts when I activate "Trusted Indentity Provider"/"SAML Provider" (both windows authentication and SAML Provider are activated) now browsing the portal is working (when I try to browse I have a page that asks me if I want to use "Windows authentication" or "SAML Provider", I select "windows authentication" then I get redirected to the portal), but when I try to call the "https://my-shp/_vti_bin/Lists.asmx" from my .net custom application I get "403 FORBIDDEN", and when I try to use Postman I get the same response and in the response's header I have this entry:
X-MSDAVEXT_Error : 917656; Access denied. Before opening files in this location, you must first browse to the web site and select the option to login automatically.
What I think is that SharePoint is expecting that I tell him which method to use ("Windows authentication" or "SAML Provider") like when I try to browse the portal, but in the case of the call of the web service I don’t know how to tell him to use the "Windows authentication" (or force the use of it if no method has been specified). This problem is happening with sharepoint's own Web services like _vti_bin/Lists.asmx and with all our custom web services hosted within the SharePoint portal.
Any idea about what I am missing here?
CodePudding user response:
As a workaround you can extend web application and on the new site use only windows authentication.
https://docs.microsoft.com/en-us/SharePoint/administration/extend-a-claims-based-web-application
CodePudding user response:
Thank you for your response, your suggestion can solve the problem, so I set your answer as a correct answer, but we fixed it using another way, following this article:
To force sharepoint to use windows authentication we should add the following entry to the header of the request "X-FORMS_BASED_AUTH_ACCEPTED" with the value "f", in order to not make changes in all the places we are making calls to the webservice we added an httpmodule to inject the entry in all http requests.