Cross Domain Support

May 4, 2010 at 2:53 PM
Edited May 4, 2010 at 2:54 PM

Marc,

I finally figured out what the issue is for the problem I tweeted you about yesterday, and because I think it is relevant to the community I'm posting it here for comments.

To catch everyone up on the situation, I'm attempting to consume the lists web services from a SharePoint farm from another authenticated web site within the internal network. The goal is to push publishing pages from SharePoint to a non-SharePoint server for use by some developers. When the script is placed inside the SharePoint farm everything works as expected. However, placing it on the other web server generates an Access Denied error.

At first, I thought this was SharePoint denying access to the web service because credentials were not getting passed, but after resolving that issue and validating that the web server was using the same credentials as SharePoint the error still could not be resolved. However, upon further investigation I realized that this is due to cross domain scripting issues -- the SharePoint server and the other web server have different url's. This is generating a cross-domain security issue that causes my script to receive the access denied error message.

There is only one AJAX method that supports cross-domain ajax calls, JSONP. Since the data being returned by SharePoint is XML, this may not be possible but I am wondering if there is any workaround. Since the web server in question is a .Net server I could create a local Web Service that calls into the SharePoint web services with the same signatures, etc but that's a lot of work for a group of developers who can, and do, have access to the SharePoint server (and multiple SharePoint test environments).

Chris

Coordinator
May 4, 2010 at 9:09 PM

Chris:

This one is a bit out of my depth.  I'll see if I can find an answer, though.

M.

Nov 5, 2010 at 12:01 AM

Chris, you're right on with your assessment.  If you want to make cross-domain client side service requests requests, JSONP is pretty much your only reliable option.  As you noted, you can take a different strategy and make the requests server-side.  The only other alternative would be to write a custom service on the SharePoint server that exposes list data via JSONP.

Nov 8, 2010 at 10:40 PM

I am in the same sitaution Chris: IIS server and SP Farm. I am able to use webservices on my IIS pages (GetListItems to be precise). The IIS URL is uhnold.abc.om the SP URL is uhn.abc.com/sites/web/. I have the standard Jquery and the SP services library installed on the SP server and call them on the IIS server using the absolute path. I am more a front end guy, but I owould guess that server security settings could be configured different depending on the environment. I haven't tried using any other features of this library past GetListItems yet.