Configure Web service proxy for InfoPath Forms Services (SharePoint Server 2010)

 

Applies to: SharePoint Server 2010

The InfoPath Forms Services Web service proxy enables Microsoft InfoPath forms that are running in a Web browser to connect to Web services by using authentication credentials trusted by the Web service, while separately passing the identity of the form user to the Web service for authorization purposes. Using the InfoPath Forms Services Web service proxy makes possible the following two scenarios that are not otherwise achievable with Microsoft InfoPath forms that are running in a Web browser:

• Authentication to a Web service on a third tier when Windows NTLM authentication would normally prevent re-use of user credentials.

• Symmetrical authentication between a form in Microsoft InfoPath Filler 2010 and the same form that is running in a Web browser.

To use the InfoPath Forms Services Web service proxy from an InfoPath form, a form designer completes the following steps:

1. Create a Web service connection from within Microsoft InfoPath Designer 2010.

2. Convert the Web service data connection to use settings from a data connection file in a data connection library.

3. Modify the data connection file by using a text or XML editor to add the following:

   • The attribute useFormsServiceProxy with the value True.

   • An Authentication element that references a valid Secure Store application ID. The Secure Store application must contain credentials that are trusted by the Web service that is used by the connection that was created in step 1.

When the form is filled out in either InfoPath Filler 2010 or InfoPath Forms Services, the form forwards the Web service call to the InfoPath Forms Services Web service proxy, which calls the target Web service and passes back the results of the Web service call to the form. The InfoPath Forms Services Web service proxy authenticates to the Web service by impersonating the trusted credentials specified in the Secure Store application ID referenced in the data connection file. It also adds a WS-Security UserNameToken to the SOAP header of the Web service call. The WS-Security UserNameToken contains the Windows user name of the user who is filling out the form, with a blank password. The Web service can use this user name for authentication purposes.

Note

This works best with a Web service that was built with the InfoPath Forms Services Web service proxy in mind.

For more information about configuring the Secure Store Service, see Configure the Secure Store Service (SharePoint Server 2010). For more information about data connection files, see Manage data connection files for InfoPath Forms Services (SharePoint Server 2010). For more information about the useFormsServiceProxy attribute and the Authentication element within a data connection file, see Universal Data Connection v2.0 Reference and Schema (https://go.microsoft.com/fwlink/p/?LinkId=188138).

Enable the InfoPath Forms Services Web service proxy

By default, the InfoPath Forms Services Web service proxy is not enabled. Enabling the Web service proxy makes it available for use by administrator-approved forms. You can also choose to allow user forms to use the Web service proxy. The Web service proxy settings apply to the entire server farm.

To enable the InfoPath Forms Services Web service proxy by using Central Administration

1. Verify that the user account that is performing this procedure is a member of the Farm Administrators SharePoint group.

2. On the Quick Launch of the Central Administration Web site, click General Application Settings.

3. On the General Application Settings page, in the InfoPath Forms Services section, click Configure InfoPath Forms Services Web Service Proxy.

4. On the Configure InfoPath Forms Services Web Service Proxy page, in the Enable InfoPath Forms Services Web service proxy section, ensure that the Enable check box is selected.

5. To enable user forms to use the Web service proxy, in the Enable InfoPath Forms Services Web service proxy for user forms section, select the Enable check box.

   Note

   When this setting is enabled, user form templates can use the InfoPath Forms Services Web service proxy. Administrator-approved form templates use the Web service proxy if it is enabled even if this setting is not enabled.

6. Click OK.

To enable the InfoPath Forms Services Web service proxy by using Windows PowerShell

1. Verify that you meet the following minimum requirements: See Add-SPShellAdmin.

2. On the Start menu, click All Programs.

3. Click Microsoft SharePoint 2010 Products.

4. Click SharePoint 2010 Management Shell.

5. To enable the InfoPath Forms Services Web service proxy, at the Windows PowerShell command prompt, type the following command:

   Set-SPInfoPathWebServiceProxy -Identity "<URL>" -AllowWebServiceProxy $true
   

   Where <URL> is the URL of the Web application that is associated with the Web service proxy.

6. To enable user forms to use the InfoPath Forms Services Web service proxy, type the following command:

   Set-SPInfoPathWebServiceProxy -Identity "<URL>" -AllowForUserForms $true
   

   Where <URL> is the URL of the Web application that is associated with the Web service proxy.

   Note

   The AllowForUserForms parameter can be set to True only when the AllowWebServiceProxy parameter is set to True.

For more information, see Set-SPInfoPathWebServiceProxy.

Note

We recommend that you use Windows PowerShell when performing command-line administrative tasks. The Stsadm command-line tool has been deprecated, but is included to support compatibility with previous product versions.

Enable server-specific authentication settings for user form templates

The Secure Store application ID is stored in a data connection file. By default, user form templates cannot use authentication information that is contained in a data connection file.

To enable server-specific authentication settings for user form templates by using Central Administration

1. Verify that the user account that is performing this procedure is a member of the Farm Administrators SharePoint group.

2. In Central Administration, on the Quick Launch, click General Application Settings.

3. On the General Application Settings page, in the InfoPath Forms Services section, click Configure InfoPath Forms Services.

4. On the Configure InfoPath Forms Services page, in the Authentication to data sources (user form templates) section, select the Allow user form templates to use authentication information that is contained in data connection files check box.

5. Click OK.

To enable server-specific authentication settings for user form templates by using Windows PowerShell

1. Verify that you meet the following minimum requirements: See Add-SPShellAdmin.

2. On the Start menu, click All Programs.

3. Click Microsoft SharePoint 2010 Products.

4. Click SharePoint 2010 Management Shell.

5. At the Windows PowerShell command prompt, type the following command:

   Set-SPInfoPathFormsService -AllowUdcAuthenticationForDataConnections $true
   

For more information, see Set-SPInfoPathFormsService.

Note

We recommend that you use Windows PowerShell when performing command-line administrative tasks. The Stsadm command-line tool has been deprecated, but is included to support compatibility with previous product versions.

See Also

Concepts

InfoPath Services cmdlets (SharePoint Server 2010)
InfoPath forms administration (SharePoint Server 2010)