It is probably no secret to most SharePoint developers that Microsoft provides web services to access SharePoint services. Unlike the traditional, object model approach, these web services provide a level of flexibility – client code does not have to execute on the same server as the queried SharePoint site. Client code can query SharePoint services from anywhere remote as long as the /_vti_bin/ relative URL of the SharePoint site is accessible.
Accessing a SharePoint web service usually involves an authentication step because some of the queried objects (lists) are not accessible to anonymous users, regardless of the access permissions of the web service.
When using the default NTLM/Windows authentication scheme, assigning a new System.Net.NetworkCredential object to the Credentials property of the service proxy object is enough to get you on the road. Thus so (C#):
proxyObj.Credentials = new NetworkCredential(“username”, “password”, “domain”);
However, if your site used forms-based authentication you need to do a little more work:
In the example code above, Authentication is the proxy object to the /_vti_bin/Authentication.asmx service and Lists is the proxy object to
The authentication service passes the supplied credentials to SharePoint, which in turn uses the current membership provider tied to the forms-authentication scheme. Upon successful authentication, the code above extracts the returned cookie (containing the security ticket) and passes it to the lists web service as part of the subsequent call.