Search Wiki:

Developing Windows Phone 7 Applications for SharePoint 2010

Learn how to develop custom Silverlight applications on Windows Phone 7 to leverage the SharePoint 2010 platform.

The Windows Phone 7 platform contains great out of the box integration with SharePoint under the Office Hub. But what if you want to create your own custom applications on the phone that leverage SharePoint 2010 data and services? In this blog post I will take you through the process of creating your first custom Silverlight application on the phone that consumes SharePoint data.

SharePoint Phone Tasks Sample Application (Click Downloads Tab)

While the Office hub is interesting and has a lot of capabilities out of the box. As a developer I just want to be able to create my own applications that can leverage the full power of the SharePoint platform. In this sample application I will call the SharePoint Lists.asmx Web Service to retrieve Tasks from the Tasks List. The Tasks are data bound to a ListBox. There is also a data bound details Grid that will show the Task details of the selected item.


Forms Based Authentication (FBA)

One of the first hurdles when developing a SharePoint app is the fact that Windows Phone 7 does not support Windows Authentication (NTLM). This means that you will need to enable FBA on your SharePoint site. In the sample that I created I used a LDAP claims provider. This enabled me to use the same users that I already had in my Active Directory store. I also enabled dual mode so that I could log into the SharePoint site using either Windows Authentication (NTLM) or Forms Based Authentication (FBA). I also enabled anonymous access as well. This allowed me to choose which login method I wanted to use. Without enabling anonymous access the browser would have automatically logged me in with my current NTLM credentials. The bottom line is that you need to enable FBA on your SharePoint sites that you will access from the Phone.

Getting the Security Token

The process for logging into SharePoint is outlined in the following diagram (and simplified). First the app/user tries to access a secure resource/service. They are redirected to a login page. The login page redirects to the authentication.asmx service. The authentication service returns a security token (FEDAUTH). For every subsequent call the security token is passed to the server. The sever verifies the token and returns the requested resource/service.
So all you need to do is get the security token and pass it along. It sounds simple enough. The problem is that the FEDAUTH security cookie is marked with a “HTTPOnly” flag, this means that you cannot access this cookie from code. All of the APIs in the stack honor this flag so you can’t get to the FEDAUTH token. Fortunately .NET includes a CookieContainer class that holds the collection of cookies sent and retrieved from a web request. Here is the “Trick” to make everything work. If you look into this CookieContainer class in the debugger you will not see the FEDAUTH cookie or any other HTTPOnly, but they are there. All you need to do is simply pass the CookieContainer along from call to call.

Once you have the security token, or at least the CookieContainer that the token is in, you can create your SharePoint application using Web Services or WCF Data Services just as you would with any other SharePoint application. Unfortunately, the Silverlight Client Object Model is not supported on the Phone.

Check out this post about the Sample Application:

Visit my Blog for more details:
Last edited Oct 5 2010 at 12:01 AM  by pstubbs, version 6
Page view tracker