Is there any rule that says when SOAPAction is REQUIRED in the setRequestHeader?

Marc D Anderson
  • Is there any rule that says when SOAPAction is REQUIRED in the setRequestHeader? Marc D Anderson

    Is there any rule that says when SOAPAction is REQUIRED in the setRequestHeader?

    In my jQuery library (SPServices), I've been including the SOAPAction for every Web Service call. It turns out that is what is preventing anonymous access to the Web Services to work. When I remove SOAPAction entirely and I AM logged in, some calls fail with the following error:

    errorstring: The security validation for this page is invalid. Click Back in your Web browser, refresh the page, and try your operation again. 
    errorcode: 0x8102006d

    I suppose that it could be as simple as operations which read vs. operations which write, but I figured I'd toss it out there for ideas.


    UPDATE: @cwheeler76 pointed out this article from Jan Tielens: The security validation for this page is invalid" when calling the SharePoint Web Services. It also describes the problem and the solution using SOAPAction. I'm looking for more the 'when' as opposed to the 'how'.

  • Well, no one else had an answer, so I think I figured it out for myself. I'm going to mark my own answer here as the right one and see if I can push my points from 998 over 1000. UPDATE: Damn. I have to wait 12 hours to be a greedy point grabber and mark my own post as the answer.

    The full answer and how I got to it is in my blog post entitled Allowing Anonymous Access with SharePoint Web Services and SPServices, but here's the meat of it:

    It turns out that you don't need to pass the SOAPHeader if the Web Service operation is a read-only one. For instance, some of the most useful things, like GetListItems, don't require it. In my testing, none of the read-only operations need the SOAPHeader. Oddly, if you don't pass it with the read/write functions, they only fail if you are authenticated, the error says that you aren't authenticated, and that you should hit the back button and refresh. Well that's hardly helpful given that you aren't working interactively, but talking to the Web Services programmatically.

web-services jquery
Related questions and answers
  • When attempting an SPWeb rename I receive the following SPException: Exception SPException - The security validation for this page is invalid. Click Back in your Web browser, refresh the page, and try your operation again. - Failed to create workgroup registration entry Any idea what might be the troubles here? Here is the relevant code: SPSecurity.RunWithElevatedPrivileges(() => { using (SPWeb thisWeb = site.OpenWeb(webUrl)) { thisWeb.Title = newName; thisWeb.Update(); } });

  • I am unable to create new fields in existing lists after upgrading my 2007 master page to 2010. I get an error which says Webpage error details User Agent: Mozilla/4.0 (compatible; MSIE...; MS-RTC LM 8; .NET4.0C) Timestamp: Mon, 12 Jul 2010 13:45:13 UTC Message: 'undefined' is null or not an object Line: 1281 Char: 4 Code: 0 URI: http://sharepoint2010/_layouts/fldNew.aspx?List=%7B94C7D5B0%2D781A%2D44C1%2DA865%2DE3D0C0629EB9%7D My master page is located here Any ideas?

  • I have come across blogs about how to setup an external content type. For example: But I have not seen any examples of what to do when your external SQL DB has foreign keys. For example. I have a database that has orders and customers. An order has one and only one customer and a customer can have many orders. How can I setup external content types in such a way that when in the list view of these external

  • UPDATE Worth noting that this is only happening when the site definition is called from SPWebApplication.Sites.Add, if I use the UI then this works fine. My code is impersonating the system account when calling this code. Am I right in thinking that the ApplyWebTemplate() method of SPSite is asynchronous? If this is the case then my issue is probably one of timing. I.e. the required infrastructure is not yet in place when this code is run. ORIGINAL QUESTION I have a custom site definition which is using an SPProvisioningProvider to configure the site collection. After calling

  • security warning in browser (at the top of the page in IE) when browse a page -- "An add-on for this web site failed to run. Check the security settings in Internet Options for potential conflicts." The function I developed works fine besides the security warnings. I am using IE 8. Any ideas why there is security warnings and how to resolve? Here is the code I added to BlueBand.master to refer the js/css files in head section. I am developing a webpart which such script files will impact (i.e. my webpart will generate a div called "tabs" which such below scripts will impact). Any security issues

  • I've created a Custom List ('Tooltips') in SharePoint. After this I used SPSource to reverse engineer the list into a feature. After installing and activating this feature, I want to add this list in a WebPart zone. When doing this, I get an error message : Tooltips: List View Web Part could not be added, list may be hidden. What's wrong with the list? feature.xml <?xml version="1.0..., Culture=neutral, PublicKeyToken=1de0ffdb1fdf1b80" ReceiverClass="MyApp.WebServices.TooltipsReceiver" xmlns=""> <ElementManifests> <

  • on the page when you look at the newly created item. If I delete the source item, then the _CopySource is still there, but with an invalid link back. ...Another question about the Very Large List I referenced in this question: http://sharepoint.stackexchange.comquestions/445/deleting-old-versions-in-a-document-library This Document Library has over... performance as well as to reduce the likelihood of filename repetition causing destruction by overwrite. This is a "no managed code" environment (don't ask), so I'm trying to use SharePoint's Lists and Copy

  • I have a web part which I am trying to target to a specific audience (the 'Staff' audience.) I have the web part in the home page of a site that has anonymous access enabled. I have set the Target Audience of the webpart to 'Staff'. The idea is that anonymous viewers can't see the web part, but logged-in members of staff can see the webpart. This works fine, as long as I am browsing the site from the server on which SharePoint is running, using the internal domain name (e.g. http://localhost:5050/site). If I view the site home page while not logged in, I can't see the webpart

  • v3 to Sharepoint Foundation 2010 and then installed Search Express 2010 on top of it. Update 3: Yes the farm admin acct is the member of the local admin. What services are required to start to have the possibility to create a new search service apps? The only new link i can see on the service application page menu is to create BDC service. alt text I go to manage service applications in Central Administration and try to create a new service application like: New > Create a new service application, the link isn't active. My issue is I would

Data information