John，

您正试图通过该Web应用程序访问该Web服务的安全性模型将决定是否可以匿名访问该服务.如果您尝试通过启用了匿名访问的Web应用程序访问Web服务，则可以访问该Web服务.继续并在匿名站点(如果有)上尝试此操作: http://yoursitehere/_vti_bin/lists.asmx .您将获得友好的服务页面，无需身份验证.

这很重要:遍历Web服务层后，就需要处理另一层安全性. SharePoint本身将要像往常一样检查通过Web服务进行访问的权限，因此，除非您尝试进行操作或尝试访问匿名用户允许的数据，否则您将被阻止.>

您有很多选择:

1. 仅确保匿名操作即可允许您尝试执行的所有操作.这听起来很简单，但实际上除了最简单和直接的操作之外，其他任何事情都可能非常困难.大多数组织也不会在这种程度上开放内容.

2. 如果您控制正在调用Web服务的代码，则可以将凭据附加到Web服务请求.我建议从这里开始，因为这将使事情变得比尝试将所有事物敞开都容易.关于将凭据附加到Web服务代理的示例很多，例如 http://msdn.microsoft.com/en-us/security/cc178918.aspx )

3. 最后，您可以编写自己的Web服务，该Web服务包装感兴趣的SharePoint Web服务.您可以允许匿名访问您的Web服务，然后在您自己的服务中采用适当的安全性上下文以所需的权限级别访问SharePoint.

我希望这会有所帮助！

• 塞恩

Is it possible to access a sharepoint web service without authenication? If you can't do it directley can you think of any ways to get round it such as haveing an open service inbetween that does authenicate for you using a public account.

John,

The security model of the web application through which you're trying to access the web service in question is going to drive whether or not you can access the service anonymously. If you're attempting to access the web service through a web application on which anonymous access is enabled, then you'll be able to hit the web service. Go ahead and try this on an anonymous site (if you have one): http://yoursitehere/_vti_bin/lists.asmx. You'll get the friendly service page back, no auth required.

Here's the catch: once you traverse the web service layer, you've got another layer of security to deal with. SharePoint itself is going to want to check permissions for access via the web services just as it normally would, so unless you are attempting an operation or trying to access data that is allowed for anonymous users, you're going to get blocked.

You have a handful of options:

1. Simply ensure that everything you're trying to do is permitted anonymously. This may sound easy, but it can actually be pretty difficult for anything but the simplest and straightforward of operations. Most organizations, too, don't care for opening things up to this extent.

2. If you control the code that's calling the web service, then you have the ability to attach credentials to the web service request. I recommend starting here, as it is going to make things a lot easier than trying to throw everything wide open. Plenty of examples exist on attaching credentials to a web service proxy (e.g., http://msdn.microsoft.com/en-us/security/cc178918.aspx)

3. Finally, you could write your own web service that wraps the SharePoint web service (or services) of interest. You could permit anonymous access to your web service and then adopt an appropriate security context within your own service to access SharePoint with the required permissions level.

I hope this helps!

• Sean