You would not believe the hoops you have to go through to get data auto-populated in an InfoPath Form if you’re using Claims-based authentication, which I believe is the default in SharePoint 2013.
You have an on-premise SharePoint 2013 Server installation with InfoPath Forms Services (so you have enterprise) and you want to create an InfoPath form that auto-populates a logged in user’s ID, email, and phone number. You are using Claims-based authentication in the web application in question.
In this scenario, I’m using InfoPath Designer 2010 – I haven’t upgraded to 2013 yet, but I don’t think it makes a difference.
When you use Claims-based authentication, your user name is prefaced by “0#.w|”. So for example, if your user name is SuesDomain\jdoe then your Claims-based user token will be, without the quotes: “0#.w|SuesDomain\jdoe”
InfoPath can’t handle that, or more specifically, the UserProfile.asmx method GetUserProfileByName method can’t handle that. InfoPath tries to pass in your Claims-based user token instead of your domain\User Name.
You get 2 problems – you have an authentication problem where the currently logged in user is not allowed to hit the web service, so you get an Access Denied 401 authentication error. The second problem is getting the right user from the web service.
The steps you have to take are listed here. See the reference posts for more details and pictures.
- Have your Active Directory team create you a User Name and Password for a “generic” InfoPath Account. The one I created was called Domain\SP2013_IPRdr for “InfoPath Reader”.
- Have the Central Administration team create a Secure Store service application, if they don’t already have one.
- Generate the Secure Store key if you haven’t already.
- Create a new application in the Secure Store called something like InfoPathGUPBN (“GetUserProfileByName” is what the acronym stands for); target application type is Group, and User Field Types are the Windows User Name and Password.
- Set the credentials: Whomever you want to administer the application should be set as the Target Application Administrators and for the Members, select All Users.
- Set the Credentials to the Application and use the User Name and Password that you received from the A/D team, example Domain\SP2013_IPRdr.
- In SharePoint 2013 – in the site you wish to publish your form to, create a Data Connection library.
- Go Into InfoPath and go to your GetUserProfileByName secondary data connection. If you don’t already have one, you can create one the “normal” way, making sure you do not choose a user name (just like you would normally do). For an example of how to set one up, see the first reference in the section at the bottom of this post.
- Modify the GetUserProfileByName secondary data connection so that it does NOT automatically load the data upon form load. This is not required, but saves performance.
- Convert the GetUserProfileByName secondary data connection into a UDCX file (“Convert to Connection File”) – store it in the Data Connection Library that you created a few steps ago.
- Download the UDCX file that you just created from your SharePoint 2013 Data Connection library and put it on your desktop. Edit it in Notepad.
- Change the commented out line to read something like this (depending on what you called your Secure Store Application):
<udc:Authentication><udc:SSO AppId='InfoPathGUPBN' CredentialType='NTLM' /></udc:Authentication>
- Upload the UDCX file back in to the Data Connection Library.
- Publish your newly changed InfoPath form into your SharePoint 2013 InfoPath Form Library
- Make sure to give your special A/D account, for example the Domain\SP2013_IPRdr account, full read access to that site, so that they have permissions to hit the web service.
All of the above was just to get you to Authenticate properly with the Web Service. If you were to stop now, and try to get the information from the web service you would get the information for the user Domain\SP2013_IPRdr. Not the logged in user. Now you have to take the following steps to get the real logged in user:
- Go into InfoPath and go to create a Form Load rule
- For the first rule, call it “Set User Profile” or something similar
- Create an action to Set a Field’s Value
- Choose the field – it’s the GetUserProfileByName secondary data connection, in the queryFields node, all the way in: AccountName.
- Set it to the following formula value:
- Add another action, Query for Data, and choose your GetUserProfileByName secondary data connection
- For the second rule, call it something like “Set Fields”
- This is where you fill in your fields from the data source. To find a good example of how to do this, see the first reference in the section at the bottom of this post.
Bottom line: Pain in the rear.
- http://blogs.microsoft.co.il/blogs/itaysk/archive/2007/04/05/InfoPath-_2D00_-Get-the-current-user-without-writing-code.aspx [<– THIS LINK IS NOW BROKEN ]