Walkthrough: Creating and Implementing a Custom WCF Service in SharePoint Foundation
Published: May 2010
This walkthrough shows how to create a custom Windows Communication Foundation (WCF) service in Microsoft Visual Studio 2010 that is hosted by Microsoft SharePoint Foundation 2010, and also a Windows Forms Application that implements the service. The application also implements the new SharePoint Foundation client-side object model and the new SharePoint Foundation REST (Representational State Transfer) interface. The walkthrough illustrates how to use the new APIs to interact with site data from remote applications.
The first two parts of this walkthrough involve creating the Windows Form Application to consume the custom WCF service. The first part uses ADO.NET Data Services and the SharePoint Foundation REST interface to retrieve and update items in a list, and the second part uses the client object model to retrieve site data and to modify a list. The third part of the walkthrough shows how to create a WCF service that uses the server object model to restore list items to their previous versions, and how to implement the service in the Windows Forms Application.
The walkthrough assumes the existence of two SharePoint Foundation custom lists: one that is named Projects, and the other named Employees. A Projects column in the Employees list is a lookup to the Title column of the Projects list. In addition to a Title column, the Projects list has Description and Due Date columns. The Employees list has Full Name, Job Title, and Team columns, in addition to the Projects column. The Projects list has item versioning enabled.
When a web application is configured to use claims authentication (Windows claims, form-based authentication claims, or SAML claims), the Internet Information Services (IIS) website is always configured to have anonymous access turned on. Your custom SOAP and WCF endpoints may receive requests from anonymous users. If you have code in your WCF service that calls the RunWithElevatedPrivileges method to access information without first checking whether the call is from an authorized user or an anonymous user, you risk returning protected SharePoint data to any anonymous user for some of your functions that use that approach.