i created a little patch to support Sharepoint 2010 DataService implementation (listadata.svc) with FBA authentication.
The problem i found is that i cannot set the cookiecontainer of "oData" request from client application. I'm able to set a cookie but fhis invalidates use of HTTPOnly cookie and could be a problem. Moreover disabling HTTPOnly cookie should be a
problem in many scenario.
In my patch i simply/brutally expose a new event that is fired before the "oData" call; in this event i expose the ability to set the cookie container for the webRequest. With this change i am able to:
- login via SOAP to /_vti_bin/authentication.asmx service and get the HTTPOnly FEDAUTH cookie stored inside a CookieContainer
- call the /_vti_bin/listdata.svc setting the cookiecontainer. This allows me to specify FEDAUTH token and beign authenticate to retrieve data.
The important note here is that FEDAUTH cookie is not visible/accessible from inside the cookiecontainer but is there. So taking it from first request (/_vti_bin/authentication.asmx) to the "oDdata call" does the work as expected.
Don't know if anyone is interested, i can contribute (having suggestion of a better approach to reflect the library design).