Home SharePoint InfoPath GetUserProfilebyName Web Service: Classic-Mode to Claims-Based Authentication in SharePoint 2013

While working on a migration from SharePoint 2010 to 2013, we recently came across an interesting InfoPath issue. When migrating from a classic-mode SharePoint 2010 web application to a claims-based 2013 web application, if InfoPath is using SharePoint’s GetUserProfilebyName web service, users will receive error 5566 (shown below) when trying to open a form.

InfoPath GetUserProfilebyName Web Service SharePoint 2013

SharePoint 2013 uses claims-based authentication by default, and cannot understand the authentication of the account when querying the GetUserProfilebyName web service. However, there is a fix:

You will need an Active Directory account created for Secure Store Target Application. It can be something as easy as Domain\SP13_InfoPath or Domain\SP13_IP.

Assuming you have a key generated (if not, see this Technet article), create a new Target Application. Target Application Name: Example: GetUserProfilebyNameQuery and remember this name – we will be using it in future steps. Add as GROUP target application type, and make sure you add for members (All Users).

InfoPath GetUserProfilebyName Web Service SharePoint 2013

Click OK, and open the drop down of your new target application and select SET CREDENTIALS. Enter in your new AD username and password that you just created (Domain\SP13_IP).

Next, go into the site collection and create a Data Connection Library to store the .udcx file you will create in the next step.

At this point, you need to create the data connection file (.udcx). Go back to the InfoPath form and select Manage Data Connections. Select your secondary data connection GetUserProfilebyName, and select Convert to Connection File. Browse to your new data connection library path. Connection link type: Choose Relative to site collection (recommended). You can create this centrally via Central Admin, but this example will be local. Select OK. This creates and stores a new .udcx file to your data connection library.

Go into your new data connection library and download the file to make changes in Notepad or Notepad ++. You will see a section that is commented out:

InfoPath GetUserProfilebyName Web Service SharePoint 2013

Remove the comments tags (<!– & — >) and add this code: (Remember for AppId=use target application name from step 2)

InfoPath GetUserProfilebyName Web Service SharePoint 2013

Save this form and upload the new form to the data connection library, overwriting existing files. Select drop down and approve file. It is very important to change from pending to approved. Make sure to provide users read access only to the data connection library.

Publish your new InfoPath form. Users will no longer receive an error message and will be able to use the GetUserProfilebyName web service without issue.

Comments or questions? We’d love to hear what you’re doing with SharePoint 2013. Leave your feedback in the comments below.

3 replies to this post
  1. Hello

    I have configured like you described. Had also other sources. Now, i get everytime the web application pool account in the form instead of the current user who is filling out the form.
    (This app pool user was set as credentials for the secure store target application.)

    Why? Can you help me?

  2. I am still getting the error. I followed exact steps. The only difference is that I am using a VM with SharePoint 2013 & infopath 2013 installed on the same server .

    Could you please assist

Leave a Reply