Background
In Nintex workflow, we have a FlexiTask action which is used frequently for assigning the task to the users and in approval workflow. Using InfoPath form along with Nintex workflow is also a very common combination used in many companies where SharePoint customizations are not allowed.
Problem Statement
If we want to approve a Nintex FlexiTask action from InfoPath forms, one has to use Nintex web service “ProcessFlextaskResonse2” to accomplish this (More details can be found here). The approach mentioned in the blog here works perfectly till SharePoint 2010 version.
But as in SharePoint 2013, we have claims authentication, this doesn’t work. The problem mentioned here is very specific and I just wanted to share if it helps anyone. There are a few more solutions to get this done using custom code or using parallel action but we did not take those approaches for reasons applicable to our environment and requirements.
Root cause
When accessing a web service “ProcessFlextaskResonse2” from InfoPath forms to approve FlexiTask, the InfoPath passes Windows credentials of logged in user and as SharePoint is not aware, it can’t understand the request and consider the request as unauthenticated. Hence, we can’t approve the FlexiTask from InfoPath forms.
Workaround
A similar problem has been noted while accessing very common UserProfileService from SharePoint. A solution for this is also noted in many blogs over the internet, i.e., to add <Authentication> tab inside a UDCX file as below.
- <udc:Authentication><udc:SSO AppId='InfoPathWebService' CredentialType='NTLM' /></udc:Authentication>
Here, “InfoPathWebService” is a Secure Store Application ID created with a valid Windows Active Directory account. This account should have access to the SharePoint site which we are working on.
This does solve the problem of UserProfileService access from InfoPath forms but if we use the same approach for Nintex FlexiTask approval, then it doesn’t work.
As in this approach, the request is made on behalf of the end user by secure store, but the issue is that the task is not assigned to the user in Secure Store, hence Nintex gives an error code in response message as “Invalid User”.
So, the problem is still not resolved, what to do next….
One solution is to use “DelegateTask” webservice from InfoPath form. When the end user approves or rejects any task, assign the task to the user stored in Secure Store using “DelegateTask” webservice. This can work and is a valid solution. But, we face an issue in this approach - as two webservice calls were not working in sequence for me from InfoPath forms,
i.e., the first webservice call to “DelegateTask” webmethod to delegate the task to user in secure store; and the second webservice call to “ProcessFlexTaskResponce2” method to approve or reject the task with UDCX file change.
The reason behind this can be while updating the task for a delegated user, the item gets locked and second webservice call can’t complete its action.
The second solution can be of assigning the task to securely stored user while assigning it to the end user (Two tasks for the same action) and then, approving secure store user’s task from InfoPath form using UDCX file change. This approach also did not work for us for some unknown reasons.
Solution
The solution which we found out to overcome the above issue is to use a custom user and store its credentials in UDCX file. While assigning the task to the end user, we assign the task to custom user configured in UDCX file. From InfoPath, when the end user clicks on Approve or Reject action, a webservice request is made to “ProcessFlexTaskResonse2” webmethod using the UDCX file with the below changes.
- <udc:Authentication>
- <udc:UseExplicit CredentialType="NTLM">
- <udc:UserId>domain\custom_user</udc:UserId>
- <udc:Password>password</udc:Password>
- </udc:UseExplicit>
- </udc:Authentication>
The FlexiTask should have setting of “First Response applies” for the above approach to work.
This approach works perfectly for getting the FlexiTask approved or rejected from InfoPath forms.