In my last post I already wrote about some of the changes in MDT 2010 regarding Data Access you should be aware of if using webservices.

But also a new feature has been implemented into MDT 2010. It’s now possible to call webservices with authentication. So far you had to publish the webservice either to anonymous users or write your own extension to call webservices. Anonymous access is probably ok for most read-access operations but can also be a security issue if it comes to executing changes like moving computers to a different OU (ok, not that critical :-) ) or deleting computers from SCCM.

It’s actually not very difficult to execute webservice calls with authentication so if your environment required a higher degree of access control you probably already wrote your custom script to do this. But it is always nicer to have this implemented into the standard solution and now this is also part of MDT.

So what do you need to do to finally use it?

Actually, if you are using MDT in LTI scenarios and have supplied already the network credentials you don’t have to do anything as MDT will use the “UserDomain”, “UserID” and “UserPassword” properties to execute the webservice call. You just need to set these properties if you are calling the webservice before the “real” MDT has started, e.g. during Pre-execution Hook or if you use parts of MDT within your custom solution.

Also if you are using SCCM with the MDT integration you normally don’t need to do anything. MDT will simply use the configured SCCM Network Access account. But be aware, if a Network Access account has been configured it will take precedence over the before mentioned “UserDomain, UserID, UserPassword” settings. So your Network access account needs to have the appropriate  permissions as it is not possible to change this account for a specific webservice call. Or you are back to your custom scripting again.

Before MDT 2010 all webservice calls have been executed as HTTP POST Requests what is still the standard. But now you are able to change this method to either “GET” or “REST” by specifying this directly in the CustomSettings.ini. To execute a request as HTTP GET your webservice section in the cs.ini could look like:

[MoveComputerToOU] 
WebService=http://YourWebserver/MDT/ad.asmx/MoveComputerToOU 
Parameters=ComputerName,MachineObjectOU 
Method=GET 
MachineObjectOU=OUPath 

The mentioned “REST” method isn’t really a fully implemented “REST” solution. If you configure your webservice call with the method “REST” it will actually use a HTTP GET Request and just build the final url in a slightly different way. All Parameters will be combined into a single “filter” Parameter. As default this can be used as an easy Out-of-the-box solution to query ADO.Net Data Service based webservices for given parameters to filter. I assume that the MDT Team has something in the pipeline making further use of this. So let’s see what might be coming. ;-)