Support Portal ContactGet in touch

SharePoint Client Object Model, DTD is prohibited in this XML Document?

   Words by CRM Consultancy

   on 15/09/2017 15:00:00

imageWhen working with the SharePoint Client Object Model to remotely access Documents and Lists held in Office 365, we encountered the following error message:

An unhandled exception of type 'System.Xml.XmlException' occurred in System.Xml.dll Additional information: For security reasons DTD is prohibited in this XML document. To enable DTD processing set the DtdProcessing property on XmlReaderSettings to Parse and pass the settings into XmlReader.Create method.

After some research, this error appears to originate from where our Client (i.e the Web Application or other App) that is communicating to SharePoint Online is then unable to receive back the XML from the Client Object Model correctly.

Oddly, this is not connected to the code invoking the Client Object Model or to how we are calling out; but instead is where your Request to SCOM is being bounced or rerouted before reaching SharePoint Online; this then breaks the Trust between your Client and SharePoint and so leads to this error message as SharePoint then rejects the untrusted message.

This can happen when working with a Wifi Extender, or working with an ISP such as Virgin Media that performs Advanced Search Service to introduce this security distrust.

The following links from Stack Overflow and various Blogs are useful in understanding this error and avoiding time trying to problem-solve at the code level:

https://stackoverflow.com/questions/23443316/dtd-is-prohibited-error-when-accessing-sharepoint-2013-office365-list-but-not

https://pryankrohilla.blogspot.co.uk/2014/05/error-resolved-connect-sposervice-for.html

In our case, the culprit was our Virgin Media connection and so we could resolve by deploying the App to one of our Dev Servers to see the same codebase working correctly –however this is one of those errors that can have a variety of causes connected with DNS and Routing:

https://platinumdogs.me/2016/04/04/exception-for-security-reasons-dtd-is-prohibited-in-this-xml-document-connecting-to-sharepoint-online-with-csom/

https://paulryan.com.au/2014/for-security-reasons-dtd-is-prohibited-in-this-xml-document/ 

The following post is great and goes into this in some more detail:

https://asp.net-hacker.rocks/2016/01/15/XML-parsing-problem-because-of-your-ISP.html 

Hope that helps if you see a similar issue – thanks to these articles online, we managed to resolve fairly quickly but without these prior experiences am sure we would have been scratching our heads and rewriting connection code until more belatedly realising our underlying connection was the problem!

  • "Paul has made a real difference to how my team of 24 people record and store valuable customer data and sales opportunities. Highly recommended."

    James, Operations Director

  • "Understanding your business allows us to advise when to implement aspects of CRM and, likewise, when not to."

    Paul McQuillan, Managing Director

  • "Dynamics 365 and CRMCS have made a real lasting difference to our business, allowing us to replace older systems that were holding back our performance."

    Grahame, Chief Operating Officer

  • "James worked well with us to help connect CRM with Outlook and relate how this might benefit our team using CRM for Property Care."

    Natalie, Property Care Supervisor

  • "Matt was really good with helping us run User Testing on the new Compliance Module of our CRM System."

    Tom, Compliance Administrator

Prefer to go old-school?

Write to us using the below addresses.

Head Office
CRM Consultancy
61 Oxford Street
Manchester
M1 6EQ

London Office
CRM Consultancy London
Grosvenor Avenue
London

Content © CRM Consultancy.