image

When working with the SharePoint Client Object Model to remotely access Documents and Lists held in Office 365, we encountered the following error message:

An unhandled exception of type ‘System.Xml.XmlException’ occurred in System.Xml.dll Additional information: For security reasons DTD is prohibited in this XML document. To enable DTD processing set the DtdProcessing property on XmlReaderSettings to Parse and pass the settings into XmlReader.Create method.

After some research, this error appears to originate from where our Client (i.e the Web Application or other App) that is communicating to SharePoint Online is then unable to receive back the XML from the Client Object Model correctly.

Oddly, this is not connected to the code invoking the Client Object Model or to how we are calling out; but instead is where your Request to SCOM is being bounced or rerouted before reaching SharePoint Online; this then breaks the Trust between your Client and SharePoint and so leads to this error message as SharePoint then rejects the untrusted message.

This can happen when working with a Wifi Extender, or working with an ISP such as Virgin Media that performs Advanced Search Service to introduce this security distrust.

The following links from Stack Overflow and various Blogs are useful in understanding this error and avoiding time trying to problem-solve at the code level:

https://stackoverflow.com/questions/23443316/dtd-is-prohibited-error-when-accessing-sharepoint-2013-office365-list-but-not

https://pryankrohilla.blogspot.co.uk/2014/05/error-resolved-connect-sposervice-for.html

In our case, the culprit was our Virgin Media connection and so we could resolve by deploying the App to one of our Dev Servers to see the same codebase working correctly –however this is one of those errors that can have a variety of causes connected with DNS and Routing:

https://platinumdogs.me/2016/04/04/exception-for-security-reasons-dtd-is-prohibited-in-this-xml-document-connecting-to-sharepoint-online-with-csom/

https://paulryan.com.au/2014/for-security-reasons-dtd-is-prohibited-in-this-xml-document/ 

The following post is great and goes into this in some more detail:

https://asp.net-hacker.rocks/2016/01/15/XML-parsing-problem-because-of-your-ISP.html 

Hope that helps if you see a similar issue – thanks to these articles online, we managed to resolve fairly quickly but without these prior experiences am sure we would have been scratching our heads and rewriting connection code until more belatedly realising our underlying connection was the problem!

Author

Write A Comment