Forgive me reader, it has been a while since my last post.
I have a project that involved deploying three InfoPath browser-enabled forms made available on a SharePoint 2007 site. The site is an extranet site, accessed over the Internet by users who use an AD account and password to login.
The infrastruture uses ForeFront Threat Management Gateway (the successor to ISA server). Now TMG is a bit of a God-send for developers because it handles SSL for you. TMG hold the Server Certificate and takes all inbound https requests and maps them to http requests on port 80. Very neat, because it means that I can focus on developing the SharePoint site and not worry about SSL. Not quite.
I ran into some issues with the InfoPath forms. They worked absolutely fine when called internally: reading data from a web service upon load and then submitting to a web service on Submit. When I called the same forms when accessing the site externally, then I got several problems.
1. I could not load the forms at all initially.
2. When the form did load, the company logo would not display. IE gave me a warning message about unsecure content on the page and I could not disable it even by allowing Mixed Content in IE options.
3. The third error came when I tried to submit. "The form cannot be submitted to the Web server either because your computer is offline or because the host server is currently unavailable".
4. When the form closed, I got an error whereas it should have redirected back to the calling page. Again it was working fine internally.
The first problem is due to the supposed complexity of the url used to call the form (its the passed parameters). This is TMG rejecting the url. It is solved by modifying the HTTP policy on the Firewall rule to uncheck the options "Blocking high bit characters " and "Verify Normalization".
The second problem is fixed by the same solution as the third problem. If you take a look at the source code there is a variable g_objCurrentFormData that holds the content for the form. Buried in there you will find the url for the location of the xsn and its "Source" (the url it will return to) but InfoPath replaces the http:// with http:\u002f\u002f. Isn't that obscure? The issue is that it is using http and not https so you need to create a Link Translation on the Firewall policy that maps http:\u002f\u002fcontoso.com with https:\u002f\u002fcontoso.com. When that is done it, the form submitted successfully and also displayed the company logo without any warning messages from IE.
The fourth problem is due to the url for calling the form. It includes an &Source= parameter that is the return url for the form. But it uses the http url and that won't work externally. Trying to change it to be https also gave an error. So in the end I simply removed it, and the form still managed to return to the originating url. By the way, to force the form in the browser append &OpenIn=Browser.
So in the end I didn't have to make any changes to my form to make it work externally, it was all down to settings in TMG.
Go in peace - and say twenty Hail Mary's.