Need a way to authenticate to Exchange Web Services
https://stackoverflow.com/questions/179112
-
05-07-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'm using Exchange Web Services to Find, Create, Update, and Delete appointments from the calendars for one or more people. The application would be used by a manager to view employees' vacation time, as well as assign appointments based on availability.
In order for this to all work, an authenticated user's credentials must be sent to the web service. So far, the two methods that I have found that would allow for this are 1) passing in the username and password of each user and 2) impersonating a user to use DefaultCredentials. The DefaultCredentials option doesn't work for us because we do not allow impersonating users.
Does anyone know another way?
Solution
Are there company policy restrictions preventing you from using impersonation? Are you referring to Windows impersonation or Exchange impersonation?
Depending on which impersonation you cannot use, an alternative might be delegate acess.
If the goal is to let a manager view multiple mailboxes, here are some options:
(1) Grant delegate access to the employee mailboxes to the manager. Depending on the level of delegate access, this would allow the manager to view the employee mailboxes and edit as needed. There is one caveat about this approach, depending on what/how the access is granted, the delegate (employee) could remove the access, and stop the manager from viewing their calendars.
For authentication using delegate access, assuming the application using web services was running under the manager's context, you should be able to use DefaultCredentials.
(2) Create a service account that has either impersonation rights or delegate access over the employee mailboxes. Then log in as the service account.
As well, here are some links you might find useful...
- Using Delegate Access with Exchange Web Services (http://msdn.microsoft.com/en-us/library/bb655860.aspx)
- Exchange Web Services and Delegate Access (http://msdn.microsoft.com/en-us/library/bb204081.aspx)
- Configuring Exchange Impersonation (http://msdn.microsoft.com/en-us/library/bb204095.aspx)
- Using Exchange Impersonation (http://msdn.microsoft.com/en-us/library/bb204088.aspx)
OTHER TIPS
If I understood you right, the manager would use the application and authenticate to the EWS as himself. EWS would then be unable to update another user's mailbox because of insufficient permissions.
How about giving the manager access to each user's mailbox?
(Or am I missing a substantial part of the question?)
If the user is going to be logged onto their own machine, and these credentials are likely to be available in the credential cache, you can construct a WebCredential object from the ICredentials object obtained from there:
public static ExchangeService GetService()
{
var webCredentials = new WebCredentials(CredentialCache.DefaultNetworkCredentials);
var service = new ExchangeService(ExchangeVersion);
service.AutodiscoverUrl(Properties.Settings.Default.SmptAccountName);
service.Credentials = credentials;
return service;
}
