1

Problem: Since some weeks we are getting an 403 Forbidden when we try to login to our Exchange Server 2019 (CU7) via EWS, using Independentsoft.Exchange.Service.

Code:

var lCredential = new NetworkCredential("MyUsername", "MyPassword");
m_Service = new Independentsoft.Exchange.Service("https://mail/EWS/Exchange.asmx", lCredential);
m_Service.RequestServerVersion = RequestServerVersion.Exchange2016;
FindFolderResponse lResponse = m_Service.FindFolder(StandardFolder.MailboxRoot);

Exception Message: System.Net.WebException: 'The remote server returned an error: (403) Forbidden.'

We have made the following Updates:

enter image description here

We have tried the access with multiple different users. But no success. The access to our OWA is successful.

Question: How can we fix the 403 forbidden?

We tested also getting calendar items with the same result of 404:

FindItemResponse lFindItemResponse = m_Service.FindItem(StandardFolder.Calendar, AppointmentPropertyPath.AllPropertyPaths);

We tested the access via an different library: Microsoft.Exchange.WebServices. The request seem to work. Also sending an e-mail works:

class Program
{
    static void Main(string[] args)
    {
        ExchangeService service = new ExchangeService(ExchangeVersion.Exchange2013_SP1);
        service.Credentials = new WebCredentials("username", "password");
        service.TraceEnabled = true;
        service.TraceFlags = TraceFlags.All;
        service.Url = new Uri("https://hostname/EWS/Exchange.asmx");
        EmailMessage email = new EmailMessage(service);

        // query root folder
        try
        {
            service.FindFolders(WellKnownFolderName.Root, new FolderView(100)); // throws no exception
        }
        catch (Exception e)
        {
            throw;
        }

        // send email:
        email.torecipients.add("address@hostname.com");
        email.subject = "helloworld";
        email.body = new messagebody("this is the first email i've sent by using the ews managed api");
        email.send(); // works
    }

    private static bool RedirectionUrlValidationCallback(string redirectionUrl)
    {
        // The default for the validation callback is to reject the URL.
        bool result = false;
        Uri redirectionUri = new Uri(redirectionUrl);
        // Validate the contents of the redirection URL. In this simple validation
        // callback, the redirection URL is considered valid if it is using HTTPS
        // to encrypt the authentication credentials. 
        if (redirectionUri.Scheme == "https")
        {
            result = true;
        }

        return result;
    }
}
Simon
  • 4,157
  • 2
  • 46
  • 87
  • I would try testing EWS with either the RCA https://testconnectivity.microsoft.com/tests/exchange or EWS Editor https://github.com/dseph/EwsEditor/releases . Could also be your blocking the useragent string https://learn.microsoft.com/en-us/exchange/client-developer/exchange-web-services/how-to-control-access-to-ews-in-exchange – Glen Scales Mar 16 '21 at 22:34
  • @Glen Scales: We have tested the EWS via Microsoft.Exchange.WebServices and I have adapted my question. The access via Microsoft.Exchange.WebServices works. – Simon Mar 29 '21 at 09:30
  • I would probably suggest you contact Independentsoft for support directly, it sounds like from the error your getting the useragent string being used is blocked (as other EWS request are passed successfully. You should be able to check the EWS log on the CAS server – Glen Scales Mar 29 '21 at 22:42

1 Answers1

1

Clearing EWSAllowList via PowerShell resolves the problem.

Show the current configuration:

[PS] C:\> Get-OrganizationConfig | select EWS*

Clear the List:

[PS] C:\> Set-OrganizationConfig -EwsApplicationAccessPolicy:$null
Simon
  • 4,157
  • 2
  • 46
  • 87