3

Is it possible to pass the credentials of the user browsing my asp.net web application to the EWS FindAppointments call?

I'm only trying to return calendar details for the active browsing user, who will without doubt have permission to read their own calendar, so the issue should not relate to Exchange impersonation with the EWS api discussed here.

The code below works just fine when running localhost, but running from the web server, despite Windows Authentication and Identity Impersonation being configured it throws an access denied error.

using (HostingEnvironment.Impersonate())
    {
    ExchangeService service = new ExchangeService(ExchangeVersion.Exchange2007_SP1);

    service.UseDefaultCredentials = true;
    service.AutodiscoverUrl(UserEmailAddress);

    Mailbox mb = new Mailbox(UserEmailAddress);
    FolderId cfCalendarFolderID = new FolderId(WellKnownFolderName.Calendar, mb);
    CalendarView cvCalendarView = new CalendarView(DateTime.Now, DateTime.Now.AddDays(30), 1000);
    cvCalendarView.MaxItemsReturned = 3;

Perhaps I'm missing a simple way to pass the HostingEnvironment credentials to my ExchangeService object?

Is there a way to check what the service.UseDefaultCredentials are?

I'm not able to use the following as there isn't a way to get the password from the windows authenticated impersonated user.

service.Credentials = new System.Net.NetworkCredential(username, password, domain);

I've also tried the following, but get the same ServiceResponseException access denied errot.

service.Credentials = System.Net.CredentialCache.DefaultNetworkCredentials;
service.PreAuthenticate = true;

Thanks in advance of your kind assistance.

Additional info which may or may not be relevant:

  • The Application Pool Identity for the website is NetworkService.
  • The UserEmailAddress variable is set from an AD lookup based on System.Security.Principal.WindowsIdentity.GetCurrent().Name

EDIT (14th Aug 2012) To achieve what I'd like to do above, I believe the HostingEnvironment.Impersonate isn't required. Instead I need to use the ExchangeService's ImpersonatedUserId property. More details on that here Only problem though is we're running Exchange 2007 and the power shell command for enabling a service account to impersonate all users (that you would use pass in to the .Credentials parameter) only appears to be compatible with Exchange 2010.

Community
  • 1
  • 1
RichardD
  • 315
  • 1
  • 4
  • 11

1 Answers1

0

You should try using WebCredentials instead of NetworkCredential - see related SO post. There seems to be an issue with EWS and AutoDiscover + NetworkCredentials

Community
  • 1
  • 1
SliverNinja - MSFT
  • 31,051
  • 11
  • 110
  • 173
  • 1
    Thank you @SilverNinja, but I'm afraid swapping out `service.UseDefaultCredentials = true;` for `service.Credentials = new WebCredentials();` still returns the same error. I'm going to try and see if I can attach the Visual Studio debugger to the published website and interogate what credentials are being sent. – RichardD Mar 06 '12 at 14:02