• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

exchange webservices (EWS) authentication problem

S

Sven Hornberg

#1
Hello enthusiastic developers,

I'm currently trying to include exchange webservices 2007 functionality in a

custom web application which is running on a Windows 2008 Server (IIS 7,

Exchange Server 2007).

How do I access exchange 2007 webservices from my web application ? I

currently use the defaultcredentials and receive an error, saying I don't

have the required authorization (error 401).

Stating the credentials explicitly in the code works perfectly fine when

trying to execute the code remotely, whether including the domain or not.

When executing the code locally on either the web server or my client

computer, no problems occur. The web application I intend to write is

supposed to run on the server and be accessed from any computer via my

company's intranet.

The code looks something like this..

ExchangeServiceBinding binding = new ExchangeServiceBinding();

binding.Url = @"https://server/ews/exchange.asmx";

binding.Credentials = System.Net.CredentialCache.DefaultNetworkCredentials;

CreateItemType createItemType = new CreateItemType();

> . (creating item and setting it's properties)

try

{

CreateItemResponseType createItemResponse =

binding.CreateItem(createItemType); <- the error seems to occur here }

catch (Exception ex) {

Response.Write(ex.ToString()); <- results in error "unauthorized"

}

The authentication settings in IIS 7 are as follows:

anonymous authentication: deactivated

ASP.NET multiple identities: activated

digest authentication: deactivated

forms authentication: deactivated

standard authentication: deactivated

windows authentication: deactivated

User permissions set:

SYSTEM: full access rights

(windows user): full access rights

IUSR: full access
 
H

Henning Krause [MVP - Exchange]

#2
Hi,

are the web application and the Exchange server on the same server? If no,

then you are experiencing a double-hop issue: NTLM tokens cannot be

delegated. You either need Kerberos or basic authentication (the latter one

over HTTPS to protect the password; But you loose single-sign on in this

case).

Kerberos on the other hand allows delegation and single-sign on. Google for

Kerberos - there are plenty of tutorials available.

Kind regards,

Henning Krause

"Sven Hornberg" <Sven Hornberg> wrote in message

news:38922899-B7A1-4A34-B468-E9FC52979C52@microsoft.com...
> Hello enthusiastic developers,

> I'm currently trying to include exchange webservices 2007 functionality in
> a
> custom web application which is running on a Windows 2008 Server (IIS 7,
> Exchange Server 2007).

> How do I access exchange 2007 webservices from my web application ? I
> currently use the defaultcredentials and receive an error, saying I don't
> have the required authorization (error 401).
> Stating the credentials explicitly in the code works perfectly fine when
> trying to execute the code remotely, whether including the domain or not.

> When executing the code locally on either the web server or my client
> computer, no problems occur. The web application I intend to write is
> supposed to run on the server and be accessed from any computer via my
> company's intranet.

> The code looks something like this..

> ExchangeServiceBinding binding = new ExchangeServiceBinding();

> binding.Url = @"https://server/ews/exchange.asmx";
> binding.Credentials =
> System.Net.CredentialCache.DefaultNetworkCredentials;

> CreateItemType createItemType = new CreateItemType();

> .. (creating item and setting it's properties)

> try
> {
> CreateItemResponseType createItemResponse =
> binding.CreateItem(createItemType); <- the error seems to occur here }
> catch (Exception ex) {
> Response.Write(ex.ToString()); <- results in error "unauthorized"
> }

> The authentication settings in IIS 7 are as follows:

> anonymous authentication: deactivated
> ASP.NET multiple identities: activated
> digest authentication: deactivated
> forms authentication: deactivated
> standard authentication: deactivated
> windows authentication: deactivated

> User permissions set:

> SYSTEM: full access rights
> (windows user): full access rights
> IUSR: full access
>