We have a situation where we have both, our in-house Exchange server and Office 365. I need to search from email address, whether the account exists on in-house server or Office 365. How can we do it through EWS?
Autodiscover will return the correct endpoints to access a given mailbox provided that you've configured it correctly for a hybrid environment. I haven't done this myself but there should be documentation online.
Related
I'm working on a C# application that would access current user's mailbox in office 365, but cannot go past authentication phase.
I was using this example https://msdn.microsoft.com/en-us/library/office/dn567668(v=exchg.150).aspx
ExchangeService service = new ExchangeService(ExchangeVersion.Exchange2013_SP1);
service.UseDefaultCredentials = false;
//Specify login which works when connecting to Office 365 web UI
service.Credentials = new WebCredentials("office_365_login#domain", "password");
//would fail here with 401 unauthorised
service.AutodiscoverUrl("email_address", RedirectionUrlValidationCallback);
//As an alternative to autodiscover, I've tried to specify endpoint explicitly
service.Url = new Uri("https://outlook.office365.com/EWS/Exchange.asmx")
EmailMessage email = new EmailMessage(service);
...//Set email info
//Would fail with 401 unauthorised
email.Send();
Such code works just fine when connecting local Exchange mailboxes, but doesn't work with office 365 for some reason. I've tried using solution provided here, same result: Connection to Office 365 by EWS API
Infrastructure description:
Our company uses hybrid Exchange setup: some mailboxes are located on local Exchange servers, some have been migrated to Office 365. We have also Microsoft ADFS server installed, used for office 365 authentication.
When I open OWA URL in browser, I'm being first redirected to our ADFS server, if I'm using domain account, I'm being transparentry redirected to https://outlook.office.com/owa/ otherwise I'm being asked for credentials on our ADFS server.
Question:
Is it possible to connect Office 365 mailbox by specifying credentials explicitly, like in the code example? Or should I get token from our ADFS server and use it to connect to Office 365? I haven't found C# examples on the latter one.
Goals, I'm trying to achieve:
Perfect scenario. If user runs the app using domain account,
application should be able to access his mailbox without specifying
credentials explicitly
Acceptable scenario. User has to set credentials explicitly in order
for application to access mailbox
In case you are trying to use EWS API for connecting to Office 365 mailbox, have a look to this:
You cannot use basic authentication (username and password) in your EWS application to connect to Office/Microsoft 365 now. Microsoft no longer supports basic authentication in EWS for Exchange Online. You are advised to use OAuth2.0 to get a token and use the same in your EWS client to connect to Office 365.
For this you will have to register your application in Azure AD to use client credential flow. I did a POC on this using console application.
Here's the link to GitHub repository for source code and documentation.
I am learning about Azure AD and Office 365 and I am wondering if the following is possible and if so, how to go about doing it since I am confused on a few aspects with documentation:
Say a company, CompanyA, has Office 365 for users of their org. These users use Exchange/Outlook and Office to sign in (Office desktop) using their Office 365 creds.
CompanyA has Active Directory hosted internally but they are planning to use Azure AD Connect Sync to sync all objects in AD into the Azure AD so things like password changes are synced (and user objects) between the cloud and internal network.
Is there a way to use their Office 365 creds to log into their network systems and sync to AD or perhaps link the Azure AD to their Office 365 accounts so they can log into the computers using their Office 365 creds?
Question 2 is below (the real question I had!):
Now, there will be a custom app hosted both internally but also externally (possibly in the Azure cloud). The app could be a desktop app or a web app or some service.
Is there a way for the apps to authenticate against Azure AD/Office 365 to ensure that the user logging in (using their Office 365 creds) is successful? Is there an automated way without a popup dialog so everything is done programmatically via the API's using C#/.NET Framework?
Thanks!
When you reference Office 365 credentials you are already talking about Azure AD. Every Office 365 tenant has an Azure AD instance backing that is the store for user accounts and credentials. Please sees the following article for a detailed description:
https://support.office.com/en-us/article/Understanding-Office-365-identity-and-Azure-Active-Directory-06a189e7-5ec6-4af2-94bf-a22ea225a7a9
You are currently the model referred to as Cloud identity. It sounds like you want move to Synchronized identity or Federated identity.
If you configure your Azure AD Connect installation to synchronize to your Office 365 tenant (by giving it a Global Admin from the tenant during setup) then you will effectively have the setup you want with premise ADDS credentials synchronized with your Office 365 (Azure AD) credentials.
However, since there is an existing tenant with accounts that you want to match with on-premse accounts, you will need to communicate this with your users in advance and also read up on how the soft matching works when synchronizing to an Azure AD with existing accounts.
This KB article should get your started: https://support.microsoft.com/en-us/kb/2641663
If done properly, the end result will be as follows:
User accounts and password changes are managed from your on-premise AD.
Password changes happen on premise and are synchronized with your Azure AD accounts that are matched to premise accounts
You will not be able change passwords from Office 365 and have those changes reflected on-premise unless you enable Password Write-back which requires a an Azure AD Premium subscription.
Users will login to domain resources using their AD credentials, which match their Office 365 credentials in Azure AD
At this point you will have moved to Synchronized identity. This is required to take the next step to Federated identity so you will want to get to this stage either way. I would not take the next step to federated until you fully understand the implications of that model.
Regarding part 2 of your question, there are multiple libraries that can add authentication to Azure AD to your custom applications. This page has a list of libraries by language:
https://learn.microsoft.com/en-us/azure/active-directory/active-directory-authentication-libraries
I'm trying to create an ASP.NET application to access files store on a Office 365 sharepoint site. The files are public and anybody can download them. I look at the Office 365 api but from what I can tell, you need to be able to login before the application can call the api.
Is there no way to set the credential in the web config and make it so that the application can get the file for everybody? Since the files are public, most users will not have an account.
I cant be categorical, but Office 365 uses Federated Identity which requires a user to be present; you dont pass credentials to it - you pass a callback "pointer" URL which it calls you back with. The user types their credentials into Office 365 not into your application - so you cant pass credentials to Office 365/OneDrive.
After connecting to Exchange on a different domain using:
rdoSession = RedemptionLoader.new_RDOSession();
rdoSession.LogonHostedExchangeMailbox(Settings.Default.ExchangeServer, Settings.Default.ExchangeUserName, Settings.Default.ExchangePassword);
I want to get the default inbox folder:
RDOFolder folder = rdoSession.GetDefaultFolder(rdoDefaultFolders.olFolderInbox);
But I get this error:
System.Runtime.InteropServices.COMException (0x80040111): Error in IMAPISession::OpenMsgStore: MAPI_E_LOGON_FAILED
Make sure your code runs under the Windows user identity that has MAPI profiles.
When running in a service (including ASP under IIS), set your code to run under the Windows user account that has MAPI profiles.
When connecting to an Exchange Server, you can also use RDOSession.LogonExchangeMailbox which does not require an existing profile.
ulVersion: 0
Error: The information store could not be opened.
Component: MAPI 1.0
ulLowLevelError: 0
ulContext: 646
How can i read mails from exchange on different domain?
Thanks!
Sarah,
Consider using EWS instead. You can use Exchange Web Services (EWS) and other web services in Exchange Online, Exchange Online as part of Office 365, or Exchange on-premises to create solutions that enable your users to access Exchange mailbox data from services, websites, desktop computers, and mobile devices. See EWS Managed API, EWS, and web services in Exchange for more information.
Really getting frustrated at this. My company is using Outlook 365 for its Exchange services. I am trying to automate sending of exception emails from the client via exchange. However all of the literature on the subject seems to show that I have to provide a NetworkCredential with plain text username/passwords somehow. I am hoping to connect using the logged in user's account.
From an infrastructure point of view, I understand that Office 365 is authenticating users via ADFS, which is why bog standard negotiate is not working. It would also make sense that this is why I need the plain text password. However it would seem to me that there should be no reason why Kerberos style auth would not work.
In summary, is there some programmatic way to send emails via Outlook 365 without encoding privileged information into the application either the source or the config?
Thanks
Generally, if you can login to the Office 365 Live with Internet Explorer without providing username\password than you should be able to get the NetworkCredintials for the currently logged in user with CredentialCache.DefaultCredentials.