I'm working on a C# application that would access current user's mailbox in office 365, but cannot go past authentication phase.
I was using this example https://msdn.microsoft.com/en-us/library/office/dn567668(v=exchg.150).aspx
ExchangeService service = new ExchangeService(ExchangeVersion.Exchange2013_SP1);
service.UseDefaultCredentials = false;
//Specify login which works when connecting to Office 365 web UI
service.Credentials = new WebCredentials("office_365_login#domain", "password");
//would fail here with 401 unauthorised
service.AutodiscoverUrl("email_address", RedirectionUrlValidationCallback);
//As an alternative to autodiscover, I've tried to specify endpoint explicitly
service.Url = new Uri("https://outlook.office365.com/EWS/Exchange.asmx")
EmailMessage email = new EmailMessage(service);
...//Set email info
//Would fail with 401 unauthorised
email.Send();
Such code works just fine when connecting local Exchange mailboxes, but doesn't work with office 365 for some reason. I've tried using solution provided here, same result: Connection to Office 365 by EWS API
Infrastructure description:
Our company uses hybrid Exchange setup: some mailboxes are located on local Exchange servers, some have been migrated to Office 365. We have also Microsoft ADFS server installed, used for office 365 authentication.
When I open OWA URL in browser, I'm being first redirected to our ADFS server, if I'm using domain account, I'm being transparentry redirected to https://outlook.office.com/owa/ otherwise I'm being asked for credentials on our ADFS server.
Question:
Is it possible to connect Office 365 mailbox by specifying credentials explicitly, like in the code example? Or should I get token from our ADFS server and use it to connect to Office 365? I haven't found C# examples on the latter one.
Goals, I'm trying to achieve:
Perfect scenario. If user runs the app using domain account,
application should be able to access his mailbox without specifying
credentials explicitly
Acceptable scenario. User has to set credentials explicitly in order
for application to access mailbox
In case you are trying to use EWS API for connecting to Office 365 mailbox, have a look to this:
You cannot use basic authentication (username and password) in your EWS application to connect to Office/Microsoft 365 now. Microsoft no longer supports basic authentication in EWS for Exchange Online. You are advised to use OAuth2.0 to get a token and use the same in your EWS client to connect to Office 365.
For this you will have to register your application in Azure AD to use client credential flow. I did a POC on this using console application.
Here's the link to GitHub repository for source code and documentation.
Related
We have a situation where we have both, our in-house Exchange server and Office 365. I need to search from email address, whether the account exists on in-house server or Office 365. How can we do it through EWS?
Autodiscover will return the correct endpoints to access a given mailbox provided that you've configured it correctly for a hybrid environment. I haven't done this myself but there should be documentation online.
I've a web application where i have used office 365 login (for sharepoint) to authenticate the user and then redirect to my web application.
Now i want to access the logged in office 365 user's calendar and add events, get list of calendars etc.. I've looked into office 365 API but it uses OAuth2 authentication which i don't want to go for.
So i went for ExchangeService API but it needs the NetworkCredentials of the user, which means i have to add the username and password for each user, which is not possible.
Is there any way i can use the logged in office 365 user's details and access the calendars and events?
The best way to access Office365 resources like mailboxes, calendars, contacts etc. is by using Microsoft Graph.
There are many SDK and code samples to start developing with Graph API. Here is a guide for ASP.NET MVC app.
I am learning about Azure AD and Office 365 and I am wondering if the following is possible and if so, how to go about doing it since I am confused on a few aspects with documentation:
Say a company, CompanyA, has Office 365 for users of their org. These users use Exchange/Outlook and Office to sign in (Office desktop) using their Office 365 creds.
CompanyA has Active Directory hosted internally but they are planning to use Azure AD Connect Sync to sync all objects in AD into the Azure AD so things like password changes are synced (and user objects) between the cloud and internal network.
Is there a way to use their Office 365 creds to log into their network systems and sync to AD or perhaps link the Azure AD to their Office 365 accounts so they can log into the computers using their Office 365 creds?
Question 2 is below (the real question I had!):
Now, there will be a custom app hosted both internally but also externally (possibly in the Azure cloud). The app could be a desktop app or a web app or some service.
Is there a way for the apps to authenticate against Azure AD/Office 365 to ensure that the user logging in (using their Office 365 creds) is successful? Is there an automated way without a popup dialog so everything is done programmatically via the API's using C#/.NET Framework?
Thanks!
When you reference Office 365 credentials you are already talking about Azure AD. Every Office 365 tenant has an Azure AD instance backing that is the store for user accounts and credentials. Please sees the following article for a detailed description:
https://support.office.com/en-us/article/Understanding-Office-365-identity-and-Azure-Active-Directory-06a189e7-5ec6-4af2-94bf-a22ea225a7a9
You are currently the model referred to as Cloud identity. It sounds like you want move to Synchronized identity or Federated identity.
If you configure your Azure AD Connect installation to synchronize to your Office 365 tenant (by giving it a Global Admin from the tenant during setup) then you will effectively have the setup you want with premise ADDS credentials synchronized with your Office 365 (Azure AD) credentials.
However, since there is an existing tenant with accounts that you want to match with on-premse accounts, you will need to communicate this with your users in advance and also read up on how the soft matching works when synchronizing to an Azure AD with existing accounts.
This KB article should get your started: https://support.microsoft.com/en-us/kb/2641663
If done properly, the end result will be as follows:
User accounts and password changes are managed from your on-premise AD.
Password changes happen on premise and are synchronized with your Azure AD accounts that are matched to premise accounts
You will not be able change passwords from Office 365 and have those changes reflected on-premise unless you enable Password Write-back which requires a an Azure AD Premium subscription.
Users will login to domain resources using their AD credentials, which match their Office 365 credentials in Azure AD
At this point you will have moved to Synchronized identity. This is required to take the next step to Federated identity so you will want to get to this stage either way. I would not take the next step to federated until you fully understand the implications of that model.
Regarding part 2 of your question, there are multiple libraries that can add authentication to Azure AD to your custom applications. This page has a list of libraries by language:
https://learn.microsoft.com/en-us/azure/active-directory/active-directory-authentication-libraries
I'm using an IMAP client in my program. I'm trying to access to Office 365 outlook by IMAP client using OAuth2 mechanism (using these instructions.)
When I authenticate in IMAP client - authentication failes, but OAuth2 authentication of Google and Outlook.com works fine. Does Office 365 support OAuth2 authentication in IMAP? If it does, how to authenticate?
We are actively working on OAuth support for IMAP connections to O365 mailboxes. We will make a public announcement once the same is available.
With the new rollout for OAuth 2.0 support for IMAP, I am able to generate the token using the scope
https://outlook.office365.com/IMAP.AccessAsUser.All
But I am still getting
A1 NO AUTHENTICATE failed
I am using the following properties:
props.put("mail.imap.ssl.enable", "true");
props.put("mail.imap.auth.mechanisms","XOAUTH2");
props.put("mail.imap.auth.plain.disable", "true");
EDIT: It is working now !
I got this to work as I described here: Connect to outlook Office 365 IMAP using OAUTH2
The App Permissions in Azure AD have been moved to the Graph API Section different to the screenshot that was in the comments above.
Also the Scope that Azure AD shows did not work for me, I had to use https://outlook.office365.com/IMAP.AccessAsUser
We don't support OAuth for IMAP access to Office 365 and we have no plans to do so as we recommend using our REST APIs to connect to Office 365 for your apps. OAuth is supported for Office 365 REST APIs for mail, calendar and contacts and our older SOAP APIs Exchange Web Services.
After connecting to Exchange on a different domain using:
rdoSession = RedemptionLoader.new_RDOSession();
rdoSession.LogonHostedExchangeMailbox(Settings.Default.ExchangeServer, Settings.Default.ExchangeUserName, Settings.Default.ExchangePassword);
I want to get the default inbox folder:
RDOFolder folder = rdoSession.GetDefaultFolder(rdoDefaultFolders.olFolderInbox);
But I get this error:
System.Runtime.InteropServices.COMException (0x80040111): Error in IMAPISession::OpenMsgStore: MAPI_E_LOGON_FAILED
Make sure your code runs under the Windows user identity that has MAPI profiles.
When running in a service (including ASP under IIS), set your code to run under the Windows user account that has MAPI profiles.
When connecting to an Exchange Server, you can also use RDOSession.LogonExchangeMailbox which does not require an existing profile.
ulVersion: 0
Error: The information store could not be opened.
Component: MAPI 1.0
ulLowLevelError: 0
ulContext: 646
How can i read mails from exchange on different domain?
Thanks!
Sarah,
Consider using EWS instead. You can use Exchange Web Services (EWS) and other web services in Exchange Online, Exchange Online as part of Office 365, or Exchange on-premises to create solutions that enable your users to access Exchange mailbox data from services, websites, desktop computers, and mobile devices. See EWS Managed API, EWS, and web services in Exchange for more information.