I am get a exception when use my service EWS, this is my code
public class ExchangeHelper
{
ExchangeService exchangeService;
public ExchangeHelper()
{
//Instantiate a new ExchangeService object
exchangeService = new ExchangeService(ExchangeVersion.Exchange2010_SP2);
//Set the exchange WebService URL
exchangeService.Url = new Uri("https://hostname/EWS/Exchange.asmx");
//exchangeService.Url = new Uri("https://hostname/EWS/Exchange.asmx");
//Set the credentials of the service to the credentials
//that are associated with the impersonating account.
exchangeService.Credentials = new NetworkCredential(
"user",
"pass",
"Domain.com"
);
}
public void CreateAppointment()
{
var emailAddress = "user#doamin.com";
//Set the ImpersonatedUserId property of the ExchangeService object to identify the impersonated user (target account).
//This example uses the user's SMTP email address.
exchangeService.AutodiscoverUrl(emailAddress);
exchangeService.ImpersonatedUserId = new ImpersonatedUserId(ConnectingIdType.SmtpAddress, emailAddress);
//create a new appointment object
Appointment appointment = new Appointment(exchangeService);
//set appointment properties
appointment.Subject = "test";
appointment.Body = "testBody";
//In MSDN it says that if you dont specify the timezone, it will use the UTC timezone
//but in reality it is not working that way.
//so explicity setting the EST timezone
appointment.StartTimeZone = TimeZoneInfo.FindSystemTimeZoneById("Eastern Standard Time");
appointment.Start = DateTime.Now;
appointment.EndTimeZone = TimeZoneInfo.FindSystemTimeZoneById("Eastern Standard Time");
appointment.End = DateTime.Now.AddHours(1);
//add required participants
appointment.RequiredAttendees.Add(emailAddress);
newFolder.Save(WellKnownFolderName.Inbox);
appointment.Save(new FolderId(WellKnownFolderName.Drafts, "emailAddress"));
//Set it back to null so that any actions that will be taken using the exchange service
//applies to impersonating account (i.e.account used in network credentials)
exchangeService.ImpersonatedUserId = null;
return the unique identifier that is created
return appointment.Id.UniqueId;
}
The exception is "The account does not have permission to impersonate the requested user"
It's not 100% clear from your post whether the account you use for the credentials on the ExchangeService and for the ImpersonationUserId are the same. If they are, then you would not need to use impersonation and should not set that property. It seems like one should be able to impersonate oneself, but there's no need to do so, hence EWS may throw you back that exception.
If they are different, then it's pretty much as the message says: the account you use for the credentials must have the right to impersonate the user you set. This typically involves some PowerShell magic by the Exchange admin to set this up.
Related
I have been using Exchange WebServices (EWS) for some time now, in Asp.net C #, to add events in the calendars of Office365 users at my work.
I now needed those same events to appear at Microsoft Teams, with the possibility of going on videoconference.
Events appear but that possibility is not present.
One of the properties of "appointments" is "isOnlineMeeting". I tried to add it, making it true, but it always returns an error saying "Set action is invalid for property.".
In the online searches I have done, I have found that this is a read-only property.
So, is there any chance that I can "force" this property?
I have already configured my Exchange so that, in Outlook online when we do a new event, this is always by videoconference.
Some help?
Thank you!
UPDATE:
By the way, the code that I'm using is:
try {
ExchangeService service = new ExchangeService (ExchangeVersion.Exchange2013_SP1, TimeZoneInfo.FindSystemTimeZoneById ("GMT Standard Time"));
service.Url = new Uri ("https://outlook.office365.com/EWS/Exchange.asmx");
string User = "a#a.net";
string Password = "AAA";
service.Credentials = new NetworkCredential (User, Password);
Appointment appointment = new Appointment (service);
appointment.Subject = "Experiment";
appointment.Location = "Videoconference";
string dataStart = "10-02-2021 19:00:00.000";
string dataEnd = "10-02-2021 20:00:00.000";
appointment.Start = DateTime.Parse (dataStart);
appointment.End = DateTime.Parse (dataEnd);
appointment.Body = "<strong>Ignore! Just a test</strong>";
appointment.IsOnlineMeeting = true;
appointment.RequiredAttendees.Add ("b#a.net");
appointment.Save (SendInvitationsMode.SendOnlyToAll);
} catch (Exception ex) {
}
Posting the Answer for better knowledge
Copying from comments
Could you please try with this document by using Graph API. By using Graph API we can set "isOnlineMeeting" property to true, and "onlineMeetingProvider" property to "teamsForBusiness".
I'm trying to create a bot that can book meetings. In order to do that i need to access the calendar of an employee to get FreeBusy info to ultimately book a meeting. I'm trying to avoid hardcoding the email and password and for that I want to use an access token from Azure AD to call EWS.
I set the properties for
public static ExchangeService service = new ExchangeService(ExchangeVersion.Exchange2013);
using this method:
public static async System.Threading.Tasks.Task UseExchangeService(IDialogContext context, string userEmailAddress, SecureString userPassword)
{
string authority = ConfigurationManager.AppSettings["authority"];
string clientID = ConfigurationManager.AppSettings["clientID"];
string resource = ConfigurationManager.AppSettings["resource"];
string appKey = ConfigurationManager.AppSettings["appkey"];
AuthenticationContext authenticationContext = new AuthenticationContext(authority, false);
ClientCredential clientCred = new ClientCredential(clientID, appKey);
AuthenticationResult authenticationResult = await authenticationContext.AcquireTokenAsync(resource, clientCred);
service.Url = new Uri(ConfigurationManager.AppSettings["serverName"] + "/ews/exchange.asmx");
service.TraceEnabled = true;
service.TraceFlags = TraceFlags.All;
service.Credentials = new OAuthCredentials(authenticationResult.AccessToken);
// USING THIS LINE IT WORKS FINE!
// service.Credentials = new NetworkCredential(userEmailAddress, userPassword); // VIRKER
}
I do get the access token from Azure AD and I have granted the permission for the application in Azure AD.
I use this method to extract the freebusytimes, it contains other more code to display the times as buttons on a herocard, but this is the call to EWS:
List<AttendeeInfo> attendees = new List<AttendeeInfo>();
attendees.Add(new AttendeeInfo()
{
SmtpAddress = "MyEMAIL",
AttendeeType = MeetingAttendeeType.Organizer
});
attendees.Add(new AttendeeInfo()
{
SmtpAddress = BookersEmail,
AttendeeType = MeetingAttendeeType.Required
});
//DateTime date1 = new DateTime(DateTime.Now.Year, DateTime.Now.Month, DateTime.Now.Day.Ad, 7, 0, 0)
// Specify options to request free/busy information and suggested meeting times.
AvailabilityOptions availabilityOptions = new AvailabilityOptions();
availabilityOptions.GoodSuggestionThreshold = 49;
availabilityOptions.MaximumNonWorkHoursSuggestionsPerDay = 0;
availabilityOptions.MaximumSuggestionsPerDay = 20;
// Note that 60 minutes is the default value for MeetingDuration, but setting it explicitly for demonstration purposes.
availabilityOptions.MeetingDuration = 60;
availabilityOptions.MinimumSuggestionQuality = SuggestionQuality.Excellent;
//TimeWindow hej = new TimeWindow();
DateTime StartDay = DateTime.Now.AddDays(1);
TimeSpan ts = new TimeSpan(9, 0, 0);
DateTime StartTime = StartDay.Date + ts;
availabilityOptions.DetailedSuggestionsWindow = new TimeWindow(StartTime, DateTime.Now.AddDays(4));
availabilityOptions.RequestedFreeBusyView = FreeBusyViewType.FreeBusy;
// Return free/busy information and a set of suggested meeting times.
// This method results in a GetUserAvailabilityRequest call to EWS.
GetUserAvailabilityResults results = service.GetUserAvailability(attendees,
availabilityOptions.DetailedSuggestionsWindow,
AvailabilityData.FreeBusyAndSuggestions,
availabilityOptions);
I have created the application in Azure AD and I have granted the following permissions:
Office 365 Exchange Online:
Use Exchange Web Services with full access to all mailboxes
Read and write calendars in all mailboxes
Read and write user and shared calendars
Access mailboxes as the signed-in user via Exchange Web Services
I've tried other answers i found on stackoverflow, however they do not do the trick for me.
Hope You can help
I am not familiar with EWS, however as far as I know that the Microsoft Graph also provide the similar feature for find the available meeting time using the rest below( refer here):
POST /me/findMeetingTimes
And if you want to using this REST for the web application so that your web app can delegate the sign-in user to perform the operation for Exchange, we can use the OAuth 2.0 code grant flow. And for how to use this flow to integrate with Microsoft Graph, you can refer the links below:
Get started with Microsoft Graph in an ASP.NET 4.6 MVC app
And here is the detail for this flow:
Authorize access to web applications using OAuth 2.0 and Azure Active Directory
Hope it is helpful.
I'm trying to create a program in C# which should make it able to create appointments in someone else's Outlook calendar. I have code which makes it able to create appointments in my own calendar. I searched on Google and I found I should use impersonation. So I added the line:
service.ImpersonatedUserId = new ImpersonatedUserId(ConnectingIdType.SmtpAddress, emailAddress);
This is my code:
private void button2_Click(object sender, EventArgs e) {
try{
ExchangeService service = new ExchangeService();
service.UseDefaultCredentials = true;
service.Credentials = new WebCredentials("Test#domain.com", "password");
service.AutodiscoverUrl("Test#domain.com", adAutoDiscoCallBack);
service.ImpersonatedUserId = new ImpersonatedUserId(ConnectingIdType.SmtpAddress, "Test2#domain.com");
Appointment appointment = new Appointment(service);
// Set the properties on the appointment object to create the appointment.
appointment.Subject = "Tennis lesson";
appointment.Body = "Focus on backhand this week.";
appointment.Start = DateTime.Now.AddDays(2);
appointment.End = appointment.Start.AddHours(1);
appointment.Location = "Tennis club";
appointment.ReminderDueBy = DateTime.Now;
// Save the appointment to your calendar.
appointment.Save(SendInvitationsMode.SendToNone);
// Verify that the appointment was created by using the appointment's item ID.
Item item = Item.Bind(service, appointment.Id, new PropertySet(ItemSchema.Subject));
}
}catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
}
internal static bool adAutoDiscoCallBack(string redirectionUrl) {
// The default for the validation callback is to reject the URL.
bool result = false;
Uri redirectionUri = new Uri(redirectionUrl);
// Validate the contents of the redirection URL. In this simple validation
// callback, the redirection URL is considered valid if it is using HTTPS
// to encrypt the authentication credentials.
if (redirectionUri.Scheme == "https") {
result = true;
}
return result;
}
The problem is that I keep getting this error ""The SMTP-address has no mailbox associated with it."
Is it because impersonation isn't allowed on the server? If so how do I allow it?
I hope someone can help.
Ps: Sorry for the bad english
A few suggestions if this is Office365 or Exchange 2013 you first need the PrimarySMTP address of the Mailbox you wish to access eg
String MailboxToAccess = "PrimarySMTP#domain.demo";
Note for some tenants the SMTP and UPN/Logon are the same but that is not always the case.
This is what user you are going to be impersonating eg
service.ImpersonatedUserId = new ImpersonatedUserId(ConnectingIdType.SmtpAddress, MailboxToAccess);
You should also add in the X-AnchorMailbox header https://learn.microsoft.com/en-us/archive/blogs/webdav_101/best-practices-ews-authentication-and-access-issues eg
service.HttpHeaders.Add("X-AnchorMailbox", MailboxToAccess);
Also when you go to save the Appointment use the FolderId class with the Mailbox overload to ensure your hitting the correct Mailbox eg
FolderId CalendarFolderId = new FolderId(WellKnownFolderName.Calendar, MailboxToAccess);
appointment.Save(CalendarFolderId,SendInvitationsMode.SendToNone);
Cheers
Glen
Using the Exchange Web Services API, is it possible to determine whether a mailbox/e-mail address such as someone#mydomain.com exists within an organization?
If so, which is the simplest way to do this and is it possible without the use of impersonation?
Case: A Windows Service regularly sends e-mails to people within the organization. It does not have any explicit knowledge about their e-mail adresses. It only knows their username and assumes that their e-mail address is username#mydomain.com. This is true for all users except for a few that do not have mailboxes. In these cases, it should not attempt to send the e-mail in the first place.
Solution:
As suggested by mathieu: look for user and e-mail address in Active Directory instead. This function gets the job done:
using System.DirectoryServices.AccountManagement;
// ...
public static bool TryGetUserEmailAddress(string userName, out string email)
{
using (PrincipalContext domainContext =
new PrincipalContext(ContextType.Domain, Environment.UserDomainName))
using (UserPrincipal user =
UserPrincipal.FindByIdentity(domainContext, userName))
{
if (user != null && !string.IsNullOrWhiteSpace(user.EmailAddress))
{
email = user.EmailAddress;
return true;
}
}
email = null;
return false; // user not found or no e-mail address specified
}
Determining if an user has a mailbox with EWS only could be more complicated than expected, especially without impersonation.
If you're in an Active Directory domain, you should rely on the DirectoryEntry information to determine the mailbox of an user, and send email accordingly. If you got your user login, it's really easy to get the associated DirectoryEntry.
there is an easy way to do it by checking the user availability like the following code.
I tried this and it is working for me.
I am not sure about other cases when availability result returns error but for sure when the email is not right it does
to define your exchange service refer to this: https://learn.microsoft.com/en-us/exchange/client-developer/exchange-web-services/get-started-with-ews-managed-api-client-applications
ExchangeService service = new ExchangeService(ExchangeVersion.Exchange2007_SP1);//You version
service.Credentials = new WebCredentials("user1#contoso.com", "password");
service.AutodiscoverUrl("user1#contoso.com", RedirectionUrlValidationCallback);
string email = "TEST#YOUR.COM";
// Get User Availability after 6 months
AttendeeInfo attendee = new AttendeeInfo(email);
var attnds = new List<AttendeeInfo>();
attnds.Add(attendee);
var freeTime = service.GetUserAvailability(attnds, new
TimeWindow(DateTime.Now.AddMonths(6), DateTime.Now.AddMonths(6).AddDays(1)), AvailabilityData.FreeBusyAndSuggestions);
//if you receive result with error then there is a big possibility that the email is not right
if(freetimes.AttendeesAvailability.OverallResult == ServiceResult.Error)
{
return false;
}
return true;
Is it possibly to access the folders and items of other Exchange accounts other than the one of the logged in user?
Can I do this via Exchange Web Services Managed API?
Yes it is possible, but you should know the password of the other user or grab in some ways this credentials (NetworkCredential object). The typical first lines of you code could be
ExchangeService myService = new ExchangeService (ExchangeVersion.Exchange2007_SP1);
myService.Credentials = new NetworkCredential ("user#mycorp.local", "P#ssword00");
so you can access Exchange Server Web Services with the account which is other as the current user. See ExchangeService object description for more information.
If you are an admin you can make user impersonation by SMTP address.
Here's how you do it without impersonation or knowing credentials.
ExchangeService _service = new ExchangeService(ExchangeVersion.Exchange2010_SP2);
//CREDENTIALS OF AN ACCOUNT WHICH HAS READ ACCESS TO THE CALENDAR YOU NEED
_service.Credentials = new WebCredentials(username, password);
_service.Url = new Uri(serviceURL);
SearchFilter.SearchFilterCollection searchFilter = new SearchFilter.SearchFilterCollection();
searchFilter.Add(new SearchFilter.IsGreaterThanOrEqualTo(AppointmentSchema.Start, DateTime.Now.AddDays(-1)));
searchFilter.Add(new SearchFilter.IsLessThanOrEqualTo(AppointmentSchema.Start, DateTime.Now.AddDays(2)));
ItemView view = new ItemView(50);
view.PropertySet = new PropertySet(BasePropertySet.IdOnly, AppointmentSchema.Subject, AppointmentSchema.Start, AppointmentSchema.AppointmentType, AppointmentSchema.End);
//THIS NEXT LINE!!!
var calendarSearch = new FolderId(WellKnownFolderName.Calendar, new Mailbox("email#ofsomemailbox.com"));
var appointments = _service.FindItems(calendarSearch, searchFilter, view);
I suggest to use impersonation instead of login for each user.
Via impersonation you can impersonate users. Its not the same like full access. Full access is on behave of, impersonation is act as.
A pre of impersonation is you have one username and password instead of having x usernames and passwords.
You can use impersonation like this way:
ExchangeService service = new ExchangeService(ExchangeVersion.Exchange2010);
service.Credentials = new NetworkCredential(appName, appPassword, emailDomain);
service.ImpersonatedUserId = new ImpersonatedUserId(ConnectingIdType.SmtpAddress, userToImpersonate);
when a user has delegate access to someone else, you can access the folder of the other user. For example: Person A will be impersonated and is able to access Person B