We have a web application that use forms authentication against Active Directory. In the same domain we also have an Exchange server 2010, soon to be 2013.
My question is, I would like to use the Exchange server to send outgoing emails from the user account using Exchange Web Services(EWS). Is it possible to reuse the user authentication that is already done on the form to connecto the the EWS?
We are using c#
I haven't tried this myself, but it's covered here: Accessing internal Exchange web services from an external application through ISA server using forms-based authentication.
Related
I want to have a windows service that can received unread mail from my O365 account every 3 minutes and have different action depends on Mail subject. I choose EWS managed API instead of Graph is because maybe I would use this program on Exchange Server in the future. I'm following this tutorial Authenticate an EWS application by using OAuth and I have some question about permission control, in this case I use Application permissions which run without a signed-in user present. for example, apps that run as background services or daemons and can access multiple mailboxes.
Now I can access my mailbox with the applicationID, tennatID and Client-secret. But I have to inpersonate someone within my tennat(domain) and than I can send mail by the Mail Account. My question is Is it have any permission control can set that this application only can access or inpersonate part of tennat user rather than all user within my tennat? (in Azure AD Api permission setting I only seen full_access_as_app - Allows the app to have full access via Exchange Web Services to all mailboxes without a signed-in user.) I think its not make sense if this application have permission that can impersonate ALL user of my organization, that would be a big deal if this application client-secret exposes.
Sorry for my poor English.
You can use Application access policies to scope your application so it only has access the mailboxes it needs. see https://learn.microsoft.com/en-gb/graph/auth-limit-mailbox-access.
we designed the WebService application in vs 2010 using AWS SDK toolkit which connect to AWS SNS Service.
It Perfectly works when we directly run from VS 2010 Development studio, but when we publish webservice to Local IIS or dedicated webserver it fails to create topic with following error Messages.
The security token included in the request is invalid.Response Status Code: ForbiddenError Code: InvalidClientTokenIdError
Actually i didn't get how to get security token and where to put the security token in my web application.
Thanks in advance.
Its not possible to run AWS SNS application from local IIS and or existing web service.
if you want to run your web service application on server for outside access, you need to
-Create a profile
-Create an IAM Role for that profile
-Launch an EC2 Instance and Specify the IAM Role.
After connecting to Exchange on a different domain using:
rdoSession = RedemptionLoader.new_RDOSession();
rdoSession.LogonHostedExchangeMailbox(Settings.Default.ExchangeServer, Settings.Default.ExchangeUserName, Settings.Default.ExchangePassword);
I want to get the default inbox folder:
RDOFolder folder = rdoSession.GetDefaultFolder(rdoDefaultFolders.olFolderInbox);
But I get this error:
System.Runtime.InteropServices.COMException (0x80040111): Error in IMAPISession::OpenMsgStore: MAPI_E_LOGON_FAILED
Make sure your code runs under the Windows user identity that has MAPI profiles.
When running in a service (including ASP under IIS), set your code to run under the Windows user account that has MAPI profiles.
When connecting to an Exchange Server, you can also use RDOSession.LogonExchangeMailbox which does not require an existing profile.
ulVersion: 0
Error: The information store could not be opened.
Component: MAPI 1.0
ulLowLevelError: 0
ulContext: 646
How can i read mails from exchange on different domain?
Thanks!
Sarah,
Consider using EWS instead. You can use Exchange Web Services (EWS) and other web services in Exchange Online, Exchange Online as part of Office 365, or Exchange on-premises to create solutions that enable your users to access Exchange mailbox data from services, websites, desktop computers, and mobile devices. See EWS Managed API, EWS, and web services in Exchange for more information.
I am working on client server application with following details:
Client(C++) -----------HTTPS--- Server (C#/WCF)
Server:
With Users in windows Active Directory domain
WCF service running in IIS providing authentication service against windows AD
Provides REST based authentication API which uses windows API logonUser.
Client:
Client uses REST SDK (Visual Studio 2013 based) to connect server
Client provides authentication API for authentication using HTTPS.
Currently I am working to authenticate windows user logged-in in client at server:
AD user logs in to client and invoke the authentication API
The current logged in user details have to be sent to Server using HTTPS ( of course only username)
Create WindowsIdentity structure with the information retrieved from the client.
I have tried following:
To get the SID from the client machine and pass it to server. Recreate the WindowsIdentity from the SID of client login.
I could not get the WindowsIdentity from the SID passed.
Questions:
How to get the windows identity in server (C#) from the SID of the logged in AD User passed from the client?
Are there any other better ways to achieve the above setup?
have you tried
ServiceSecurityContext.Current.WindowsIdentity.Name
but there is no way of converting the username format without involving a query to Active Directory. Since that is the case there is no need to create WindowsPrincipal for checking the group membership since that would probably need yet another connection to AD.
try to use the solution provided in this link
In a current project I would like to check if the user is the user it says he is (no private data involved). That project is mainly about Timetables at my university. As we have a LDAP Server and every Student has an account, i would like to authenticate against the LDAP Server but the System.DirectoryServices Assembly is not available on Windows Phone.
Does anyone have an idea how to realise the login expect for a workaround via a Webservice? WCF would not be an option, I could theoretically send the data to a Webservice and do the authentication via PHP but I would like to keep that functionality in the app.
Thanks in advance!
RESTful Web service would do what you want.
Have a web server running tomcat/windows IIS (depending on how you wish to implement it)
send request to the web service via HTTPS and then have the web server connect to the LDAP server to query it.
Have you tried using a 3rd party library like Novell's (http://www.novell.com/developer/ndk/ldap_libraries_for_c_sharp.html)? It comes with source and MIT license.