I am running into a very strange issue and I am convinced it is just something stupid that I am overlooking. Using the EWS managed API, I try to connect to a mailbox to read the contacts. Originally, I used the default credentials, in which case the auto discovery worked. The problem is that later on we want to run this on a server and impersonate a user, so I changed it by manually specifying the credentials. This then broke, even when using my own credentials.
As an example, this worked:
service = new ExchangeService(ExchangeVersion.Exchange2007_SP1);
service.AutodiscoverUrl("user#example.com", redirect => true);
This did not:
service = new ExchangeService(ExchangeVersion.Exchange2007_SP1);
service.UseDefaultCredentials = false;
service.Credentials = new NetworkCredential("user", "pass", "EXAMPLE_DOMAIN");
service.AutodiscoverUrl("user#example.com", redirect => true);
The given network credentials should be exactly the same as the default credentials, but when enabling the tracing, I get the response "401 Unauthorized" in the second case, so it is not acting as if it is the same.
What am I missing?
Ok, it seems that you need to use WebCredential("user", "pass", "EXAMPLE_DOMAIN"). I am not exactly sure why WebCredentials work but NetworkCredentials does not.
Related
When consuming a dynamics nav web service I get the following error :
The request failed with HTTP status 401: Unauthorized.
However when I try it in a browser it works . I tried the following but its still not working :
service.UseDefaultCredentials = true;
service.PreAuthenticate = true;
also :
service.Credentials = new System.Net.NetworkCredential("XXXXX", "XXXX","XXXX");
I even tried using dynamics nav acces key but also it didn't work.
Any new suggestions ?
I know this thread is more than 4 years old, but i thought if somone is currently searching for this problem he will come across this trhead, like me.
There is currently a problem with NTLM and Xamarin (at the moment i write this, the problem also exists in .net core on MacOS).
See the links:
iOS: https://github.com/xamarin/xamarin-macios/issues/7770
Android: https://developercommunity.visualstudio.com/content/problem/756697/last-visual-studio-update-brakes-ntlm-authenticati.html
The solution is to use the "MonoWebRequestHandler". For a combined Android and iOS Solution check my latest post here
I hope i could save somones time with this post!
Several things might be wrong.
Did you check what kind of authentication the Service Tier is setup to?
Is there a default company set (or are you selecting a company in the URL).
Is NTLM on or off; these are all possible reasons this error might popup.
I think you're code should be like that
service.UseDefaultCredentials = false;
service.Credentials = new System.Net.NetworkCredential("XXXXX", "XXXX","XXXX");
You must enabled NTLM setting properties authentification if you are using PHP or Java Or XAMARIN
Use NTLM Authentication
This piece of code below is working for me (I wasn't really adjusting the Service Tier - it has more or less the default settings):
service.ClientCredentials.Windows.ClientCredential.Domain = <domain>;
service.ClientCredentials.Windows.ClientCredential.UserName = <username>;
service.ClientCredentials.Windows.ClientCredential.Password = <password>;
service.ClientCredentials.Windows.AllowedImpersonationLevel =
System.Security.Principal.TokenImpersonationLevel.Delegation;
If that above doesn't work try to get rid of the domain from the NetworkCredential - just use your username and password (if the client and the server are in the same domain, obviously).
I am trying to use EWS on an Office 365 account however I get a return of (403 Forbidden)
ExchangeService service = new ExchangeService(ExchangeVersion.Exchange2013);
service.Credentials = new WebCredentials("mv003237", "correctpw","domain");
service.AutodiscoverUrl("mv003237#domain.co.uk");
To login and view the Webservices file on outlook.com/EWS/Exchange.asmx I need to authenticate with mv003237#live.domain.co.uk
I have tried several combinations of this and still get the same error message.
Has anyone had a similar experience of connecting to an office 365 account before?
My WINDOWS login for this account does have a domain of RDG-HOME but I haven't seen a domain for login into OWA.
Many thanks in advance
If you've already removed the domain name (as Matt suggested in his comment) the one thing that remains is to automatically follow redirects in the autodiscover process.
Change your last line to
service.AutodiscoverUrl("mv003237#domain.co.uk", redirect => true);
to follow the redirection response that Exchange Online sends.
So the complete sequence then becomes:
ExchangeService service = new ExchangeService(ExchangeVersion.Exchange2013);
service.Credentials = new WebCredentials("mv003237", "correctpw");
service.AutodiscoverUrl("mv003237#domain.co.uk", redirect => true);
Cannot comment due to low reputation score and hence responding as an answer.
Are you able to login into OWA with "mv003237#domain.co.uk"? If yes, have you tried by hardcoding Url instead of using Autodiscover to understand if issue is with Autodiscover or EWS. Try following instead of autodiscover call:
service.Url = new Uri(#"https://outlook.office365.com/ews/exchange.asmx");
If above works fine, subscribe to RedirectionUrlValidationCallback with AutodiscoverService and see which redirected URL is throwing 403. Or enable verbose logging with Trace* properties present on service object.
Since yesterday, I tried to use the exchange web service but it was not able. Firstly when I was trying to access to the web service by the browser and the test program using Microsoft.Exchange.WebServices, there was an error 403 forbidden. But this issue I solved by unchecking require SSL option in IIS. And now the problem is when I try to access on the ews using my program, I encounter 401 unauthorized error, and if I try to browse the web service on the browser, only an empty page is returned (even when I browse the wsdl).
I tried to change the role and the password but it was not working.
Please help me to find out what I am missing.
Here is my test program code:
ExchangeService service = new ExchangeService(ExchangeVersion.Exchange2010);
service.Credentials = new WebCredentials(username, password, domain);
service.Url =new Uri("server/EWS/Exchange.asmx");
ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(OnValidationCallback);
ExpandGroupResults groupResults = service.ExpandGroup(emailAddress);
The exception is on the last line
I found why the XML for the ews was not showing. It was because the IIS was not installed with basic authentication and Windows authentication. After installing those two authentication method, the web service shows its xml.
This is the link I referred: https://migrationwiz.zendesk.com/entries/506613-how-do-i-verify-ews-is-setup-properly
I'm a pretty new programmer. One of the things I've been tasked with at work is getting our custom tools to create draft emails and drop them into the draft email folder of the user running the tool. We presently use Exchange Server 2010 (but are in the process of migrating over to Exchange Online).
This link talks about a UseDefaultCredentials but I can't seem to work out how to implement it. I created an ExchangeService object called service and managed to interact with our Exchange server using this for credentials:
service.Credentials = new WebCredentials("my login name", "my password");
I'd like to be able to eliminate that from the code and have it use the credentials of the logged-in user who is using the tool. Is that possible?
ExchangeService service = new ExchangeService(ExchangeVersion.Exchange2010);
service.Credentials = new WebCredentials(CredentialCache.DefaultNetworkCredentials);
if you use the defaultcredentials you can eliminate your posted code. Just set "UseDefaultCredentials" to True and don't set the Credentials manually. In this case the credentials of the User who is running your tool will be taken. I use that on my own and it works finde for me.
Greets, J
I have an intranet site which calls a POST method from another server, also on the intranet.
If I set the Authentication mode to Basic Authentication in IIS I can use the following:
HttpWebRequest oReq = (HttpWebRequest)WebRequest.Create(sURL);
oReq.ContentType = "application/x-www-form-urlencoded";
oReq.Method = "POST";
oReq.Timeout = 60000;
...
oReq.Credentials = System.Net.CredentialCache.DefaultNetworkCredentials;
...
try
{
HttpWebResponse oResp = (HttpWebResponse)oReq.GetResponse();
...
}
All of the above works as intended.
However I need to change the security to Windows Authentication in IIS, and once I do I keep getting error 401 unauthorized on this line:
try
{
HttpWebResponse oResp = (HttpWebResponse)oReq.GetResponse();
...
}
That can be fixed by changing the credentials like so:
NetworkCredential creds = new NetworkCredential("username","password","domain");
oReq.Credentials = creds;
But that's not the right way anyway. How can I get the default credentials to work for Windows Authentication also?
If you've got one web site calling out to another, you've got a 2nd hop. This is a kerberos 2nd hop problem.
The intranet site needs permission to call the 2nd site on behalf on the end user.
I'd suggest you use a tool call DelegConfig. I can't recommend it highly enough. Its a simple asp.net application that will tell you what is wrong with your kerberos setup and can tell you how to fix it (or do it itself if you want)
I've found I had to get the client to server authentication working first for it it work, but once thats there it makes working out what wrong with the next hop to UNC/http/sql etc very easy.