none
Authentication to EWS from SharePoint 2013 SharePoint Hosted App (JavaScript) RRS feed

  • Question

  • Hi,

    I'm trying to develop a SharePoint 2013 app which makes use of EWS.  The app is a SharePoint Hosted app, which means it uses JavaScript.  I can do calls to asmx web services using jquery.ajax by building the xml as part of the javascript code then posting it to EWS and getting the reply.

    I have a SharePoint developer account which is essentially an Office 365 account.

    If I go into SharePoint, it will ask me to logon (as you would expect) and from then on you are authenticated to Office 365.  You can click on the Outlook or Calander link and it goes in fine (without prompting again). 

    However if you browse to the /ews/exchange.asmx url, it prompts again for a username/password.  I noticed that my on premise /ews/exchange.asmx at work (Exchange 2007) doesn't prompt me - so presumably the EWS virtual directory supports NTLM at my work.  But my Office 365 account prompts (presumably Basic authentication).  I want my app to be able to work both on premise and for Office 365/Exchange Online so need to understand what my options are.

    I'd like to know whether:

    1) there's some powershell or admin type task I would need to do in Office 365 to allow the existing authentication token (from the original login to SharePoint) to automatically be used in a request to /ews/exchange.asmx (like it does with /owa).

    -and/or-

    2) is there some http header I need to add to my ajax request that would allow it to use the existing authentication token (presumably stored in a cookie somewhere from the original login to Office 365).

    I hope the above makes sense.

    Best Regards,

    Michael Platt.

    Monday, March 11, 2013 11:09 AM

Answers

  • EWS support oauth Token Authentication from Exchange 2013 (or Office365 Wave 15 which just RTM last month). The tokens are different from what are used in the O365 Portal and OWA which are RPS Tokens (AFIAK you can't convert between the two). If you have a Office365 Wave 15 Sharepoint app you should be able to get an Ouath token and use that against Exchange Online wave 15 without any further config http://technet.microsoft.com/en-us/library/jj219546.aspx and http://msdn.microsoft.com/en-us/library/fp179932.aspx.

    For versions of EWS on 2010 and 2007 the default auth in a OnPrem environment was NTLM in ExchangeOnline its Basic

    If you get the Ouath token its just the standard Header you need to add eg

    Authorization: Bearer eyJ0eXAi....

    Cheers
    Glen

    • Marked as answer by Michael Platt Friday, March 15, 2013 9:09 AM
    Wednesday, March 13, 2013 6:17 AM

All replies

  • EWS support oauth Token Authentication from Exchange 2013 (or Office365 Wave 15 which just RTM last month). The tokens are different from what are used in the O365 Portal and OWA which are RPS Tokens (AFIAK you can't convert between the two). If you have a Office365 Wave 15 Sharepoint app you should be able to get an Ouath token and use that against Exchange Online wave 15 without any further config http://technet.microsoft.com/en-us/library/jj219546.aspx and http://msdn.microsoft.com/en-us/library/fp179932.aspx.

    For versions of EWS on 2010 and 2007 the default auth in a OnPrem environment was NTLM in ExchangeOnline its Basic

    If you get the Ouath token its just the standard Header you need to add eg

    Authorization: Bearer eyJ0eXAi....

    Cheers
    Glen

    • Marked as answer by Michael Platt Friday, March 15, 2013 9:09 AM
    Wednesday, March 13, 2013 6:17 AM
  • Thanks Glen for your excellent answer, that's really useful information.

    Sounds like OAuth is the way to go.  I've looked at the http header responses and it does indeed say it accepts OAuth.  Now the next step is to try and find out how to get the OAuth token from SharePoint 2013 via Javascript (I can see documentation about getting it from C# but not for JavaScript).  But this is a question for the SharePoint forums so I will post there.

    Thanks again for your answer,

    Michael.

    Friday, March 15, 2013 9:21 AM