none
Outlook web add-in autentication failure for on-premise exchange RRS feed

  • Question

  • I use Office.js's getCallbackTokenAsync to load the token to pass to the backend.

    In the backend, I use EWS to retrieve the email data. Here is how I perform the authentication.

    ExchangeService service = new ExchangeService();
    service.Url = new Uri(ewsUrl); //retrieved from getCallbackTokenAsync
    service.Credentials = new OAuthCredentials(ewsToken);// retrieved from getCallbackTokenAsync
    

    It works well in exchange online enviroment. However when tested in on-premise exchange server, I got this authentication error:

    Error Message: The remote server returned an error: (401) Unauthorized.
    Stack Trace:   at System.Net.HttpWebRequest.GetResponse() at Microsoft.Exchange.WebServices.Data.EwsHttpWebRequest.Microsoft.Exchange.WebServices.Data.IEwsHttpWebRequest.GetResponse() at Microsoft.Exchange.WebServices.Data.ServiceRequestBase.GetEwsHttpWebResponse(IEwsHttpWebRequest request)
    

    I then found this doc says the Oauth2 authentication is only for exchange online. I guess I need to use this NTLM (Exchange on-premises only).

    The major reason I use EWS instead of Graph or Rest is it supports on-premise server more naturally. So should I change the authentication here? I certainly do not want to ask user for username and password.

    Saturday, November 17, 2018 6:53 AM

Answers

  • 1. If the particular server does not support the authentication mechanism you want, you are out of luck,

    2. Yes.

    3. Yes, but Outlook will connect to the server, right? You are retrieving autodiscover from the server where the specified mailbox is hosted, not from local Outlook. Try it.


    Dmitry Streblechenko (MVP)
    http://www.dimastr.com/redemption
    Redemption - what the Outlook
    Object Model should have been
    Version 5.5 is now available!


    Sunday, November 18, 2018 2:28 AM

All replies

  • Does your server support Basic authentication?

    What does the autodiscover XML for your server look like?


    Dmitry Streblechenko (MVP)
    http://www.dimastr.com/redemption
    Redemption - what the Outlook
    Object Model should have been
    Version 5.5 is now available!

    Saturday, November 17, 2018 4:44 PM
  • You mean the on-premise exchange server?

    I actually do not know.

    I have developed /tested the add-in in the office365/exchange online enviroment. But I believe the EWS structure would work also in the on-premise environment until I tested in a client who use on-premise and I got the error.

    I do not at this moment know how the client configure their on-premise server, But I supposed it is something important to know? Does the default setting support token authentication though?

    Saturday, November 17, 2018 11:02 PM
  • You are assuming OAuth identification is always available. That is not always the case. Do look at the autodiscover XML - it lists enabled authentication protocols. You can see autodicover XML in Outlook - Crlt+right click on the Outlook tray icon, select "Test Email AutoConfiguration".

    Dmitry Streblechenko (MVP)
    http://www.dimastr.com/redemption
    Redemption - what the Outlook
    Object Model should have been
    Version 5.5 is now available!

    Saturday, November 17, 2018 11:14 PM
  • Thanks for the information. It is really helpful.

    I just want to clarify somethings:

    1. I cannot use other authentication other than the token one if I do not want to obtain user's password, username or domain name.

    2: exchange server 2013 supports token authentication, but it needs to be configured right.

    3: when you say "Crlt+right click on the Outlook tray icon, select "Test Email AutoConfiguration"",it is the Outlook on the on-premise exchange server, not Outlook on the client machine, if I get it right.

    Sunday, November 18, 2018 1:53 AM
  • 1. If the particular server does not support the authentication mechanism you want, you are out of luck,

    2. Yes.

    3. Yes, but Outlook will connect to the server, right? You are retrieving autodiscover from the server where the specified mailbox is hosted, not from local Outlook. Try it.


    Dmitry Streblechenko (MVP)
    http://www.dimastr.com/redemption
    Redemption - what the Outlook
    Object Model should have been
    Version 5.5 is now available!


    Sunday, November 18, 2018 2:28 AM