none
Outlook addin - Impersonation: How to run a particular methond under elevated privilages? RRS feed

  • Question

  • Hi,

    My Use Case:

    There are multiple calendars and each appointment on the calendar has a custom property.  Now, users have access to calendars but not all the calendars.  So, while logged in as user 'A' I need to read the custom property from all the appointments from all the calendars. 

    What I need help with:

    Since, user 'A' doesn't have access to all calendars so I assume that I need to run the method, accessing the other calendars, under an account that does have access to all calendars (elevated privileges / impersonate).  How do we do this via the Outlook Object Model?  Are there any drawbacks?  If impersonation is not possible what could be the other options?

    Dev. Env. Setup

    • Exchange 2010
    • Outlook 2007
    • C#

    Thanks for your help.

    Monday, April 2, 2012 8:47 PM

Answers

  • Besides using the file system or a DB, you can also store any data in a hidden message. Outlook stores some of its configuration data in one of the default folders, such as Inbox or Calendar.

    The hidden messages can be accesses through MAPIFolder.GetStorage message in OOM. You can see these message in OutlookSpy if you click IMAPIFolder and go to the "Associated Contents" tab.

    Keep in mind that nothing is encrypted, so security is your responsibillity.


    Dmitry Streblechenko (MVP)
    http://www.dimastr.com/redemption
    Redemption - what the Outlook
    Object Model should have been
    Version 5.2 is now available!

    Sunday, April 8, 2012 3:37 PM

All replies

  • There is nothing like that in OOM.

    MAPI itself is also not all impersonation friendly - Exchange provider uses the identity of the current user to authenticate with the Exchange server.

    You could try to run a separate process under the identity of the user who can access the other mailboxes, but Outlook is a singleton (only one instance is running at any given moment). Extended MAPI (C++/Delphi) or Redemption or CDO 1.21 might work...


    Dmitry Streblechenko (MVP)
    http://www.dimastr.com/redemption
    Redemption - what the Outlook
    Object Model should have been
    Version 5.2 is now available!

    Monday, April 2, 2012 10:30 PM
  • you could also try using EWS, this way you can pass different credentials to ExchangeService class.
    Tuesday, April 3, 2012 8:08 AM
  • DamianD,

    I am going to try the EWS route.  BTW, are you aware of any limitations where from w/in the Outlook when we initialize the EWS and pass credentials for different account?

    Thanks for your help.

    Wednesday, April 4, 2012 10:58 PM
  • EWS is nothing but pure HTTP. Unless you are accessing the credemtials cache, you will need to explicitly pass the credentials when setting up the connection. Outlook would not know or care about that.


    Dmitry Streblechenko (MVP)
    http://www.dimastr.com/redemption
    Redemption - what the Outlook
    Object Model should have been
    Version 5.2 is now available!

    Wednesday, April 4, 2012 11:38 PM
  • As Dmitry said, Outlook does not care for EWS and vice versa. Be advised though that do not expect things that you set in EWS to be immediatly visible in outlook's OOM.
    Thursday, April 5, 2012 6:08 AM
  • So the EWS route worked. Just curious, when it comes to storing those credentials what is the best place in Outlook world. Normally, in .NET, we have options like web.config and database.  What are my options here (in the Outlook add-in)?

    thanks for all of your help.


    • Edited by Shahzadh Friday, April 6, 2012 3:43 PM
    Friday, April 6, 2012 3:31 PM
  • Besides using the file system or a DB, you can also store any data in a hidden message. Outlook stores some of its configuration data in one of the default folders, such as Inbox or Calendar.

    The hidden messages can be accesses through MAPIFolder.GetStorage message in OOM. You can see these message in OutlookSpy if you click IMAPIFolder and go to the "Associated Contents" tab.

    Keep in mind that nothing is encrypted, so security is your responsibillity.


    Dmitry Streblechenko (MVP)
    http://www.dimastr.com/redemption
    Redemption - what the Outlook
    Object Model should have been
    Version 5.2 is now available!

    Sunday, April 8, 2012 3:37 PM
  • some options:

    1. Hidden messages ad Dmitry above explained

    2. config files for add-in

    3. registry

    4. windows credential cache - this one comes with security included

    Tuesday, April 10, 2012 9:53 AM