Using the EWS Managed API from a web service

Question

I am currently trying to create an ASP.NET web service that uses the EWS Managed API 1.0 to access our Exchange 2007 Web Service.  My web service works fine when I run it through the Visual Studio 2008 IDE and its built in web server. 

However, when I publish my web service to my local IIS 5.1 web server and step through the code, I find that it fails eveytime it tries to call any method in the EWS API.  I can set properties without any problems such as UseDefaultCredentials and Url.  However I cannot call any methods such as AutoDiscoverUrl() or SendAndSaveCopy().  I get errors such as "Autodiscover service could not be located" and "Request failed. The remote server returned an error: (404) Not Found." 

As mentioned already, I have no problems calling these methods when I execute the web service through the IDE's built in web server.

Answer 1

I'm going to assume that your web service needs to access EWS on behalf of the user who called it.

This is most likely an authentication-related problem. When your service runs in IIS, it runs under the account the IIS virtual directory is configured with, not the account of the user calling your web service. Therefore, the EWS Managed API tries to authenticate against EWS using the credentials of the account under which your service runs, which is probably not what you want.

If that's what your problem is, it is a typical case for using Exchange Impersonation. You need to define a "service account" to which you grant Exchange Impersonation rights for all the users that need to access EWS. In your service, you authenticate to EWS using the credentials of the service account and you specify the ImpersonatedUserId property of the ExchangeService object to specify which mailbox you need to access (that of the caller to your service). Also make sure you call AutodiscoverUrl with the e-mail address of the account you want to access, which is not the same as the authenticating user.

---

David Claux | Program Manager - Exchange Web Services

Answer 2

Thanks for the quick reply.  After some investigation, I believe you are correct in saying this is an authentication issue.  Just to test this theory out I have tried various things including enabling Local Impersonation in the ASP .NET configuration for my web service and enabling/disabling Anonymous access to my web service.  However I still cannot get it to work through IIS.  When I trace through my web service this is what I see:

1) Using IDE's built in web server:  The Identity properties Authentication Type = "NTLM", IsAuthenticated = true, Name = <my login>

2) Using IIS with Anonymous access allowed:  Authentication Type = "", IsAuthenticated = false, Name = ""

3) Using IIS with Anonymous disallowed and Integrated Windows Authentication enabled:  Authentication Type = "Negotiate", IsAuthenticated = true, Name = <my login>

However both 2) and 3) fail with a 404 Not found error.  Only 1) works.

Is there a way to configure IIS so that it uses my credentials to access exchange instead of the account the service runs under?  Once I have this verified, I will begin making code changes for Exchange Impersonation.

Answer 3

I do not know how IIS should be configured to do identity/auth pass through (which is apparently what you you're asking). I also don't think/recommend you do that. As I suggested before, you should use Exchange Impersonation which has been designed precisely to solve your kind of problem.

---

David Claux | Program Manager - Exchange Web Services

Answer 4

Ok, thanks for your help.  I will look into Exchange Impersonation.