[Exchange-Online][EWSMA][C#][Windows] Working with Exchange Online from SharePoint apps using current credentials of logged in user RRS feed

  • Question

  • Hello,

    I am trying to create a simple appointment using the managed api of EWS from an autohosted app in SharePoint Online (Office 365). The app is hosted in Windows Azure, and it uses OAuth to communicate with SharePoint. I would like to ask if it is possible to also authenticate against Exchange online using OAuth, or to pass somehow the credentials the user has from SharePoint ... 

    All the samples for EWSMA authorize against exchange with hard-coded credentials. I have tried that, and it works fine - see sample code below 

     var service = new ExchangeService(ExchangeVersion.Exchange2013);
                service.Url = new Uri("https://outlook.office365.com/ews/exchange.asmx");
    // I do not want to pass credentials like this, I would like to replace this with credentials from SharePoint
                service.Credentials = new WebCredentials("***UserName***", "**password***");
                var appointment = new Appointment(service);
                appointment.Subject = "Programmatically created meeting";
                appointment.Start = DateTime.Now.AddMinutes(30);
                appointment.End = DateTime.Now.AddMinutes(60);

    I would like however, if it is possible, to use the current identity from SharePoint, and pass it to the Exchange web service call. 

    From the SharePoint context token, I have tried to create the OAuth credentials, but I get access denied - I believe this is natural as the access token I have is targeted for SharePoint. If OAuth would be possible with Exchange Online, I believe I should call something to get a token that works for Exchange, and use that for credentials. How should this be done?. Is there some trust setup that needs to be created between Exchange, SharePoint & SharePoint apps?

    Below you can the code used to create the OAuthCredentials from SharePoint context token string.

    var spContextToken = TokenHelper.ReadAndValidateContextToken(contextToken, Request.Url.Authority);
    var oauthResponse = TokenHelper.GetAccessToken(spContextToken, new Uri(hostWeb).Authority);
    var oauthCredentials = new OAuthCredentials(oauthResponse.AccessToken);
    service.Credentials = oauthCredentials;
    /// .... when the call goes to Exchange, this will get 401 Unauthorized

    I have done some research on this topic, but all samples I have found are using basic authentication (i.e. all 101 code samples for Exchange do this, this sample as well) ... The new version of Exchange says it should support OAuth, and there is also a new library especially for this, but the documentation on how to use it from SharePoint, or how to get the token string, is almost non-existent. I have also found an official blog post from Exchange DEV team that says "Exchange Online uses basic authentication". Does this mean it does not work with OAuth, and basic authentication is the only one available for Exchange Online?

    There are only few other persons who have asked questions on this topic, but none have received an answer --> see here and here

    I am looking forward to any help or discussions based on this topic!

    Thank you!

    MCTS, MCPD SharePoint 2010. My blog - http://radutut.wordpress.com/

    Wednesday, August 14, 2013 7:56 AM

All replies

  • Have you had any further luck with this?

    I have a routine that is uses TokenHelper, with some modifications, that is taking care of my refresh and access tokens fine and also getting data via Sharepoint 365's RESTful services.  However, when I try using the same token, using similar code to the above exchange service call, I'm also getting a "401 Unauthorized".  Have you confirmed that this same token should work across all 365 apps?


    Monday, November 25, 2013 1:56 PM
  • Sadly, it seems as though you can't repurpose a SPO OAuth token. Pretty sure you'll need to use New-PartnerApplication http://technet.microsoft.com/en-us/library/jj215772(v=exchg.150).aspx and generate a ClientId for EXO.

    Looks like this is changing (again). Check out http://msdn.microsoft.com/en-us/library/dn605895(v=office.15).aspx

    I've not quite worked out if this will do 2-legged OAuth, yet.

    Hope this helps!

    Thursday, April 24, 2014 6:41 AM