none
How to get access to /EWS/Exchange.asmx en Exchange Online? RRS feed

  • Question

    • Hi everyone,

      Recently in my company, Exchange has been migrated from Exchange On Premise to Exchange Online.

      I have implemented a .Net application to process mails, sent and move them in a shared Mailbox. After migration my app only receive (401) Unauthorized in any case. When I try to login through Explorer (OWA) there is no problem I login successfully.

      Will I need special permissions over  https://<server>/EWS/Exchange.asmx?

      Will I need register my application in Microsoft Cloud, get a token from app and use OAuth to use Exchange Websrvices Online?

      Will I need implement again my application using Office Developer tools for Visual Studio or using Microsoft Graph?

      Thanks and Regards 

    Tuesday, September 26, 2017 7:41 AM

All replies

  • I'd would suggest you do some testing with the EWS editor https://ewseditor.codeplex.com/ to test that you can successfully access EWS in the cloud. You also need to show the code your using its most likely to do with the username format your using eg you can't use the downlevel format when accessing Office365 you should always use the UPN as the username. Also you can't use NTLM so you application should either use Basic authentication or use Oauth.

    Cheers
    Glen

    Tuesday, September 26, 2017 9:44 PM
  • Hi Glen,

     Thank you for your answer. Yes I'm suppose that is the problem, but I don't know if it's possibble that Exchange admins could grant permission over  <server>/EWS/Exchange.asmx.

    I have tried EWS editor and answer is the same like I expected. (401) Unauthorized.

    About the code I have two version:

    //Create Service

    1st Version:

     static ExchangeService service = Service.ConnectToService(UserDataFromConf.GetUserData());

    ...

            public static UserDataFromConf UserData;

            public static IUserData GetUserData()
            {
                if (UserData == null)
                {
                    GetUserDataFromConf();
                }
                return UserData;
            }
            private static void GetUserDataFromConf()
            {
                UserData = new UserDataFromConf();
                UserData.EmailAddress = myUser@domain.com;
                string pass = "xxxxxxxxx";
                UserData.Password = new SecureString();
                foreach (char ch in pass)
                {
                    UserData.Password.AppendChar(ch);
                }
                UserData.AutodiscoverUrl = new Uri(https://myemail.domain.com/EWS/Exchange.asmx);
                UserData.Password.MakeReadOnly();
            }

    ...

     EmailMessage e2 = new EmailMessage(service);

     e2.ToRecipients.Add("myEmail@anotherDomain.com");

     e2.Subject = "subject";
     e2.Body = "body";
     e2.Send();

    2nd Version:

     

                ExchangeService service = new ExchangeService(ExchangeVersion.Exchange2013_SP1);
                service.UseDefaultCredentials = false;
                service.Credentials = new WebCredentials("myUser", "xxxxxxxxxx","domain");
                service.TraceEnabled = true;
                service.Url = new Uri(https://myemail.domain.com/EWS/Exchange.asmx);

     EmailMessage e2 = new EmailMessage(service);

     e2.ToRecipients.Add("myEmail@anotherDomain.com");

     e2.Subject = "subject";
     e2.Body = "body";
     e2.Send();

    In both cases when try to send I receive an exception (401) Unauthorized.

    Additional information:

    I have access to shared mailbox in the domain without problem, I can login through explorer using https://myemail.domain.com/owa/sharedMailbox@domain.mail.onmicrosoft.com/?realm=domain.com

    I have no default mailbox assigned to my user.

    Before migration to Exchange Online, this code runs perfectly.

    Thanks and regards,

    Jose

    Wednesday, September 27, 2017 11:44 AM
  • For Office365 the only URL you should be using is 

    https://outlook.office365.com/EWS/Exchange.asmx

    And you should always use the UPN for the username so this

       service.Credentials = new WebCredentials("myUser", "xxxxxxxxxx","domain");

    Won't work use

    ervice.Credentials = new WebCredentials("username@domain.onmicrosoft.com", "xxxxxxxxxx",);

    >>I have no default mailbox assigned to my user.

    You need to be using a user that has been assigned an Exchange Online licence, if a user has no mailbox then you won't be able to access Exchange Online.

    Thursday, September 28, 2017 12:28 AM
  • Hi,

    I have tried to use https://outlook.office365.com/EWS/Exchange.asmx also and nothing change.

    I have no mailbox assigned but I can log in Explorer to office and read shared mailbox.

    I have tried too with an user with default mailbox assigned too, but doesn't work.

    And it's ggod to know that

    Service.Credentials = new WebCredentials("username@domain.onmicrosoft.com", "xxxxxxxxxx",);

    I have never used it.

    Do you know if an user with Excchange Online Licenses, does he need any special permissions to use outlook.office365.com/EWS/Exchange.asmx?.

    thank you and regards.

    Thursday, September 28, 2017 7:07 AM
  • >>Do you know if an user with Excchange Online Licenses, does he need any special permissions to use outlook.office365.com/EWS/Exchange.asmx?.

    No by default the access will be available to every user that has an Exchange Online licence. The only exception is the Kiosk licence that doesn't allow EWS access. EWS can be blocked by the administrator using Set-CASMailbox (but I've never seen anybody do that because EWS is required for several Outlook functions like OOF and FreeBusy so its not a good idea).

    If you just try to access a normal users mailbox (not the mailbox you trying programatically) using the EWSEditor does that work ?

    Friday, September 29, 2017 12:12 AM
  • Hi Glen,

    Yes, I have tried to use several users with Office License from app and EWS Editor. In both cases receive (401) Unauthorized. I think that is an issue about permissions in O365 or Exchange Online, maybe MFA - Symantec (MultiFactorAutheticaction) or something similar. I have no more ideas in my mind.

    Thanks and regards,

    Friday, September 29, 2017 11:11 AM
  • MFA would certainly affect it and give a 401, if your running a third party MFA product I would suggest you ask the vendor for a workaround or solution.

    Cheers
    Glen

    Monday, October 2, 2017 5:40 AM
  • This isn't a workable solution. It's not reasonable to require the user to type in their password just for this, and it's obviously insane to cache it. We need to use the default WebCredentials() constructor. Are you aware of any plans to address this defect, or should I be trying to talk IT into switching to a product that's out of beta? 
    Wednesday, August 29, 2018 5:15 PM
  • Hello,

    I had the same issue but I could solve it, so, in my PC it's works, so when I tried move to Window Server 2012 it  did not work, I notice that if I authenticate in https://outlook.office365.com/EWS/Exchange.asmx via IE  the application works very well but after 2 minutes more less the application send the same error. I would like to know how can I resolve this issue.

    Try with this code.                 
    ExchangeService service = new ExchangeService(ExchangeVersion.Exchange2013_SP1) 
        {UseDefaultCredentials = false,
         Credentials = new WebCredentials("username@domain.com", "password"),
      Url = new Uri("https://outlook.office365.com/EWS/Exchange.asmx")};
    
    // Prevent the AutodiscoverService from looking in the local Active Directory
    // for the Exchange Web Services Services SCP. 
    service.EnableScpLookup = false;                              
    
    service.AutodiscoverUrl("username@domain.com", RedirectionUrlValidationCallback);
    
    
    private static bool RedirectionUrlValidationCallback(string redirectionUrl)    
      {           
     // The default for the validation callback is to reject the URL.   
      bool result = false;
      Uri redirectionUri = new Uri(redirectionUrl); 
    // Validate the contents of the redirection URL. In this simple validation
    // callback, the redirection URL is considered valid if it is using HTTPS
    // to encrypt the authentication credentials.
    
    if (redirectionUri.Scheme == "https")  
              {          
          result = true;     
           }    
       return result;
    } //RedirectURL

    Tuesday, February 19, 2019 3:07 PM
  • Your issue sounds like your using Proxy that requires authentication given what you are describing I would check you lower level connectivity first. The EWS Managed API support using a proxy but you need to add  code to support it.

    Cheers
    Glen

    Tuesday, February 19, 2019 11:23 PM