none
EWS Managed Client API - L.O.B. Apps, Impersonation and Credentials RRS feed

  • Question

  • Hi all,

    I am currently doing some development testing with the Exchange Web Service Managed Client API and I want to enable the use of as many features as possible without actually exposing the functionality of an account that has full impersonation rights on the server (or database) level.

    I have a team of developers and I want to allow them to write software that allows them to use the functionality of the Exchange Web Sevices Managed Client API for some large Line of Business applications. We want to provide things like direct email integration, the application creating appointments, assigning tasks to users, etc. Background services will be able to create tasks in a user's mailbox and if those tasks get completed, or the user doesn't finish the task before it is due, the system will complete/remove them. Basically, we need to have full access to email, tasks, calendars and appointments, etc. of the users using our applications.

    The problem I have is that I don't want to provide unrestricted access to the development team to every mailbox in the company. Exchange impersonation appears to be the best configuration for us however as I understand it, you cannot log what happens from an impersonation point of view and everything that occurs while impersonating a user just appears as though the user performed the action.

    I want to provide access to the full range of functionality so that we can provide an awesome experience for users using our software in terms of very tight integration with Exchange however I want to have the ability to control some middle layer where I may choose to allow or deny some activity and log activity with the Exchange Web Services. Ideally, I don't want to author a middle tier set of services that just re-expose the available functionality as I don't want to restrict the use of features, nor maintain an ever-expanding set of functions either. I would like to provide access to the services using domain accounts and be able to selectively log information about the caller and SoapAction/Message payload if needed.

    I guess this question could be relevant here or in some WCF forum however I suppose what I want to know is whether or not this sort of situation is fairly typical and if so, does anyone have any recommendation as to how I might be able to configure rather than build a solution?

    Failing that, is there any way to get some input between the Exchange and WCF teams as to the best approach for building a WCF Soap Router to fulfil this given that the Exchange Web Services Managed API and Exchange Web Services probably should communicate over HTTPS for privacy reasons.

    Thanks for any information you can provide.

    Regards,

    Eric
    Eric
    Tuesday, November 17, 2009 6:27 AM