tags:

views:

1679

answers:

2
+2  Q: 

Need a way to authenticate to Exchange Web Services

I'm using Exchange Web Services to Find, Create, Update, and Delete appointments from the calendars for one or more people. The application would be used by a manager to view employees' vacation time, as well as assign appointments based on availability.

In order for this to all work, an authenticated user's credentials must be sent to the web service. So far, the two methods that I have found that would allow for this are 1) passing in the username and password of each user and 2) impersonating a user to use DefaultCredentials. The DefaultCredentials option doesn't work for us because we do not allow impersonating users.

Does anyone know another way?

+1  A: 

If I understood you right, the manager would use the application and authenticate to the EWS as himself. EWS would then be unable to update another user's mailbox because of insufficient permissions.

How about giving the manager access to each user's mailbox?

(Or am I missing a substantial part of the question?)

Tomalak  2008-10-10 12:14:14
+4  A: 

Are there company policy restrictions preventing you from using impersonation? Are you referring to Windows impersonation or Exchange impersonation?

Depending on which impersonation you cannot use, an alternative might be delegate acess.

If the goal is to let a manager view multiple mailboxes, here are some options:

(1) Grant delegate access to the employee mailboxes to the manager. Depending on the level of delegate access, this would allow the manager to view the employee mailboxes and edit as needed. There is one caveat about this approach, depending on what/how the access is granted, the delegate (employee) could remove the access, and stop the manager from viewing their calendars.

For authentication using delegate access, assuming the application using web services was running under the manager's context, you should be able to use DefaultCredentials.

(2) Create a service account that has either impersonation rights or delegate access over the employee mailboxes. Then log in as the service account.

As well, here are some links you might find useful...

Alice  2008-12-20 08:51:10

related questions

Displaying Version Information in a Web Service
Example Web Service
SoapException: Root element is missing occurs when .NET web service called from Flex
Best practice for webservices
What is your preferred method of sending complex data over a web service?
.Net - Returning DataTables in WCF
Is it possible to return objects from a WebService?
How much extra overhead is generated when sending a file over a web service as a byte array?
Returning Large Results Via a Webservice
File Uploads via Web Services
best way to persist data in .NET Web Service
What is the difference between an endpoint, a service, and a port when working with webservices?
Calling REST web services from a classic asp page
Best way to write a RESTful service "client" in .Net?
Where can I find some good WS-Security introductions and tutorials?
ASP.NET Web Service Results, Proxy Classes and Type Conversion
Web Services -- WCF vs. Standard
C# WCF Service - Backward compatibility issue
Document or RPC based web services
How to easily consume a web service from PHP
Timer-based event triggers
How to pass enumerated values to a web service
Homegrown consumption of web services
How do I print an HTML document from a web service?
How do I fill a DataSet or a DataTable from a LINQ query resultset ?