Exchange Web Services Managed API: Accessing other users items

Asked 24/9, 2010 at 12:35 Answered 29/9, 2014 at 17:22

Solved c#web-services exchange-server exchangewebservices ews-managed-api

Is it possibly to access the folders and items of other Exchange accounts other than the one of the logged in user?

Can I do this via Exchange Web Services Managed API?

Cattail answered 24/9, 2010 at 12:35 Comment(2)

Are you using EWS directly or are you using it through EWS Managed API? – Reggi 24/9, 2010 at 16:22

@Alfred Myers I use EWS Managed API – Cattail 27/9, 2010 at 8:1

Yes it is possible, but you should know the password of the other user or grab in some ways this credentials (NetworkCredential object). The typical first lines of you code could be

ExchangeService myService = new ExchangeService (ExchangeVersion.Exchange2007_SP1);
myService.Credentials = new NetworkCredential ("[email protected]", "P@ssword00");

so you can access Exchange Server Web Services with the account which is other as the current user. See ExchangeService object description for more information.

If you are an admin you can make user impersonation by SMTP address.

Marquardt answered 29/9, 2010 at 22:55 Comment(8)

@Alfred Myers & @user457261: You don't wrote any comment. Is the information which I wrote what you are need? – Marquardt 3/10, 2010 at 22:40

Thanks for your answer, but i was looking for a way without having to know every password. Like using a superuser who can access all accounts. – Cattail 8/10, 2010 at 11:53

@Luke: The last sentences from my answer describe how to do this. As a "superadmin" you can impersonate any user by SMTP address only without having any information about his password. Look at msdn.microsoft.com/en-us/library/dd633680(EXCHG.80).aspx one more time. – Marquardt 8/10, 2010 at 18:54

Anyone here looking see my answer, you don't need to impersonate and you don't need to know the password. – Carew 29/9, 2014 at 17:23

@Preston: First of all my answer was written 4 years ago. EWS didn't had any WebCredentials at the time. At the time EWS Managed API was in version 1.1 (or 1.2) and not 2.2 like now. WebCredentials was introduced starting with EWS Managed API 2.0. Seconds you should be very careful if you write that something is wrong: "using impersonation is wrong". Even if you would find alternative way for accessing other users credentials for EWS Managed API 1.1 the way with impersonation will be still correct. It was the only know me way at the time which was recommended by Microsoft. – Marquardt 29/9, 2014 at 20:37

@Preston: By the way if you would carefully examine documentation of WebCredentials you will find that WebCredentials is not much more as a wrapper to NetworkCredential: "WebCredentials wraps an instance of a T:System.Net.NetworkCredential object" (see here). – Marquardt 29/9, 2014 at 20:45

@Marquardt Sorry but given SE's militant ideology on reposts it should be corrected since no one will be able to ask to get an updated answer. – Carew 29/9, 2014 at 20:45

@Preston: You can ask new question about possibilities of authentications in EWS Managed API 2.2 or 2.0. You even can post your own answer where you write: starting with version x.y there are exists a better way ... (your current answer contains no version information) In any way the statement like "the usage of impersonation is wrong" is also wrong in the case. I recommend you to be very carefully if you want to claim that something is wrong. You should be careful in down-voting too. – Marquardt 29/9, 2014 at 21:2

Here's how you do it without impersonation or knowing credentials.

        ExchangeService _service = new ExchangeService(ExchangeVersion.Exchange2010_SP2);
        //CREDENTIALS OF AN ACCOUNT WHICH HAS READ ACCESS TO THE CALENDAR YOU NEED
        _service.Credentials = new WebCredentials(username, password);
        _service.Url = new Uri(serviceURL);
        
        SearchFilter.SearchFilterCollection searchFilter = new SearchFilter.SearchFilterCollection();
        searchFilter.Add(new SearchFilter.IsGreaterThanOrEqualTo(AppointmentSchema.Start, DateTime.Now.AddDays(-1)));
        searchFilter.Add(new SearchFilter.IsLessThanOrEqualTo(AppointmentSchema.Start, DateTime.Now.AddDays(2)));
        ItemView view = new ItemView(50);
        view.PropertySet = new PropertySet(BasePropertySet.IdOnly, AppointmentSchema.Subject, AppointmentSchema.Start, AppointmentSchema.AppointmentType, AppointmentSchema.End);
        
        //THIS NEXT LINE!!!
        var calendarSearch = new FolderId(WellKnownFolderName.Calendar, new Mailbox("[email protected]"));
        var appointments = _service.FindItems(calendarSearch, searchFilter, view);

Carew answered 29/9, 2014 at 17:22 Comment(1)

This is a much better answer, exactly what I've been looking for for so long – Plagiary 3/7, 2015 at 1:57

I suggest to use impersonation instead of login for each user. Via impersonation you can impersonate users. Its not the same like full access. Full access is on behave of, impersonation is act as.

A pre of impersonation is you have one username and password instead of having x usernames and passwords.

You can use impersonation like this way:

ExchangeService service = new ExchangeService(ExchangeVersion.Exchange2010);
service.Credentials = new NetworkCredential(appName, appPassword, emailDomain);
service.ImpersonatedUserId = new ImpersonatedUserId(ConnectingIdType.SmtpAddress, userToImpersonate);

when a user has delegate access to someone else, you can access the folder of the other user. For example: Person A will be impersonated and is able to access Person B

Sensuous answered 23/8, 2012 at 6:33 Comment(0)

Recommended topics

Hot tags