Is Basic Auth for EWS going to be disabled soon? - exchangewebservices

Microsoft seems to want to start disabling Basic Auth for Exchange Online and mentioned ending support for EWS protocol
https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-and-exchange-online-february-2021-update/ba-p/2111904
We're using Microsoft.Exchange.WebServices.2.2 library to get emails from EWS inbox like that:
var service = new ExchangeService(ExchangeVersion.Exchange2010);
service.Credentials = new NetworkCredential(username, password, domain);
var findResults = service.FindItems(WellKnownFolderName.Inbox, new ItemView(int.MaxValue));
Is this going to be disabled in the near future? Should we change the way we access emails?

Related

Updating emails in a Shared Mailbox using an Azure Client Application and Microsoft Graph SDK

I'm trying to update email categories of items in a Shared Mailbox using Microsoft Graph SDK.
This is the code used to create the Graph SDK Client. It uses the Azure Client Application credentials (ClientId, TenantId, Secret):
var handlers = GraphClientFactory.CreateDefaultHandlers(new DelegateAuthenticationProvider(async msg =>
{
var accessToken = await GetAccessTokenFromCacheOrRefresh(cancellationToken);
msg.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
}));
handlers.Add(_graphLoggingHandler);
var httpClient = GraphClientFactory.Create(handlers);
_graphServiceClient = new GraphServiceClient(httpClient);
This is the code used to update the message categories:
var updatedMessage = new Message();
updatedMessage.Categories = CreateMessageCategories();
await _graphServiceClient.Users[emailAddress].Messages[emailId]
.Request()
.UpdateAsync(updatedMessage, cancellationToken);
When I run this code, I get the error "Access Denied". What permissions do I need to update messages in this Shared MailBox? The Administrators tell me I can't use Mail.ReadWrite on the Application level because that will allow the application to modify emails in all mailboxes.
When the app is configured with application permissions, then the app has access to all mailboxes by default.
Tenant administrators can create an application access policy by using the New-ApplicationAccessPolicy PowerShell cmdlet to limit an app to only specific mailboxes and not all Exchange Online mailboxes in the organization.
More details:
Limiting application permissions to specific Exchange Online mailboxes

Lookup current users email address using EWS

In a desktop application I want to get the current user's email address to use Exchange Web Services auto discovery mechanism as here:
var svc = new ExchangeService()
{
UseDefaultCredentials = true
};
svc.AutodiscoverUrl("user#company.com");
I know the current users domain\username; how do I get the email address before configuring EWS?
You need to use something other then EWS to get that eg LDAP is generally the most common method eg see something like Get UPN or email for logged in user in a .NET web application
Cheers
Glen

Using the new OAuth 2 in Box

I'm trying to use the new Box authentication API with OAuth. I would like to use the credential of the the box account I'm currently using to authorize my application.
The configuration of OAuth requests a redirection URI and I don't know what must be entered there. In the previous authentication method, the following URI was given http://www.box.net/api/1.0/auth/{ticket}, but this was done after getting the authentication ticket.
I'm new to OAuth so my question may be a bit obvious... but I'd like to know how to do the authentication with the credentials of a box account user.
I'm doing this in a Windows application, so I would also like to understand how to show the response from the request.
When I was searching around for answers on creating a Box.net application for desktop trying to get the login authentication took more than that it really should have...
So I decided to put together an article on my website that talks through the process of creating a C# .Net 4.0 desktop application that can login and work with their SDK. This is using their new OAuth 2.0 login system.
Firstly we send the initial web request using a standard HttpWebRequest object to get the UI web page for the OAuth 2.0 login. Once the web response has been returned, we convert it into a Stream for our web-browser to consume. The redirect URI can be any HTTPS based URI.
string baseURI = "https://www.box.com/api/oauth2/authorize?";
string responseType = "&response_type=code";
string clientId = "&client_id=YOUR OWN CLIENT ID";
string redirectURI = "&redirect_uri=https://app.box.com/services/poc_connector";
var targetUri = new Uri(baseURI + responseType + clientId + redirectURI);
HttpWebRequest webRequest = (HttpWebRequest)WebRequest.Create(targetUri);
To inject the Stream into the web-browser control we use the document property
webBrowser1.DocumentStream = view;
Once that is done all the operations by the user are handled by the web-browser control. To capture the Authentication token when the user presses the "Grant access" button. We add an event listener for the web-browsers Navigated event.
private void webBrowser1_Navigated(object sender, WebBrowserNavigatedEventArgs e)
{
if (e.Url.AbsolutePath != "blank" && e.Url.ToString().Contains("&code="))
{
Token = e.Url.ToString().Substring(e.Url.ToString().IndexOf("&code="));
Token = Token.Replace("&code=", String.Empty);
this.Close();
}
}
Link my original article and source code: link
The first step in the OAuth 2 process is sending the user to https://api.box.com/oauth2/authorize with response_type and client_id as parameters of the request. The redirect URL will be the same as what you set in V1. If you client_id was 123456, for example, you could direct the user to
https://api.box.com/oauth2/authorize?response_type=code&client_id=123456
See here for more info.

Get logged on user's SMTP address via EWS?

I have a client app written using EWS Managed API 1.1. Here's the situation:
The client does not run on a computer within the same domain as the Exchange Server.
I have the username and password of a user, but not their email address.
There's no commonality between username (e.g. ABC123\001234) and email address (e.g. joe.bloggs#company.com).
I can connect to EWS just fine, send messages, etc.
However my software needs to discover the authenticated user's email address, and for various requirements reasons can't just ask the user to provide it.
I assumed I'd be able to get such a simple detail back from the web service, but I'm stumped!
Is this possible for both 2007 and 2010?
Thanks!
You may be able to do it using ExchangeService.ResolveName. I tried it with the following EWS Managed API code example on Exchange 2007 and it worked like a charm:
var service = new ExchangeService(ExchangeVersion.Exchange2007_SP1);
service.Url = new Uri("https://serv/EWS/exchange.asmx");
service.Credentials = new NetworkCredential("001234", "PasswordForUser001234", "Domain");
ServicePointManager.ServerCertificateValidationCallback = (object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) =>
{
return true;
};
var resolvedNames = service.ResolveName("001234");
foreach (var resolvedName in resolvedNames)
{
Console.WriteLine(resolvedName.Mailbox.Address);
}

SmtpClient, send email through smtp.gmail.com, but From another account

I wonna send email through gmail smtp, but users should see my corporative "From"
SmtpClient smtp = new SmtpClient("smtp.gmail.com", 587);
smtp.EnableSsl = true;
smtp.Credentials = new NetworkCredential("igor#dynback.com", "pass", "mail.dynback.com");
I am getting SmtpException:
"The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.5.1 Authentication Required"
I heard its all possible and called "Relay", but I am not sure, do i need to put somehow google credentials?
You'll have to use a Google account for the credentials. You should be able to set the From or ReplyTo address in your MailMessage to whatever you want.
Use "Save As" feature in gmail.