I want to create a web application which will allow me to send emails directly from my web application. but the problem is that I only want to log in once. I want the Exchange web server to send my application a token and then I want to be able to authenticate users against the token. Can someone help me with code examples or point me in the right direction in as to how this can be done.
Asked
Active
Viewed 482 times
0
-
What EWS version are you targeting? 2013 and "better" allows for Oauth authentication which will give you a token associated with your users. If you target earlier versions, you will have to work with regular user credentials. – Tholle Jul 15 '15 at 16:48
-
I dont not have access to Azure AD. Can you give me some other ideas? – Bob Jul 15 '15 at 18:23
-
Ah, shoot. That's too bad. What you could do is store the regular username and password with Secure String, and just keep the credentials in memory. This way, your users will only have to log in once, and you will not have to store any passwords in any database. However, if your server shuts down, the users have to log in again. I'm not a security expert though, but it may be worth investigating. http://stackoverflow.com/questions/26190938/is-securestring-ever-practical-in-a-c-sharp-application – Tholle Jul 15 '15 at 18:33
-
Secure string isnt an option. we dont want to be responsible for storing user credentials at all in any form. – Bob Jul 15 '15 at 18:53
-
1You don't have access to the Azure AD => You can not use Oauth. You are not allowed to store user credentials in memory at all => You can not use Basic- or NTLM-auth. I think you are out of options. – Tholle Jul 15 '15 at 18:54
-
Impersonation is also an option. Have never tried it myself though. https://msdn.microsoft.com/en-us/library/office/dn722377(v=exchg.150).aspx – Tholle Jul 15 '15 at 18:57