11

Is it possibly to access the folders and items of other Exchange accounts other than the one of the logged in user?

Can I do this via Exchange Web Services Managed API?

Alfred Myers
  • 6,384
  • 1
  • 40
  • 68
Luke
  • 5,771
  • 12
  • 55
  • 77

3 Answers3

15

Yes it is possible, but you should know the password of the other user or grab in some ways this credentials (NetworkCredential object). The typical first lines of you code could be

ExchangeService myService = new ExchangeService (ExchangeVersion.Exchange2007_SP1);
myService.Credentials = new NetworkCredential ("user@mycorp.local", "P@ssword00");

so you can access Exchange Server Web Services with the account which is other as the current user. See ExchangeService object description for more information.

If you are an admin you can make user impersonation by SMTP address.

Oleg
  • 220,925
  • 34
  • 403
  • 798
  • @Alfred Myers & @user457261: You don't wrote any comment. Is the information which I wrote what you are need? – Oleg Oct 03 '10 at 22:40
  • Thanks for your answer, but i was looking for a way without having to know every password. Like using a superuser who can access all accounts. – Luke Oct 08 '10 at 11:53
  • 2
    @Luke: The last sentences from my answer describe how to do this. As a "superadmin" you can impersonate any user by SMTP address only without having any information about his password. Look at http://msdn.microsoft.com/en-us/library/dd633680(EXCHG.80).aspx one more time. – Oleg Oct 08 '10 at 18:54
  • 1
    Anyone here looking see my answer, you don't need to impersonate and you don't need to know the password. – Preston Sep 29 '14 at 17:23
  • 1
    @Preston: First of all my answer was written 4 years ago. **EWS didn't had any `WebCredentials` at the time.** At the time EWS Managed API was in version 1.1 (or 1.2) and not 2.2 like now. `WebCredentials` was introduced starting with EWS Managed API 2.0. Seconds **you should be very careful if you write that something is wrong**: "using impersonation is wrong". Even if you would find *alternative way* for accessing other users credentials for EWS Managed API 1.1 the way with impersonation will be still *correct*. It was the only know me way at the time which was recommended by Microsoft. – Oleg Sep 29 '14 at 20:37
  • @Preston: By the way if you would carefully examine documentation of `WebCredentials` you will find that `WebCredentials` is not much more as a wrapper to `NetworkCredential`: "WebCredentials wraps an instance of a T:System.Net.NetworkCredential object" (see [here](http://msdn.microsoft.com/en-us/library/microsoft.exchange.webservices.data.webcredentials(v=exchg.80).aspx)). – Oleg Sep 29 '14 at 20:45
  • @Oleg Sorry but given SE's militant ideology on reposts it should be corrected since no one will be able to ask to get an updated answer. – Preston Sep 29 '14 at 20:45
  • @Preston: You can ask *new question* about possibilities of authentications in EWS Managed API 2.2 or 2.0. You even can post your own answer where you write: starting with version x.y there are exists a better way ... (your current answer contains no version information) In any way the statement like "the usage of impersonation is wrong" is also wrong in the case. I recommend you to be very carefully if you want to claim that something is wrong. You should be careful in down-voting too. – Oleg Sep 29 '14 at 21:02
5

Here's how you do it without impersonation or knowing credentials.

        ExchangeService _service = new ExchangeService(ExchangeVersion.Exchange2010_SP2);
        //CREDENTIALS OF AN ACCOUNT WHICH HAS READ ACCESS TO THE CALENDAR YOU NEED
        _service.Credentials = new WebCredentials(username, password);
        _service.Url = new Uri(serviceURL);
        
        SearchFilter.SearchFilterCollection searchFilter = new SearchFilter.SearchFilterCollection();
        searchFilter.Add(new SearchFilter.IsGreaterThanOrEqualTo(AppointmentSchema.Start, DateTime.Now.AddDays(-1)));
        searchFilter.Add(new SearchFilter.IsLessThanOrEqualTo(AppointmentSchema.Start, DateTime.Now.AddDays(2)));
        ItemView view = new ItemView(50);
        view.PropertySet = new PropertySet(BasePropertySet.IdOnly, AppointmentSchema.Subject, AppointmentSchema.Start, AppointmentSchema.AppointmentType, AppointmentSchema.End);
        
        //THIS NEXT LINE!!!
        var calendarSearch = new FolderId(WellKnownFolderName.Calendar, new Mailbox("email@ofsomemailbox.com"));
        var appointments = _service.FindItems(calendarSearch, searchFilter, view);
Preston
  • 1,300
  • 1
  • 17
  • 32
0

I suggest to use impersonation instead of login for each user. Via impersonation you can impersonate users. Its not the same like full access. Full access is on behave of, impersonation is act as.

A pre of impersonation is you have one username and password instead of having x usernames and passwords.

You can use impersonation like this way:

ExchangeService service = new ExchangeService(ExchangeVersion.Exchange2010);
service.Credentials = new NetworkCredential(appName, appPassword, emailDomain);
service.ImpersonatedUserId = new ImpersonatedUserId(ConnectingIdType.SmtpAddress, userToImpersonate);

when a user has delegate access to someone else, you can access the folder of the other user. For example: Person A will be impersonated and is able to access Person B

eL-Prova
  • 1,084
  • 11
  • 27