private ExchangeService connectToEWS(string email, bool impersonate = false) { WebCredentials credentials = new WebCredentials(username, password, domain); ExchangeVersion version = (ExchangeVersion)exchangeVersion; ExchangeService service = new ExchangeService(version) { Credentials = credentials, Url = new Uri("https://outlook.office365.com/ews/exchange.asmx") }; if (impersonate) { service.HttpHeaders.Add("X-AnchorMailbox", email); service.ImpersonatedUserId = new ImpersonatedUserId(ConnectingIdType.SmtpAddress, email); service.CookieContainer = new CookieContainer(); } service.Timeout = int.MaxValue; }
Using the code above as well as
ExchangeService service = connectToEWS(email, true); FolderId msgFolderRoot = WellKnownFolderName.MsgFolderRoot; FolderView view = new FolderView(int.MaxValue); view.PropertySet = PropertySet.IdOnly; var result = service.FindFolders(msgFolderRoot, view);
I receive a 401 unauthorized exception on the FindFolders call. If I use the other constructor of WebCredentials that takes only the smtp and password, I get a 503 server not available exception. When I do not use impersonation (delegate access instead), no exceptions are thrown and I can get the list of folders however I need to be able to support impersonation.
I have added ApplicationImpersonation role to the service account (username in the first code block). Is there another role required for impersonation? I can not find anything in the EWS impersonation documentation. Every other thread about this issue points to the UPN usage rather than smtp but I am fairly sure this smtp is the same as the UPN. I don't actually know where to look within o365 however.