1
votes

I have web application which needs to access user mail box using EWS.

I am having trouble implementing impersontation.

If I impersonate my application in IIS or do run time impersonation and browser through localhost it works fine, however neither impersonation (using IIS config or runtime) works when i browse my application using IP.

I have tried Basic Authenticatio/Anonymous Authentication along with windows auth but failed to get it working. I tried my app to use either/both NTLM and Kerberos.

Ideal configuration for my app is only windows authentication on NTLM.

Please help if someone has faced this issue.

App should run for a account, but should impersonate user when needed to access his/her mailbox. I am running .net 4.5 on IIS 7.5

1
Are you saying that when you access your website as "localhost" it works fine but if you access as "1.2.3.4" it fails to impersonate? Check at which level (server, website, folder) you have enabled impersonation.Giovanni Tirloni

1 Answers

1
votes

What you are seeing is the server double-hop authentication issue. By default Windows does not allow the user's credentials to be delegated from the web server running your ASP.NET site to your Exchange server. It works locally because there is only a single server hop as you are logged in to the machine running the ASP.NET site.

Kerberos is the way to go to make it work. You have to set your web server up to be trusted for delegation. I have no idea how to actually do this but this SO question may help you: How can I fix the Kerberos double-hop issue?