Using EWS Managed Api with Office 365 Api

2
votes

I am trying to use EWS managed Api with Office 365 Api via Azure AD. I have done the following tasks so far.

  • I have the admin privilege in Azure AD.
  • I have successfully registered my application in Azure AD.
  • I got Client ID, App key and resource ID from Azure AD.
  • I have enabled "Have full access to user's mailbox. as suggested by Jason.
  • I have successfully created a MVC5 web application.
  • I have followed this blog post of Jeremy.

Here the link of the blog I have followed : http://www.jeremythake.com/2014/08/using-the-exchange-online-ews-api-with-office-365-api-via-azure-ad/#comment-280653

Code in my controller: 

   var outlookClient = await AuthHelper.EnsureOutlookServicesClientCreatedAsync("Mail");

    IPagedCollection<IMessage> messagesResults = await     outlookClient.Me.Messages.ExecuteAsync();

    string messageId = messagesResults.CurrentPage[0].Id;
    string tokenx = AuthHelper.GetSessionToken();
    ExchangeService service = new ExchangeService(ExchangeVersion.Exchange2013);
    service.HttpHeaders.Add("Authorization", "Bearer " + tokenx);
    service.PreAuthenticate = true;
    service.SendClientLatencies = true;
    service.EnableScpLookup = false;
    service.Url = new Uri("https://outlook.office365.com/EWS/Exchange.asmx");

    ExFolder rootfolder = ExFolder.Bind(service, WellKnownFolderName.MsgFolderRoot);

Edited : I am getting accessToken Successfully and using it to make call against EWS managed Api, but it fails with 403:Forbidden exception. Your help will be highly appreciated.

best regards,

2
c#oauth-2.0exchangewebservicesoffice365
possible duplicate of Office 365 / EWS Authentication using OAuthtatigo

2 Answers

3
votes

Jason Johnston helped me solve my problem. The link:
Office 365 / EWS Authentication using OAuth: The audience claim value is invalid

I checked the EWS trace, I learned that EWS was complaining about invalid token and insufficient privileges. I re-registered my application to Azure AD and enabled full access to mailbox.

I commented this below code.

//var outlookClient = await AuthHelper.EnsureOutlookServicesClientCreatedAsync("Mail");
        //try
        //{
        //    IPagedCollection<IMessage> messagesResults = await outlookClient.Me.Messages.ExecuteAsync();

        //    string messageId = messagesResults.CurrentPage[0].Id;
        //}
        //catch
        //{
        //    System.Diagnostics.Debug.WriteLine("Something bad happened. !!");
        //}

I am getting access token from this below link sample. https://github.com/OfficeDev/Office-365-APIs-Starter-Project-for-ASPNETMVC

Here is the complete code of controller which does the main task of authentication.

string resourceUri = "https://outlook.office365.com";
        var signInUserId = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value;
        var userObjectId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
        AuthenticationContext authContext = new AuthenticationContext(Settings.Authority, new NaiveSessionCache(signInUserId));
        string tokenx = await AuthHelper.AcquireTokenAsync(authContext, resourceUri, Settings.ClientId, new UserIdentifier(userObjectId,UserIdentifierType.UniqueId));

        System.Diagnostics.Debug.WriteLine("Token:" + tokenx);

            ExchangeService service = new ExchangeService(ExchangeVersion.Exchange2013);
            service.TraceListener = new EwsTrace();
            service.TraceEnabled = true;
            service.TraceFlags = TraceFlags.All;
            service.HttpHeaders.Add("Authorization", "Bearer " + tokenx);
            service.PreAuthenticate = true;
            service.SendClientLatencies = true;
            service.EnableScpLookup = false;
            service.Url = new Uri("https://outlook.office365.com/EWS/Exchange.asmx");

            ExFolder rootfolder = ExFolder.Bind(service, WellKnownFolderName.MsgFolderRoot);

        Console.WriteLine("The " + rootfolder.DisplayName + " has " + rootfolder.ChildFolderCount + " child folders.");

The important thing I noticed is I can't use the same token to access office365 api and EWS managed Api as EWS works with full mailbox access while office365 doesn't. I request the developer to confirm this,maybe I am doing something wrong, however my problem is solved for now.

1
votes

Yep, that's right. The scope required for EWS isn't compatible with the Office 365 APIs, and vice versa.