Retrieved the email Address from the Exchange authenticated user

0
votes

In a VSTO Add-In, I am trying to retrieve the email address of the user connected to Outlook. For security reason, I would like to ensure that the user was authenticated to the Exchange server prior using the email address. The authentication can be direct when inside the domain or from outside using Outlook Anywhere or similar authentication mechanisms. So far, I have the following code:

string authUserEmail = "";
string notAuthUserEmail = "";
AddressEntry currentUserAddressEntry = Application.Session.CurrentUser.AddressEntry;
if (currentUserAddressEntry.Type.Contains("Exchange"))
{
  ExchangeUser currentExUser = currentUserAddressEntry.GetExchangeUser();
  if(currentExUser != null)
    authUserEmail = currentExUser.PrimarySmtpAddress;
}
if (authUserEmail == "")
{
  string PR_SMTP_ADDRESS = @"http://schemas.microsoft.com/mapi/proptag/0x39FE001E";
  notAuthUserEmail = currentUserAddressEntry.PropertyAccessor.GetProperty(PR_SMTP_ADDRESS) as string;
}

My questions are:

  1. Can I rely on the GetExchangeUser() function to retrieve the details of the Exchange authenticated user? I read the post here indicating that it could be an issue.
  2. Is there a better way to check if the user is authenticated against the exchange environment? Would the ExchangeConnectionMode property be a better way?
  3. If I rely on the PropertyAccessor property, how safe will this be to prevent someone from faking someone else email address?

References:

2
c#vstoexchange-serveroutlook-addinoffice-addins

2 Answers

1
votes

You can be sure that the user was authenticated at some prior point, at the very least when the profile was configured.

1
votes

It seems you just need to get an SMTP email address of the current user in Outlook. 

private string GetUserSMTPAddress()
{
        string PR_SMTP_ADDRESS = @"http://schemas.microsoft.com/mapi/proptag/0x39FE001E";

        Outlook.AddressEntry sender =
            Application.Session.CurrentUser.AddressEntry;
        if (sender != null)
        {
            //Now we have an AddressEntry representing the Sender
            if (sender.AddressEntryUserType ==
                Outlook.OlAddressEntryUserType.
                olExchangeUserAddressEntry
                || sender.AddressEntryUserType ==
                Outlook.OlAddressEntryUserType.
                olExchangeRemoteUserAddressEntry)
            {
                //Use the ExchangeUser object PrimarySMTPAddress
                Outlook.ExchangeUser exchUser =
                    sender.GetExchangeUser();
                if (exchUser != null)
                {
                    return exchUser.PrimarySmtpAddress;
                }
                else
                {
                    return null;
                }
            }
            else
            {
                return sender.PropertyAccessor.GetProperty(
                    PR_SMTP_ADDRESS) as string;
            }
        }
        else
        {
            return null;
        }   
}

See Get the SMTP address of the sender of a mail item for more information.