Sharepoint is not getting the current NetworkCredential user from the active directory
We have a strange problem: we have one single and we are trying to get an unread email account from Exchange ews webservice, the problem is that it always gets the same account for the whole user, which is actually the server user.
'it should now get for current user who requested the page
'but its always for server user where sharepoint is installed
Public Sub GetUnreadEmailCount()
Dim errormsg As String = String.Empty
Dim UnreadCount As Integer = 0
Dim esb As New ExchangeServiceBinding
Try
esb.RequestServerVersionValue = New RequestServerVersion
esb.RequestServerVersionValue.Version = ExchangeVersionType.Exchange2007_SP1
esb.UseDefaultCredentials = True
esb.Url = Domain + "/EWS/Exchange.asmx"
ServicePointManager.ServerCertificateValidationCallback = New RemoteCertificateValidationCallback(AddressOf CertificateValidationCallBack)
Dim biArray(1) As BaseFolderIdType
Dim dfFolder As New DistinguishedFolderIdType
dfFolder.Id = DistinguishedFolderIdNameType.inbox
biArray(0) = dfFolder
Dim geGetFolder As New GetFolderType
geGetFolder.FolderIds = biArray
geGetFolder.FolderShape = New FolderResponseShapeType
geGetFolder.FolderShape.BaseShape = DefaultShapeNamesType.AllProperties
Dim gfResponse As GetFolderResponseType = esb.GetFolder(geGetFolder)
Dim rmta As ResponseMessageType() = gfResponse.ResponseMessages.Items
Dim rmt As FolderInfoResponseMessageType = DirectCast(rmta(0), FolderInfoResponseMessageType)
If rmt.ResponseClass = ResponseClassType.Success Then
Dim folder As FolderType = DirectCast(rmt.Folders(0), FolderType)
UnreadCount = folder.UnreadCount
End If
Label1.Text = vbCrLf + "Unread email count : " + UnreadCount.ToString
' Return UnreadCount
Catch ex As Exception
If Not ex.Message Is Nothing Then errormsg = ex.Message
Try
If Not ex.InnerException.Message Is Nothing Then errormsg = errormsg + " : " + ex.InnerException.Message
Catch e As Exception
End Try
Finally
If esb IsNot Nothing Then esb.Dispose() : esb = Nothing
If Not errormsg = String.Empty Then
Label1.Text = vbCrLf + "Error : " + errormsg
End If
End Try
End Sub
source to share
We had the same problem, although we didn't use one sign. So I'm not sure if this is exactly what you are experiencing.
The problem is that you cannot have User Machine A provide their credentials to Machine B (SharePoint?) And then Machine B send those credentials to Machine C
It is referred to as a "double hop" problem and is a safety feature, however I am not getting into the technical side. Our solution was to use Kerberos.
Hope it helps you, if not, it helps you eliminate this problem :)
source to share
Your server side code works like the AppPool ID, which is your sharepoint service account. I am assuming you mean "server user".
esb.UseDefaultCredentials = true;
will use the creds of the context. I'm not sure what is available in EWS, so if you can use a higher privileged account and rely on user login, i.e. HttpContext.Current.User.Identity as a parameter, then this might be the best way.
You can authenticate via javascript directly to the EWS by skipping the server side code altogether and write something that consumes and displays the server side stuff as needed.
You will need to find a way to directly connect the user to the EWS. Double-hop is a problem with NTLM since your NTLM ticket is only valid for the first hop. Kerberos fixes this, but you still need to impersonate it.
source to share