Sharepoint is not getting the current NetworkCredential user from the active directory

We have a strange problem: we have one single and we are trying to get an unread email account from Exchange ews webservice, the problem is that it always gets the same account for the whole user, which is actually the server user.

'it should now get for current user who requested the page 
'but its always for server user where sharepoint is installed
Public Sub GetUnreadEmailCount()
    Dim errormsg As String = String.Empty
    Dim UnreadCount As Integer = 0
    Dim esb As New ExchangeServiceBinding

        esb.RequestServerVersionValue = New RequestServerVersion
        esb.RequestServerVersionValue.Version = ExchangeVersionType.Exchange2007_SP1
        esb.UseDefaultCredentials = True
        esb.Url = Domain + "/EWS/Exchange.asmx"

        ServicePointManager.ServerCertificateValidationCallback = New RemoteCertificateValidationCallback(AddressOf CertificateValidationCallBack)

        Dim biArray(1) As BaseFolderIdType
        Dim dfFolder As New DistinguishedFolderIdType
        dfFolder.Id = DistinguishedFolderIdNameType.inbox
        biArray(0) = dfFolder
        Dim geGetFolder As New GetFolderType
        geGetFolder.FolderIds = biArray
        geGetFolder.FolderShape = New FolderResponseShapeType
        geGetFolder.FolderShape.BaseShape = DefaultShapeNamesType.AllProperties
        Dim gfResponse As GetFolderResponseType = esb.GetFolder(geGetFolder)

        Dim rmta As ResponseMessageType() = gfResponse.ResponseMessages.Items
        Dim rmt As FolderInfoResponseMessageType = DirectCast(rmta(0), FolderInfoResponseMessageType)
        If rmt.ResponseClass = ResponseClassType.Success Then
            Dim folder As FolderType = DirectCast(rmt.Folders(0), FolderType)
            UnreadCount = folder.UnreadCount

        End If

        Label1.Text = vbCrLf + "Unread email count : " + UnreadCount.ToString
        ' Return UnreadCount
    Catch ex As Exception
        If Not ex.Message Is Nothing Then errormsg = ex.Message
            If Not ex.InnerException.Message Is Nothing Then errormsg = errormsg + " : " + ex.InnerException.Message
        Catch e As Exception

        End Try
        If esb IsNot Nothing Then esb.Dispose() : esb = Nothing
        If Not errormsg = String.Empty Then
            Label1.Text = vbCrLf + "Error : " + errormsg
        End If
    End Try

End Sub



source to share

2 answers

We had the same problem, although we didn't use one sign. So I'm not sure if this is exactly what you are experiencing.

The problem is that you cannot have User Machine A provide their credentials to Machine B (SharePoint?) And then Machine B send those credentials to Machine C

It is referred to as a "double hop" problem and is a safety feature, however I am not getting into the technical side. Our solution was to use Kerberos.

Hope it helps you, if not, it helps you eliminate this problem :)



Your server side code works like the AppPool ID, which is your sharepoint service account. I am assuming you mean "server user".

esb.UseDefaultCredentials = true; 


will use the creds of the context. I'm not sure what is available in EWS, so if you can use a higher privileged account and rely on user login, i.e. HttpContext.Current.User.Identity as a parameter, then this might be the best way.

You can authenticate via javascript directly to the EWS by skipping the server side code altogether and write something that consumes and displays the server side stuff as needed.

You will need to find a way to directly connect the user to the EWS. Double-hop is a problem with NTLM since your NTLM ticket is only valid for the first hop. Kerberos fixes this, but you still need to impersonate it.



All Articles