Hi,
i'm working on enhancing a service to be able to use OAUTH2 as authentication protocol with client credential grant flow when talking to exchange online ( like described here:
http://blogs.msdn.com/b/exchangedev/archive/2015/01/22/building-demon-or-service-apps-with-office-365-mail-calendar-and-contacts-apis-oauth2-client-credential-flow.aspx ). I gave my application the rights
Office 365 Exchange Online : Application Permissions: "Have full access via EWS to all mailboxes ....."
Windows Azure Active AD: Application Permissions: "Read Directory data", Delegate Permissions: "Enable sign-on and read users_ profiles"
I receive a access token from log.windows.net:
decoded token:
{
typ: "JWT",
alg: "RS256",
x5t: "MnC_VZcATfM5pOYiJHMba9goEKY"
}.
{
aud: "https://outlook.office365.com/",
iss: "https://sts.windows.net/<TENANT_ID>/",
iat: 1426584502,
nbf: 1426584502,
exp: 1426588402,
ver: "1.0",
tid: "<TENANT_ID>",
roles: [
"full_access_as_app"
],
oid: "1ddbdc11-b80d-4d1d-91b9-5b07a6b82659",
sub: "1ddbdc11-b80d-4d1d-91b9-5b07a6b82659",
idp: "https://sts.windows.net/TENANT_ID/",
appid: "<APP_ID_IN_AZURE_AD>",
appidacr: "2"
}.
<SIGNATURE>
If i use that token then to send a EWS XML to exchange online i get a 500 HTTP status code back:
With impersonation in the request:
[http.wire ]: >> "POST /EWS/Exchange.asmx HTTP/1.1[\r][\n]"
[http.wire ]: >> "Authorization: Bearer <MY_ACCESS_TOKEN>[\r][\n]"
[http.wire ]: >> "SoapAction: "http://schemas.microsoft.com/exchange/services/2006/messages/GetFolder"[\r][\n]"
[http.wire ]: >> "Content-Type: text/xml; charset=utf-8[\r][\n]"
[http.wire ]: >> "User-Agent: OpenScapeUC EWS HttpClient/3.0[\r][\n]"
[http.wire ]: >> "client-request-id: 5b2c7e1a-656d-4f43-bd34-ea2d6290611f[\r][\n]"
[http.wire ]: >> "Date: Tue, 17 Mar 2015 10:08:17 GMT[\r][\n]"
[http.wire ]: >> "Content-Length: 1189[\r][\n]"
[http.wire ]: >> "Host: outlook.office365.com[\r][\n]"
[http.wire ]: >> "Connection: Keep-Alive[\r][\n]"
[http.wire ]: >> "[\r][\n]"
[http.wire ]: >> "<?xml version="1.0" ?><S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"><S:Header><ns2:ExchangeImpersonation xmlns:ns2="http://schemas.microsoft.com/exchange/services/2006/types"
xmlns:ns3="http://schemas.microsoft.com/exchange/services/2006/messages"><ns2:ConnectingSID><ns2:PrimarySmtpAddress><THE_MAILBOX_I_WANT_TO_ACCESS></ns2:PrimarySmtpAddress></ns2:ConnectingSID></ns2:ExchangeImpersonation><ns2:RequestServerVersion
xmlns:ns2="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ns3="http://schemas.microsoft.com/exchange/services/2006/messages" Version="Exchange2007_SP1"/></S:Header><S:Body><ns3:GetFolder xmlns:ns2="http://schemas.microsoft.com/exchange/services/2006/types"
xmlns:ns3="http://schemas.microsoft.com/exchange/services/2006/messages"><ns3:FolderShape><ns2:BaseShape>IdOnly</ns2:BaseShape><ns2:AdditionalProperties><ns2:FieldURI FieldURI="folder:FolderId"/></ns2:AdditionalProperties></ns3:FolderShape><ns3:FolderIds><ns2:DistinguishedFolderId
Id="contacts"><ns2:Mailbox><ns2:EmailAddress><THE_MAILBOX_I_WANT_TO_ACCESS></ns2:EmailAddress></ns2:Mailbox></ns2:DistinguishedFolderId></ns3:FolderIds></ns3:GetFolder></S:Body></S:Envelope>"
[http.wire ]: << "HTTP/1.1 500 Internal Server Error[\r][\n]"
[http.wire ]: << "Cache-Control: private[\r][\n]"
[http.wire ]: << "Content-Type: text/xml; charset=utf-8[\r][\n]"
[http.wire ]: << "Server: Microsoft-IIS/8.0[\r][\n]"
[http.wire ]: << "request-id: ec42b5c5-f8dc-498d-ae16-d851a852058c[\r][\n]"
[http.wire ]: << "Set-Cookie: ClientId=<DELETED>; expires=Wed, 16-Mar-2016 10:08:17 GMT; path=/; secure; HttpOnly[\r][\n]"
[http.wire ]: << "X-CalculatedBETarget: am2pr02mb0387.eurprd02.prod.outlook.com[\r][\n]"
[http.wire ]: << "X-DiagInfo: AM2PR02MB0387[\r][\n]"
[http.wire ]: << "X-BEServer: AM2PR02MB0387[\r][\n]"
[http.wire ]: << "X-AspNet-Version: 4.0.30319[\r][\n]"
[http.wire ]: << "Set-Cookie: exchangecookie=<DELETED>; expires=Thu, 17-Mar-2016 10:08:17 GMT; path=/; HttpOnly[\r][\n]"
[http.wire ]: << "Set-Cookie: X-BackEndCookie2=OrganizationAnchor@symdev.onmicrosoft.com=<DELETED>; expires=Thu, 16-Apr-2015 10:08:18 GMT; path=/EWS; secure; HttpOnly[\r][\n]"
[http.wire ]: << "Set-Cookie: X-BackEndCookie=OrganizationAnchor@symdev.onmicrosoft.com=<DELETED>; expires=Thu, 16-Apr-2015 10:08:18 GMT; path=/EWS; secure; HttpOnly[\r][\n]"
[http.wire ]: << "X-Powered-By: ASP.NET[\r][\n]"
[http.wire ]: << "X-FEServer: DB5PR01CA0064[\r][\n]"
[http.wire ]: << "Date: Tue, 17 Mar 2015 10:08:17 GMT[\r][\n]"
[http.wire ]: << "Content-Length: 891[\r][\n]"
[http.wire ]: << "Accept-Ranges: none[\r][\n]"
[http.wire ]: << "Connection: keep-alive[\r][\n]"
[http.wire ]: << "[\r][\n]"
Without impersonation in the request:
Request
[http.wire ]: >> "POST /EWS/Exchange.asmx HTTP/1.1[\r][\n]"
[http.wire ]: >> "Authorization: Bearer <MY_ACCESS_TOKEN>[\r][\n]"
[http.wire ]: >> "SoapAction: "http://schemas.microsoft.com/exchange/services/2006/messages/GetFolder"[\r][\n]"
[http.wire ]: >> "Content-Type: text/xml; charset=utf-8[\r][\n]"
[http.wire ]: >> "User-Agent: OpenScapeUC EWS HttpClient/3.0[\r][\n]"
[http.wire ]: >> "client-request-id: 20bd722f-8276-4ebb-8d58-ce45d31f3ed4[\r][\n]"
[http.wire ]: >> "Date: Tue, 17 Mar 2015 09:33:24 GMT[\r][\n]"
[http.wire ]: >> "Content-Length: 871[\r][\n]"
[http.wire ]: >> "Host: outlook.office365.com[\r][\n]"
[http.wire ]: >> "Connection: Keep-Alive[\r][\n]"
[http.wire ]: >> "[\r][\n]"
[http.wire ]: >> "<?xml version="1.0" ?><S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"><S:Header><ns2:RequestServerVersion xmlns:ns2="http://schemas.microsoft.com/exchange/services/2006/types"
xmlns:ns3="http://schemas.microsoft.com/exchange/services/2006/messages" Version="Exchange2007_SP1"/></S:Header><S:Body><ns3:GetFolder xmlns:ns2="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ns3="http://schemas.microsoft.com/exchange/services/2006/messages"><ns3:FolderShape><ns2:BaseShape>IdOnly</ns2:BaseShape><ns2:AdditionalProperties><ns2:FieldURI
FieldURI="folder:FolderId"/></ns2:AdditionalProperties></ns3:FolderShape><ns3:FolderIds><ns2:DistinguishedFolderId Id="contacts"><ns2:Mailbox><ns2:EmailAddress><THE_MAILBOX_I_WANT_TO_ACCESS></ns2:EmailAddress></ns2:Mailbox></ns2:DistinguishedFolderId></ns3:FolderIds></ns3:GetFolder></S:Body></S:Envelope>"
Response:
[http.wire ]: << "HTTP/1.1 500 Internal Server Error[\r][\n]"
[http.wire ]: << "Cache-Control: private[\r][\n]"
[http.wire ]: << "Content-Type: text/xml; charset=utf-8[\r][\n]"
[http.wire ]: << "Server: Microsoft-IIS/8.0[\r][\n]"
[http.wire ]: << "request-id: 923ba463-490f-4ac9-a496-993cd8a44115[\r][\n]"
[http.wire ]: << "Set-Cookie: ClientId=<DELETED>; expires=Wed, 16-Mar-2016 09:33:24 GMT; path=/; secure; HttpOnly[\r][\n]"
[http.wire ]: << "X-CalculatedBETarget: am2pr02mb0387.eurprd02.prod.outlook.com[\r][\n]"
[http.wire ]: << "X-DiagInfo: AM2PR02MB0387[\r][\n]"
[http.wire ]: << "X-BEServer: AM2PR02MB0387[\r][\n]"
[http.wire ]: << "X-AspNet-Version: 4.0.30319[\r][\n]"
[http.wire ]: << "Set-Cookie: exchangecookie=<DELETED>; expires=Thu, 17-Mar-2016 09:33:25 GMT; path=/; HttpOnly[\r][\n]"
[http.wire ]: << "Set-Cookie: X-BackEndCookie2=OrganizationAnchor@symdev.onmicrosoft.com=<DELETED>; expires=Thu, 16-Apr-2015 09:33:25 GMT; path=/EWS; secure; HttpOnly[\r][\n]"
[http.wire ]: << "Set-Cookie: X-BackEndCookie=OrganizationAnchor@symdev.onmicrosoft.com=<DELETED>; expires=Thu, 16-Apr-2015 09:33:25 GMT; path=/EWS; secure; HttpOnly[\r][\n]"
[http.wire ]: << "X-Powered-By: ASP.NET[\r][\n]"
[http.wire ]: << "X-FEServer: AM3PR07CA0038[\r][\n]"
[http.wire ]: << "Date: Tue, 17 Mar 2015 09:33:24 GMT[\r][\n]"
[http.wire ]: << "Content-Length: 799[\r][\n]"
[http.wire ]: << "Accept-Ranges: none[\r][\n]"
[http.wire ]: << "Connection: keep-alive[\r][\n]"
If i use BASIC authentication and impersonation the request is successfully.
Has anyone an idea why i might get the error 500 in that scenario?
Other recent topics
