I have web application which needs to access user mail box using EWS.
我有Web应用程序需要使用EWS访问用户邮箱。
I am having trouble implementing impersontation.
我在实施impersontation方面遇到了麻烦。
If I impersonate my application in IIS or do run time impersonation and browser through localhost it works fine, however neither impersonation (using IIS config or runtime) works when i browse my application using IP.
如果我在IIS中模拟我的应用程序或通过localhost运行时模拟和浏览器它工作正常,但是当我使用IP浏览我的应用程序时,模拟(使用IIS配置或运行时)都不起作用。
I have tried Basic Authenticatio/Anonymous Authentication along with windows auth but failed to get it working. I tried my app to use either/both NTLM and Kerberos.
我尝试过基本身份验证/匿名身份验证以及Windows身份验证但无法使其正常运行。我尝试使用我的应用程序使用NTLM和Kerberos。
Ideal configuration for my app is only windows authentication on NTLM.
我的应用程序的理想配置只是NTLM上的Windows身份验证。
Please help if someone has faced this issue.
如果有人遇到此问题,请提供帮助。
App should run for a account, but should impersonate user when needed to access his/her mailbox. I am running .net 4.5 on IIS 7.5
应该运行应用程序,但应该在需要时模拟用户访问他/她的邮箱。我在IIS 7.5上运行.net 4.5
1 个解决方案
#1
1
What you are seeing is the server double-hop authentication issue. By default Windows does not allow the user's credentials to be delegated from the web server running your ASP.NET site to your Exchange server. It works locally because there is only a single server hop as you are logged in to the machine running the ASP.NET site.
您看到的是服务器双跃点身份验证问题。默认情况下,Windows不允许将用户的凭据从运行ASP.NET站点的Web服务器委派给Exchange服务器。它在本地工作,因为当您登录到运行ASP.NET站点的计算机时,只有一个服务器跃点。
Kerberos is the way to go to make it work. You have to set your web server up to be trusted for delegation. I have no idea how to actually do this but this SO question may help you: How can I fix the Kerberos double-hop issue?
Kerberos是让它工作的方法。您必须将您的Web服务器设置为可信任以进行委派。我不知道如何实际做到这一点,但这个问题可能对你有所帮助:我如何解决Kerberos双跳问题?
#1
1
What you are seeing is the server double-hop authentication issue. By default Windows does not allow the user's credentials to be delegated from the web server running your ASP.NET site to your Exchange server. It works locally because there is only a single server hop as you are logged in to the machine running the ASP.NET site.
您看到的是服务器双跃点身份验证问题。默认情况下,Windows不允许将用户的凭据从运行ASP.NET站点的Web服务器委派给Exchange服务器。它在本地工作,因为当您登录到运行ASP.NET站点的计算机时,只有一个服务器跃点。
Kerberos is the way to go to make it work. You have to set your web server up to be trusted for delegation. I have no idea how to actually do this but this SO question may help you: How can I fix the Kerberos double-hop issue?
Kerberos是让它工作的方法。您必须将您的Web服务器设置为可信任以进行委派。我不知道如何实际做到这一点,但这个问题可能对你有所帮助:我如何解决Kerberos双跳问题?