【发布时间】:2020-05-28 11:27:00
【问题描述】:
我想使用 EWS 托管 API 和基本身份验证连接到 Exchange Online。
但在我的应用程序中,EWS AutodiscoverService 在使用基本身份验证时无法从 Exchange Online 检索邮箱设置 (GetUserSettings),但 oAuth 工作正常。
我收到Microsoft.Exchange.WebServices.Data.ServiceRequestException 消息“连接尝试失败,因为连接方在一段时间后没有正确响应,或者建立连接失败,因为连接的主机未能响应 40.101.50.162:444 "
我使用基本身份验证已有几年了,几天前它刚刚停止工作。是否不再可以对 Exchange Online 和 EWS 使用基本身份验证?
代码示例
var ads = new AutodiscoverService
{
RedirectionUrlValidationCallback = url => true,
EnableScpLookup = false
};
ads.Credentials = new NetworkCredential( svcUsr, svcPwd ); // using these will throw an exception
ads.Credentials = new OAuthCredentials( token.AccessToken ); // these works
var res = ads.GetUserSettings( mailBox, UserSettingName.GroupingInformation );
例外
Microsoft.Exchange.WebServices.Data.ServiceRequestException: The request failed. Unable to connect to the remote server ---> System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 40.101.28.194:444
at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
at System.Net.HttpWebRequest.GetRequestStream()
at Microsoft.Exchange.WebServices.Data.EwsHttpWebRequest.Microsoft.Exchange.WebServices.Data.IEwsHttpWebRequest.GetRequestStream()
at Microsoft.Exchange.WebServices.Autodiscover.AutodiscoverRequest.InternalExecute()
--- End of inner exception stack trace ---
at Microsoft.Exchange.WebServices.Autodiscover.AutodiscoverRequest.InternalExecute()
at Microsoft.Exchange.WebServices.Autodiscover.GetUserSettingsRequest.Execute()
at Microsoft.Exchange.WebServices.Autodiscover.AutodiscoverService.InternalGetUserSettings(List`1 smtpAddresses, List`1 settings, Nullable`1 requestedVersion, Uri& autodiscoverUrl)
at Microsoft.Exchange.WebServices.Autodiscover.AutodiscoverService.GetSettings[TGetSettingsResponseCollection,TSettingName](List`1 identities, List`1 settings, Nullable`1 requestedVersion, GetSettingsMethod`2 getSettingsMethod, Func`1 getDomainMethod)
at Microsoft.Exchange.WebServices.Autodiscover.AutodiscoverService.GetUserSettings(List`1 smtpAddresses, List`1 settings)
at Microsoft.Exchange.WebServices.Autodiscover.AutodiscoverService.InternalGetSoapUserSettings(String smtpAddress, List`1 requestedSettings)
at Microsoft.Exchange.WebServices.Autodiscover.AutodiscoverService.GetUserSettings(String userSmtpAddress, UserSettingName[] userSettingNames)
at EWSAutoDiscovery.Program.Main(String[] args) in C:\Program.cs:line 57
经过测试和验证的内容 [更新 1]
- 我已验证某些 EWS 操作仍可使用基本身份验证, 例如SyncFolderItems。
- 我已验证服务帐户用户和 EXO 常规配置具有身份验证策略。
- 我创建了一个在所有协议上启用 BasicAuth 的身份验证策略,并将其分配给 EXO 组织配置 DefaultAuthenticationPolicy 参数。
- 我已将身份验证策略分配给服务帐户和目标用户。
- 我已在服务帐户上删除并重新应用 ApplicationImpersonation 角色。
【问题讨论】:
-
Microsoft 将在不久的将来阻止基本身份验证(如果他们还没有为您的租户这样做):techcommunity.microsoft.com/t5/exchange-team-blog/… 现在可能是时候调查更改您的应用程序以使用 Graph API 代替?
-
MSFT 已宣布从 2020 年 10 月开始结束 O365 的基本身份验证。由于 COVID-19,它已被推迟到 2021 年年中。但是,您的 Exchange 管理员可以随时使用单个 PowerShell 命令关闭此功能。
-
@pjneary 我已经用测试过的东西更新了帖子,我找不到任何关于在 EXO 中禁用 BasicAuth 或在 AzureAD 中启用安全默认值的痕迹。
标签: c# office365 exchangewebservices