<< "Visual Studio 2005 is very slow" -some tips for ASP.NET projects | Home | Print UserAccountControl AD property programmatically. >>

To run WebDav queries against Exchange Folders from ASP.NET -use Kerberos .

I am using WebDav query to search e-mails and public folders from Exchange Server 2003. The code is based on the Visual Basic .NET sample  http://msdn.microsoft.com/library/default.asp?url=/library/en-us/e2k3/e2k3/_exch2k_searching_folders_http.asp

However when I started to test the code with impersonation, I ve got a problem.The scenario was the following

I am using client on workstation running IE6 that login to ASP.NET web server using Windows Authentication with impersonation. The server ASP.NET page uses WebDav to access Exchange Server 2003.

The WebDav request failed with "The remote server returned an error: (401) Unauthorized".

If the client is running IE browser on the Web Server , WebDav queries are succeded.
I've changed Web Server to "trust this computer to delegate", but the error was the same.

The solution is to use "Negotiate" (or "Kerberos") instead of NTLM when calling MyCredentialCache.Add

CredentialCache cache =new CredentialCache();

NetworkCredential credential1 = (NetworkCredential) CredentialCache.DefaultCredentials;

// from http://blogs.msdn.com/buckh/archive/2004/07/28/199706.aspx

// Depending upon the IIS configuration, that may be negotiate, NTLM, Kerberos, basic, or digest authentication

//Negotiates with the client to determine the authentication scheme. If both client and server support Kerberos, it is used; otherwise NTLM is used.

string authType ="Negotiate";//The authentication scheme used by the resource named in uriPrefix.

// if Kerberos is unavailable, it can be 15sec delay (from http://blogs.msdn.com/buckh/archive/2004/07/28/199706.aspx#217098)

cache.Add(new Uri(strRootURI), authType, credential1);

It also important to ensure that both Web Server and impersonated user account are "Trusted for deilegation" (see ASP.NET and Exchange tips and samples and How To: Implement Kerberos Delegation for Windows 2000)

Related post: Configure Exchange Server 2003 for WebDav queries.

posted @ Tuesday, September 27, 2005 11:49 AM

Print

Comments on this entry:

# re: To run WebDav queries against Exchange Folders from ASP.NET -use Kerberos .

Left by Kiki at 4/12/2006 5:34 PM
Gravatar
Since NTLM would not work anyway, why not use "Kerberos" as the auth mode in the first place?

I should guess, though, that Basic will work? After all, this includes the password in clear text, so it is forwardable without any problems.

# re: To run WebDav queries against Exchange Folders from ASP.NET -use Kerberos .

Left by Kiki at 4/12/2006 5:35 PM
Gravatar
If forgot to mention: if you want to use Basic (or Digest) you cannot use DefaultCredentials but you will have to create a NetworkCredentials object.

# re: To run WebDav queries against Exchange Folders from ASP.NET -use Kerberos .

Left by hippy at 9/2/2008 12:11 AM
Gravatar
Woohoo! Thanks!
The link above to thespoke.net with this gem - "The next error was:The remote server returned an error: (401) Unauthorized.
Even i had changed Exchange virtual directory settings to enable Integrated Windows authentication accordong to
MS KB 817379 before, it was disabled and I had to re-enable it again." has finally got me around the 401 Authentication problems I've been having. Awesome!!!

# re: To run WebDav queries against Exchange Folders from ASP.NET -use Kerberos .

Left by PKRao at 10/20/2008 7:58 AM
Gravatar
cool. thanks a lot for this.

Regards, PKRao

# re: To run WebDav queries against Exchange Folders from ASP.NET -use Kerberos .

Left by Dheepa at 7/28/2009 1:42 PM
Gravatar
Hi,
I am using basic authentication by passing network credentials and still get the 401-unauthorized error. What could be the problem?

Your comment:



 (will not be displayed)


 
 
 
 
 

Live Comment Preview:

 
«November»
SunMonTueWedThuFriSat
25262728293031
1234567
891011121314
15161718192021
22232425262728
293012345

About
Article Categories
Archives
Post Categories
Links
Syndication:

RSS ATOM