To run WebDav queries against Exchange Folders from ASP.NET -use Kerberos .

<< "Visual Studio 2005 is very slow" -some tips for ASP.NET projects | Home | Print UserAccountControl AD property programmatically. >>

To run WebDav queries against Exchange Folders from ASP.NET -use Kerberos .

I am using WebDav query to search e-mails and public folders from Exchange Server 2003. The code is based on the Visual Basic .NET sample http://msdn.microsoft.com/library/default.asp?url=/library/en-us/e2k3/e2k3/_exch2k_searching_folders_http.asp

However when I started to test the code with impersonation, I ve got a problem.The scenario was the following

I am using client on workstation running IE6 that login to ASP.NET web server using Windows Authentication with impersonation. The server ASP.NET page uses WebDav to access Exchange Server 2003.

The WebDav request failed with "The remote server returned an error: (401) Unauthorized".

If the client is running IE browser on the Web Server , WebDav queries are succeded.
I've changed Web Server to "trust this computer to delegate", but the error was the same.

The solution is to use "Negotiate" (or "Kerberos") instead of NTLM when calling MyCredentialCache.Add

CredentialCache cache =new CredentialCache();

NetworkCredential credential1 = (NetworkCredential) CredentialCache.DefaultCredentials;

// from http://blogs.msdn.com/buckh/archive/2004/07/28/199706.aspx

// Depending upon the IIS configuration, that may be negotiate, NTLM, Kerberos, basic, or digest authentication

//Negotiates with the client to determine the authentication scheme. If both client and server support Kerberos, it is used; otherwise NTLM is used.

string authType ="Negotiate";//The authentication scheme used by the resource named in uriPrefix.

// if Kerberos is unavailable, it can be 15sec delay (from http://blogs.msdn.com/buckh/archive/2004/07/28/199706.aspx#217098)

cache.Add(new Uri(strRootURI), authType, credential1);

It also important to ensure that both Web Server and impersonated user account are "Trusted for deilegation" (see ASP.NET and Exchange tips and samples and How To: Implement Kerberos Delegation for Windows 2000)

Share This Post:

posted @ Tuesday, September 27, 2005 11:49 AM

Comments on this entry:

# re: To run WebDav queries against Exchange Folders from ASP.NET -use Kerberos .

Left by Kiki at 4/12/2006 5:34 PM

Since NTLM would not work anyway, why not use "Kerberos" as the auth mode in the first place?

I should guess, though, that Basic will work? After all, this includes the password in clear text, so it is forwardable without any problems.

# re: To run WebDav queries against Exchange Folders from ASP.NET -use Kerberos .

Left by Kiki at 4/12/2006 5:35 PM

If forgot to mention: if you want to use Basic (or Digest) you cannot use DefaultCredentials but you will have to create a NetworkCredentials object.

# re: To run WebDav queries against Exchange Folders from ASP.NET -use Kerberos .

Left by hippy at 9/2/2008 12:11 AM

Woohoo! Thanks!
The link above to thespoke.net with this gem - "The next error was:The remote server returned an error: (401) Unauthorized.
Even i had changed Exchange virtual directory settings to enable Integrated Windows authentication accordong to
MS KB 817379 before, it was disabled and I had to re-enable it again." has finally got me around the 401 Authentication problems I've been having. Awesome!!!

# re: To run WebDav queries against Exchange Folders from ASP.NET -use Kerberos .

Left by PKRao at 10/20/2008 7:58 AM

cool. thanks a lot for this.

Regards, PKRao

# re: To run WebDav queries against Exchange Folders from ASP.NET -use Kerberos .

Left by Dheepa at 7/28/2009 1:42 PM

Hi,
I am using basic authentication by passing network credentials and still get the 401-unauthorized error. What could be the problem?

# re: To run WebDav queries against Exchange Folders from ASP.NET -use Kerberos .

Left by web tasarım at 2/26/2011 4:04 PM

thanks DefaultCredentials but you will have to create a NetworkCredentials object.

# re: To run WebDav queries against Exchange Folders from ASP.NET -use Kerberos .

Left by WebDav sucks at 5/23/2011 4:45 PM

This doesn't work.

# re: To run WebDav queries against Exchange Folders from ASP.NET -use Kerberos .

Left by web tasarım at 6/21/2011 8:23 AM

thanks...

# re: To run WebDav queries against Exchange Folders from ASP.NET -use Kerberos .

Left by web tasarım at 7/2/2011 6:32 AM

Very good I would recommend to anyone sharing Thanks for sharing.

Your comment:

Title:

Name:

Email:

(not displayed)

Website:

Comment:

Remember Me?

Enter the code shown above

Live Comment Preview:

February

Sun

Mon

Tue

Wed

Thu

Fri

Sat

Michael Freidgeim's Blog

MS .Net Development

To run WebDav queries against Exchange Folders from ASP.NET -use Kerberos .

Comments on this entry:

# re: To run WebDav queries against Exchange Folders from ASP.NET -use Kerberos .

# re: To run WebDav queries against Exchange Folders from ASP.NET -use Kerberos .

# re: To run WebDav queries against Exchange Folders from ASP.NET -use Kerberos .

# re: To run WebDav queries against Exchange Folders from ASP.NET -use Kerberos .

# re: To run WebDav queries against Exchange Folders from ASP.NET -use Kerberos .

# re: To run WebDav queries against Exchange Folders from ASP.NET -use Kerberos .

# re: To run WebDav queries against Exchange Folders from ASP.NET -use Kerberos .

# re: To run WebDav queries against Exchange Folders from ASP.NET -use Kerberos .

# re: To run WebDav queries against Exchange Folders from ASP.NET -use Kerberos .

Your comment:

Live Comment Preview:

About

Article Categories

Archives

Post Categories

Links

Syndication: