EWS and Federated Authentication


Many are joining enjoying the benefits of federated authentication with OWA. However, with EWS they find that they cannot use federated authentication. EWS can use Basic, NTLM and oAuth for authentication.  EWS does not support things like SAML tokens, etc.  There is also no developer support for changing authentication token credentials programmatically – such as using an ISAPI filter. I’m pointing this out for clarity and how things are at the time of this post. I don’t know if anything will change in this area in the future.

OAuth may be the closest thing to federated authentication. Below is a link which covers the supported types of authentication.

Authentication and EWS in Exchange
https://msdn.microsoft.com/en-us/library/office/dn626019(v=exchg.150).aspx

EWS Impersonation can be used in some situations where a developer might use federated authentication with EWS – if it supported it. So, please review at the links below.

How to: Configure impersonation
https://msdn.microsoft.com/en-us/library/office/dn722376(v=exchg.150).aspx

How to: Configure impersonation (2013)
https://msdn.microsoft.com/en-us/library/office/dn722376(v=exchg.150).aspx

Configuring Exchange Impersonation in Exchange 2010
https://msdn.microsoft.com/en-us/library/office/bb204095(v=exchg.140).aspx

Exchange Impersonation vs. Delegate Access
http://blogs.msdn.com/b/exchangedev/archive/2009/06/15/exchange-impersonation-vs-delegate-access.aspx 

Here are some additional links which may help:

Getting started with EWS

https://blogs.msdn.microsoft.com/webdav_101/2015/05/03/getting-started-with-ews/

Best Practices: EWS Managed API coding for Exchange
https://blogs.msdn.microsoft.com/webdav_101/2016/04/12/ews-managed-api-coding-for-exchange/

About: Exchange Web Services (EWS)
http://blogs.msdn.com/b/webdav_101/archive/2015/05/03/getting-started-with-ews.aspx

Best Practices – EWS Authentication and Access Issues
https://blogs.msdn.microsoft.com/webdav_101/2015/05/11/best-practices-ews-authentication-and-access-issues/


Comments (0)

Skip to main content