EWS and Federated Authentication

Many are joining enjoying the benefits of federated authentication with OWA. However, with EWS they find that they cannot use federated authentication. EWS can use Basic, NTLM and oAuth for authentication.  EWS does not support things like SAML tokens, etc.  There is also no developer support for changing authentication token credentials programmatically – such as using an ISAPI filter. I'm pointing this out for clarity and how things are at the time of this post. I don't know if anything will change in this area in the future.

OAuth may be the closest thing to federated authentication. Below is a link which covers the supported types of authentication.

Authentication and EWS in Exchange

EWS Impersonation can be used in some situations where a developer might use federated authentication with EWS – if it supported it. So, please review at the links below.

How to: Configure impersonation

How to: Configure impersonation (2013)

Configuring Exchange Impersonation in Exchange 2010

Exchange Impersonation vs. Delegate Access

Here are some additional links which may help:

Getting started with EWS


Best Practices: EWS Managed API coding for Exchange

About: Exchange Web Services (EWS)

Best Practices – EWS Authentication and Access Issues

Comments (0)

Skip to main content