允許模擬​​用戶通過EWS託管API 2.0登錄到Exchange服務器

Question

我有一個ASP .Net Application託管在Windows Server 2016IIS 10。 Impersonation和Windows Authentication已啓用。

我希望登錄Active Directory用戶執行一些與他們自己的郵箱相關的操作，而無需任何額外的登錄（我的意思是不輸入用戶名/密碼）。

是否有可能以及對Exchange Server，Active Directory用戶和託管應用程序的服務器進行了哪些配置更改？

還有就是我如何使用EWS Managed API：

using (var context = WindowsIdentity.GetCurrent().Impersonate()) 
{ 
    string mailbox = "user@domain.com" 
    ExchangeService service = new ExchangeService(); 
    service.AutodiscoverUrl(mailbox); 
    service.Url = new Uri(serverAddress); 
    service.UseDefaultCredentials = true; 
    service.Credentials = CredentialCache.DefaultNetworkCredentials; 
    var rootFolder = Folder.Bind(service, new FolderId(WellKnownFolderName.MsgFolderRoot, mailbox)); 
} 

在這種情況下，與AutodiscoverUrl我有一個錯誤：The Autodiscover service couldn't be located. 當我儘量避免AutodiscoverUrl，像這樣：

using (var context = WindowsIdentity.GetCurrent().Impersonate()) 
{ 
    string serverAddress = "https://domain.com/EWS/Exchange.asmx"; 
    string mailbox = "user@domain.com" 
    ExchangeService service = new ExchangeService(); 
    service.Url = new Uri(serverAddress); 
    service.UseDefaultCredentials = true; 
    service.Credentials = CredentialCache.DefaultNetworkCredentials; 
    var rootFolder = Folder.Bind(service, new FolderId(WellKnownFolderName.MsgFolderRoot, mailbox)); 
} 

我也滿足了錯誤：The request failed. The remote server returned an error: (401) Unauthorized.

請問您能否推薦如何配置這些服務器讓它們相互通信？

Answer 1

你需要允許kerberos代表團看看https://blogs.msdn.microsoft.com/emeamsgdev/2012/11/05/ews-from-a-web-application-using-windows-authentication-and-impersonation/，它有一個樣本和解釋什麼需要做。