401使用Exchange服务和OAuth订阅推送通知时未经授权 [英] 401 Unauthorized while subscribing to push notifications with Exchange service and OAuth

问题描述

我正在尝试使用oauth访问EWS托管API（订阅推送通知），如下所示：

I am trying to access EWS managed API (subscribe to push notifications) with oauth as below:

var authenticationTask = await authenticationContext.AcquireTokenAsync("https://outlook.office365.com", new ClientCredential(clientID, clientSecret));
string targetSmtp = "user123@mydomain.onmicrosoft.com";
ExchangeService exchangeService = new ExchangeService(ExchangeVersion.Exchange2013);
exchangeService.Url = someURL;
exchangeService.TraceEnabled = true;
exchangeService.TraceFlags = TraceFlags.All;
exchangeService.ImpersonatedUserId = new ImpersonatedUserId(ConnectingIdType.PrincipalName, "user123@mydomain.onmicrosoft.com");
exchangeService.HttpHeaders.Add("X-AnchorMailbox", targetSmtp);
exchangeService.Credentials = new OAuthCredentials(authenticationTask.AccessToken);
PushSubscription subscription = exchangeService.SubscribeToPushNotifications(
                                            new[] { someFolder },
                                            new Uri(postBackUrl),
                                            15,
                                            null,
                                            EventType.NewMail,
                                            EventType.Created,
                                            EventType.Deleted,
                                            EventType.Modified,
                                            EventType.Moved,
                                            EventType.Copied);

我能够获取应用程序的令牌，但同时订阅用户（user123@mydomain.onmicrosoft .com）获得推送通知，我得到请求失败。远程服务器返回错误：（401）未经授权。 错误

I am able to get the token for my app but while subscribing the user (user123@mydomain.onmicrosoft.com) for push notifications I get "The request failed. The remote server returned an error: (401) Unauthorized." error

更新：尝试按照此处提到的相同步骤操作：用于交换模仿的Azure AD专用应用访问令牌，但仍然获得401。

Update: tried following the exact same step mentioned here: Azure AD app-only access tokens for exchange impersonation but still getting 401.

Ashish

推荐答案

对于那些遇到相同问题的人，我们需要通过使用证书（而不是使用客户端密钥来获取注册应用程序的访问令牌）。有关如何执行此操作的更多详细信息，请参阅： https://blogs.msdn.microsoft.com/exchangedev/2015/01/21/building-守护程序或带有办公室365邮件日历和联系人的服务应用程序-apis-oauth2-client-credential-flow /

For those struggling with the same issue, we need to get the access token for the registered app by using a certificate (instead of doing it with client secret key). For more details on how to do it please see: https://blogs.msdn.microsoft.com/exchangedev/2015/01/21/building-daemon-or-service-apps-with-office-365-mail-calendar-and-contacts-apis-oauth2-client-credential-flow/

这篇关于401使用Exchange服务和OAuth订阅推送通知时未经授权的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！