Reputation: 141
Role of Impersonation on service account when using EWS
I created an application that takes the service account credentials and asking the user to create a service account and assign Impersonation role to it, so that I can access all the mailboxes. So here, can I restrict the impersonation to read access only so that I can just read the mailboxes instead of having full access to the mailboxes. How can I do that?
Thanks, Rajesh
Upvotes: 0
Views: 580
Answers (1)
Reputation: 22032
No EWS Impersonation is All or nothing eg once you have assigned a user impersonation rights the right they impersonate is the owner of the Mailbox (this is important if admins look at audit logs). If you want to do constrained authentication in EWS you need to use delegation and use the Add-MailboxFolderPermission to just grant the applicable rights to whatever folder you need the application to access. (From an admin perspective this will be easy to track in Audit logs).
If your using Office365 you can do constrained Authentication using the new REST Api's and Oauth2 authorization framework.
Cheers Glen
Upvotes: 1
Related Questions
- Metadata file '.dll' could not be found
- What is the correct way to create a single-instance WPF application?
- C# getting the path of %AppData%
- 401 UnAuthorized Error with Service Account using EWS
- EWS API - Error when recreating notification subscriptions
- Accessing other user calendar using service account
- Accessing office 365 data using service account
- EWS - Using the service account for impersonation