Reputation: 1251
ASP.NET & Microsoft Exchange: autentification and security practice
I'm writing service which will use for sending emails in my ASP.NET project. I tested two approaches for autentification on Exchange:
- Since my service is running under local user I allowed for it an anonymous access and pass login and password to Exchange Server.
- Another way is domain authorization on Exchange: before I invoke smtpClient.Send() method I impersonate(in code) an exist domain user with access rights to sender mailbox.
All of this ways works well but I really little confused how it should be as a good scenario. If I have a feature for sending mail on my ASP.NET site and Exchange Server -- what type of autentification on Exhcange user policy is preferable (1 or 2, ...)?
Upvotes: 2
Views: 235
Answers (1)
Reputation: 13091
Option 3: Configure your service to run with a domain user account.
If so, this would be the preferred option, IMHO. Exchange can then be configured to allow access to a know domain user, avoiding the need to require anonymous access and, importantly, you don't have to secure away credentials in your service configuration in order to impersonate a domain user.
Indeed, you could configure your service to run under the security context of the user that you're impersonating.
Upvotes: 2
Related Questions
- ASP.NET authentication advice
- EWS from WebSite using user credentials and windows authentication for intranet
- Asp.Net authentication with email address
- Securing mail account when mailing with ASP.NET
- ASP WebMail: Set up SMTP authentication?
- Make sign in form for an email in a website , asp.net
- Establishing email for asp.net / vb.net
- System for email verification in ASP.NET
- exchange emails within asp.net application
- Sharepoint, Exchange Web mail(OWA) and asp.net site Single sign on