Could you please guide me on how to use NTLM authentication for the Microsoft EWS API services with Exchange Server On-Premises? According to the documentation https://learn.microsoft.com/en-us/exchange/client-developer/exchange-web-services/authentication-and-ews-in-exchange, On-Premise Exchange installations should use NTLM authentication. I have tried using the MSAL library for authentication, but if I am not mistaken, this is used for OAuth2, so it is not suitable for this case. My question is the following, if I am using NTLM does this mean the user will input their username & password in clear format and I will use NetworkCredential to authenticate him/her using the EWS Managed API library? Will the credentials be passed securely? This means that no cloud Identity provider is used as in OAuth2.
service.Credentials = new NetworkCredential("username", "password", "domain");
Could you please let me know if this is the correct approach please? In my case I do not want to use the Exchange on cloud or any cloud service like the identity provider for OAuth2. What is also the difference of NetworkCredential and WebCredentials? Now, this is what I am using, but is appropriate only for OAuth2 which is available on cloud Exchange Server, and it is not what I need:
ExchangeService ewsService = new ExchangeService();
ewsService.UseDefaultCredentials = true;
ewsService.Url = new Uri("https://outlook.office365.com/EWS/Exchange.asmx");
ewsService.Credentials = new OAuthCredentials(accessToken);
Also as a side question, how am I supposed to determine what is the ewsService.URL for my on premise exchange server?
Many thanks,
Could you please guide me on how to use NTLM authentication for the Microsoft EWS API services with Exchange Server On-Premises?
You probably need to be more specific with what you trying to do, it's getting rare these day to use NTLM authentication its usually IWA (integrated Windows Authentication)https://learn.microsoft.com/en-us/aspnet/web-api/overview/security/integrated-windows-authentication which can be either Kerberos or NTLM. Also if it hybrid then you could also use hybrid modern authentication https://learn.microsoft.com/en-us/microsoft-365/enterprise/configure-exchange-server-for-hybrid-modern-authentication?view=o365-worldwide.
At the code level to use IWA all you need is
ewsService.UseDefaultCredentials = true;
The type of App your building and the environment its running in are then the deciding factor as to whether this will work or whether you will be prompted for authentication.
I would suggest starting with the EWSEditor https://github.com/dseph/EwsEditor/releases this is a .net form app that can you can use to test how EWS works and what you can expect on the Authentication side. Also let you test Autodiscover etc.
What is also the difference of NetworkCredential and WebCredentials
Not much they both implement the ICredentials class, if you are passing in credentials from an UI then use WebCredentials. The EWS Managed API is open source so you can view the source of WebCredentials https://github.com/OfficeDev/ews-managed-api/blob/25a393dbc68b420d25999bdf0a03c23d86412f57/Credentials/WebCredentials.cs#L33
Also as a side question, how am I supposed to determine what is the ewsService.URL for my on premise exchange server?
Use Autodiscover https://github.com/MicrosoftDocs/office-developer-exchange-docs/blob/main/docs/exchange-web-services/autodiscover-for-exchange.md
Unfortunately a lot of the good examples for this are no longer live you can use the wayback machine to see some of them eg https://web.archive.org/web/20200818034219/https://developermessaging.azurewebsites.net/2012/11/05/ews-from-a-web-application-using-windows-authentication-and-impersonation/