采用模拟账号读取Exchange server未读邮件的注意事项(链接邮箱问题)
Posted tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了采用模拟账号读取Exchange server未读邮件的注意事项(链接邮箱问题)相关的知识,希望对你有一定的参考价值。
最近做项目碰到Exchange中,用EWS API方法读取的未读邮箱(ConnectingIdType.PrincipalName设置该属性的方法)附带代码部分:
核心代码
using Microsoft.Exchange.WebServices.Data; using System; using System.Collections.Generic; using System.Linq; using System.Net; using System.Net.Security; using System.Security.Cryptography.X509Certificates; using System.Web; using System.Web.UI; using System.Web.UI.WebControls; namespace TCL.EWS { public partial class _Default : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { EwsConfig config = new EwsConfig(); config.ExchangeVersion = ExchangeVersion.Exchange2010_SP2; config.EWSServiceUrl = "https://XXX/EWS/exchange.asmx"; config.ExchangeAdministrator = "XXX"; config.ExchangeAdministratorPassword = "XXX"; config.DomainName = "XXX"; config.OtherUserName = "test003"; //下面这句屏蔽服务器证书验证,防止页面报“根据验证过程,远程证书无效”的错误 ServicePointManager.ServerCertificateValidationCallback = delegate(Object obj, X509Certificate certificate, X509Chain chain, SslPolicyErrors errors) { return true; }; ExchangeService service = new ExchangeService(config.ExchangeVersion); //service.AutodiscoverUrl("test002@tcl.local"); service.Credentials = new NetworkCredential(config.ExchangeAdministrator, config.ExchangeAdministratorPassword, config.DomainName); service.Url = new Uri(config.EWSServiceUrl); //前提打开Exchange 2010服务器在命令行中输入: //New-ManagementRoleAssignment -Name:impersonationAssignmentName -Role:ApplicationImpersonation -User:<UserName> service.ImpersonatedUserId = new ImpersonatedUserId(ConnectingIdType.PrincipalName, config.OtherUserName); int unRead = Folder.Bind(service, WellKnownFolderName.Inbox).UnreadCount; // HttpContext.Current.Response.Write(config.OtherUserName + "未读邮件数:" + unRead); } } public struct EwsConfig { public ExchangeVersion ExchangeVersion; public string EWSServiceUrl; public string ExchangeAdministrator; public string ExchangeAdministratorPassword; public string DomainName; public string OtherUserName; } }
一直提示:The impersonation principal name is invalid。
但是有的邮箱却可以用进行访问。百思不得其解,后来发现原来:test003@xxx.com是链接邮箱,用service.ImpersonatedUserId = new ImpersonatedUserId(ConnectingIdType.PrincipalName, config.OtherUserName);是无法访问到的。
什么是链接邮箱?
答:链接邮箱是与外部帐户关联的邮箱。要将邮箱与外部帐户关联,可以资源林方案为例。在资源林方案中,Exchange 林中的用户对象具有邮箱,但这些用户对象无法登录。必须将 Exchange 林中那些禁用用户帐户与外部帐户林中的启用用户帐户相关联。
后来查询了MSDN,改用service.ImpersonatedUserId = new ImpersonatedUserId(ConnectingIdType.SmtpAddress, config.OtherUserName);可以进行访问,这样就解决了链接邮箱和用户邮箱的问题,可以正常读取未读邮件。代码部分如下:
using Microsoft.Exchange.WebServices.Data; using System; using System.Collections.Generic; using System.Linq; using System.Net; using System.Net.Security; using System.Security.Cryptography.X509Certificates; using System.Web; using System.Web.UI; using System.Web.UI.WebControls; namespace TCL.EWS { public partial class _Default : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { EwsConfig config = new EwsConfig(); config.ExchangeVersion = ExchangeVersion.Exchange2010_SP2; config.EWSServiceUrl = "https://XXX/EWS/exchange.asmx"; config.ExchangeAdministrator = "XXX"; config.ExchangeAdministratorPassword = "XXX"; config.DomainName = "XXXX"; //必须设置成邮箱,不用是用户 config.OtherUserName = "test003@XXX.XXX"; //下面这句屏蔽服务器证书验证,防止页面报“根据验证过程,远程证书无效”的错误 ServicePointManager.ServerCertificateValidationCallback = delegate(Object obj, X509Certificate certificate, X509Chain chain, SslPolicyErrors errors) { return true; }; ExchangeService service = new ExchangeService(config.ExchangeVersion); //service.AutodiscoverUrl("test002@tcl.local"); service.Credentials = new NetworkCredential(config.ExchangeAdministrator, config.ExchangeAdministratorPassword, config.DomainName); service.Url = new Uri(config.EWSServiceUrl); //前提打开Exchange 2010服务器在命令行中输入: //New-ManagementRoleAssignment -Name:impersonationAssignmentName -Role:ApplicationImpersonation -User:<UserName> //必须设置ConnectingIdType.SmtpAddress service.ImpersonatedUserId = new ImpersonatedUserId(ConnectingIdType.SmtpAddress, config.OtherUserName); int unRead = Folder.Bind(service, WellKnownFolderName.Inbox).UnreadCount; // HttpContext.Current.Response.Write(config.OtherUserName + "未读邮件数:" + unRead); } } public struct EwsConfig { public ExchangeVersion ExchangeVersion; public string EWSServiceUrl; public string ExchangeAdministrator; public string ExchangeAdministratorPassword; public string DomainName; public string OtherUserName; } }
以上是关于采用模拟账号读取Exchange server未读邮件的注意事项(链接邮箱问题)的主要内容,如果未能解决你的问题,请参考以下文章
预警Microsoft Exchange Server远程代码执行漏洞-高危
Exchange Server2016运维篇一:禁用和删除邮箱深入探讨
使用 EWS 读取 Exchange Server 上的所有自定义属性