采用模拟账号读取Exchange server未读邮件的注意事项(链接邮箱问题)

Posted tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了采用模拟账号读取Exchange server未读邮件的注意事项(链接邮箱问题)相关的知识,希望对你有一定的参考价值。

最近做项目碰到Exchange中,用EWS API方法读取的未读邮箱(ConnectingIdType.PrincipalName设置该属性的方法)附带代码部分:

核心代码

using Microsoft.Exchange.WebServices.Data;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
namespace TCL.EWS
{
    public partial class _Default : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
            EwsConfig config = new EwsConfig();
            config.ExchangeVersion = ExchangeVersion.Exchange2010_SP2;
            config.EWSServiceUrl = "https://XXX/EWS/exchange.asmx";
            config.ExchangeAdministrator = "XXX";
            config.ExchangeAdministratorPassword = "XXX";
            config.DomainName = "XXX";
            config.OtherUserName = "test003";
            
            //下面这句屏蔽服务器证书验证,防止页面报“根据验证过程,远程证书无效”的错误                                
            ServicePointManager.ServerCertificateValidationCallback =
                delegate(Object obj, X509Certificate certificate, X509Chain chain, SslPolicyErrors errors) { return true; };
            ExchangeService service = new ExchangeService(config.ExchangeVersion);
            //service.AutodiscoverUrl("test002@tcl.local");
            service.Credentials = new NetworkCredential(config.ExchangeAdministrator, config.ExchangeAdministratorPassword, config.DomainName);
            service.Url = new Uri(config.EWSServiceUrl);
            //前提打开Exchange 2010服务器在命令行中输入:             
            //New-ManagementRoleAssignment -Name:impersonationAssignmentName -Role:ApplicationImpersonation -User:<UserName>
            service.ImpersonatedUserId = new ImpersonatedUserId(ConnectingIdType.PrincipalName, config.OtherUserName);
            int unRead = Folder.Bind(service, WellKnownFolderName.Inbox).UnreadCount;
            //
            HttpContext.Current.Response.Write(config.OtherUserName + "未读邮件数:" + unRead);
        }
    }
    public struct EwsConfig
    {
        public ExchangeVersion ExchangeVersion;
        public string EWSServiceUrl;
        public string ExchangeAdministrator;
        public string ExchangeAdministratorPassword;
        public string DomainName;
        public string OtherUserName;
    }
}

一直提示:The impersonation principal name is invalid。

但是有的邮箱却可以用进行访问。百思不得其解,后来发现原来:test003@xxx.com是链接邮箱,用service.ImpersonatedUserId = new ImpersonatedUserId(ConnectingIdType.PrincipalName, config.OtherUserName);是无法访问到的。

什么是链接邮箱?

答:链接邮箱是与外部帐户关联的邮箱。要将邮箱与外部帐户关联,可以资源林方案为例。在资源林方案中,Exchange 林中的用户对象具有邮箱,但这些用户对象无法登录。必须将 Exchange 林中那些禁用用户帐户与外部帐户林中的启用用户帐户相关联。

 

后来查询了MSDN,改用service.ImpersonatedUserId = new ImpersonatedUserId(ConnectingIdType.SmtpAddress, config.OtherUserName);可以进行访问,这样就解决了链接邮箱和用户邮箱的问题,可以正常读取未读邮件。代码部分如下:

 

using Microsoft.Exchange.WebServices.Data;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
namespace TCL.EWS
{
    public partial class _Default : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
            EwsConfig config = new EwsConfig();
            config.ExchangeVersion = ExchangeVersion.Exchange2010_SP2;
            config.EWSServiceUrl = "https://XXX/EWS/exchange.asmx";
            config.ExchangeAdministrator = "XXX";
            config.ExchangeAdministratorPassword = "XXX";
            config.DomainName = "XXXX";
            //必须设置成邮箱,不用是用户
            config.OtherUserName = "test003@XXX.XXX";
            
            //下面这句屏蔽服务器证书验证,防止页面报“根据验证过程,远程证书无效”的错误                                
            ServicePointManager.ServerCertificateValidationCallback =
                delegate(Object obj, X509Certificate certificate, X509Chain chain, SslPolicyErrors errors) { return true; };
            ExchangeService service = new ExchangeService(config.ExchangeVersion);
            //service.AutodiscoverUrl("test002@tcl.local");
            service.Credentials = new NetworkCredential(config.ExchangeAdministrator, config.ExchangeAdministratorPassword, config.DomainName);
            service.Url = new Uri(config.EWSServiceUrl);
            //前提打开Exchange 2010服务器在命令行中输入:             
            //New-ManagementRoleAssignment -Name:impersonationAssignmentName -Role:ApplicationImpersonation -User:<UserName>
            //必须设置ConnectingIdType.SmtpAddress
            service.ImpersonatedUserId = new ImpersonatedUserId(ConnectingIdType.SmtpAddress, config.OtherUserName);
            int unRead = Folder.Bind(service, WellKnownFolderName.Inbox).UnreadCount;
            //
            HttpContext.Current.Response.Write(config.OtherUserName + "未读邮件数:" + unRead);
        }
    }
    public struct EwsConfig
    {
        public ExchangeVersion ExchangeVersion;
        public string EWSServiceUrl;
        public string ExchangeAdministrator;
        public string ExchangeAdministratorPassword;
        public string DomainName;
        public string OtherUserName;
    }
}

 

以上是关于采用模拟账号读取Exchange server未读邮件的注意事项(链接邮箱问题)的主要内容,如果未能解决你的问题,请参考以下文章

预警Microsoft Exchange Server远程代码执行漏洞-高危

Exchange Server2016运维篇一:禁用和删除邮箱深入探讨

使用 EWS 读取 Exchange Server 上的所有自定义属性

Cassandra 未读消息计数

Exchange Server 2019 Install ——安装Ecxhange2019程序

为啥部署Exchange Server 2016会更容易些

(c)2006-2024 SYSTEM All Rights Reserved IT常识