I'm trying to log onto Office 365 Exchange Online using OAuth and EWS Managed API.
I am able to use connect to the Office 365 Web API's (REST), so I do have a valid Token from the Active Directory Authentication Library (ADAL).
Now, I'm trying to connect using EWS and TokenCredentials.
The code is pretty easy, I think:
public static ExchangeService ConnectToServiceWithImpersonation(string token)
var service = new ExchangeService(ExchangeVersion.Exchange2013_SP1);
service.TraceListener = new TraceListener();
service.TraceFlags = TraceFlags.All;
service.TraceEnabled = true;
var credentials = new TokenCredentials(token);
service.Credentials = credentials;
service.Url = new Uri("https://outlook.office365.com/EWS/Exchange.asmx");
// Obtain information for communicating with the service:
Office365ServiceInfo serviceInfo = Office365ServiceInfo.GetExchangeServiceInfo();
// Connect to Exchange
var service = ConnectToServiceWithImpersonation(serviceInfo.AccessToken);
Folder inbox = Folder.Bind(service, WellKnownFolderName.Inbox);
2014-04-06 12:06:39.2012 TRACE ExchangeWebServices: EwsResponseHttpHeaders -> <Trace Tag="EwsResponseHttpHeaders" Tid="11" Time="2014-04-06 10:06:39Z">
HTTP/1.1 401 Unauthorized
Date: Sun, 06 Apr 2014 10:06:39 GMT
WWW-Authenticate: Basic Realm=""
TokenCredentials is not the right class to use in this example. Like Jason mentioned put in place for other reasons. As a note and to clarify using this and/or SAML tokens will not work in Exchange Online with EWS. Only OAuth based access is supported. To make this work we put a OAuthCredentials class in EWS Managed API. In your code you can "var credentials = new OAuthCredentials(token)". Be aware that EWS Soap only supports full "user_impersonation" / "full access to the users mailbox" rights. Granular permission such as Calendar.Read are only available with EWS Rest APIs. While "Full mailbox access" requires an admin to consent, admins from other tenants can consent as it is a web app. In case you want to develop a native app, the app has to be directly registered in the app of the tenant it runs in order to use "Full mailbox access".