tavier tavier -3 years ago 168
C# Question

401 Unauthorized while subscribing to push notifications with Exchange service and OAuth

I am trying to access EWS managed API (subscribe to push notifications) with oauth as below:

var authenticationTask = await authenticationContext.AcquireTokenAsync("https://outlook.office365.com", new ClientCredential(clientID, clientSecret));
string targetSmtp = "user123@mydomain.onmicrosoft.com";
ExchangeService exchangeService = new ExchangeService(ExchangeVersion.Exchange2013);
exchangeService.Url = someURL;
exchangeService.TraceEnabled = true;
exchangeService.TraceFlags = TraceFlags.All;
exchangeService.ImpersonatedUserId = new ImpersonatedUserId(ConnectingIdType.PrincipalName, "user123@mydomain.onmicrosoft.com");
exchangeService.HttpHeaders.Add("X-AnchorMailbox", targetSmtp);
exchangeService.Credentials = new OAuthCredentials(authenticationTask.AccessToken);
PushSubscription subscription = exchangeService.SubscribeToPushNotifications(
new[] { someFolder },
new Uri(postBackUrl),

I am able to get the token for my app but while subscribing the user (user123@mydomain.onmicrosoft.com) for push notifications I get
"The request failed. The remote server returned an error: (401) Unauthorized."

Update: tried following the exact same step mentioned here: Azure AD app-only access tokens for exchange impersonation but still getting 401.

Answer Source

For those struggling with the same issue, we need to get the access token for the registered app by using a certificate (instead of doing it with client secret key). For more details on how to do it please see: https://blogs.msdn.microsoft.com/exchangedev/2015/01/21/building-daemon-or-service-apps-with-office-365-mail-calendar-and-contacts-apis-oauth2-client-credential-flow/

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download