|
|
|
date: 21 Feb 2007 06:19:58 -0800,
group: microsoft.public.exchange.development
back
Re: WebDAV folder permissions
"Eric1776" wrote in message
news:1172067598.626611.236330@h3g2000cwc.googlegroups.com...
> I am trying to display a summary of calendar events and tasks for
each
> user on our intranet homepage. This is pulling from the exchange
> server using WebDAV and is writting in ASP.NET C#. I am passing the
> DefaultCredentials and the logged in user only sees their own
> information.
>
> It seems to be working well, except that I am having a permissions
> problem on the folder level. For example, I was getting a 401 error
> until I went into Outlook, right-clicked on my calendar folder and
> changed the default permissions from None to "Reviewer". After doing
> this everything works fine.
>
>
> I have no idea how Exchange works. Does something need to be done
> globally from Exchange for this to work? Does this open the folder
up
> for other people to access it? Am I going about this the wrong way?
>
> I talked to our Exchange admin about creating a master account that
> had read access to all mailboxes but we thought it would be a huge
> security violation.
>
> Any suggestions are appreciated!
Exchange has a set of permissions just like NTFS does, and it doesn't
matter what application you use, you can't access a resource if you
don't have the right permissions. By default, you don't have
permission to open another user's folder. This means that the
logged-on user that your web app is impersonating can only access
their own mailbox. You will either have to give yourself full
permission across the mailbox store, or create a separate account with
those permissions (maybe you have a service account already created?).
If this is meant to allow any user to see other users' calendars, then
each user will need to give everyone access to their own calendars.
Lee.
--
_______________________________________
Outlook Web Access For PDA , OWA For WAP
www.owapda.com
email a@t leederbyshire d.0.t c.0.m
_______________________________________
date: Wed, 21 Feb 2007 14:48:27 -0000
author: Lee Derbyshire [MVP] email a@t leederbyshire d.0.t c.0.m
Re: WebDAV folder permissions
It is setup so that each user that is authenticated with the intranet
sends their own credentials to the exchange store. So in theory, they
should each be able to access their own mailbox. But this doesn't seem
to be the case. If I log in as myself, I had to set the permissions
for the folder to reviewer before I could access it. If I logged in
another account I would have to do the same thing.
Thanks for your response.
On Feb 21, 9:48 am, "Lee Derbyshire [MVP]" <email a@t leederbyshire d.
0.t c.0.m> wrote:
> "Eric1776" wrote in message
>
> news:1172067598.626611.236330@h3g2000cwc.googlegroups.com...
>
>
>
>
>
> > I am trying to display a summary of calendar events and tasks for
> each
> > user on our intranet homepage. This is pulling from the exchange
> > server using WebDAV and is writting in ASP.NET C#. I am passing the
> > DefaultCredentials and the logged in user only sees their own
> > information.
>
> > It seems to be working well, except that I am having a permissions
> > problem on the folder level. For example, I was getting a 401 error
> > until I went into Outlook, right-clicked on my calendar folder and
> > changed the default permissions from None to "Reviewer". After doing
> > this everything works fine.
>
> > I have no idea how Exchange works. Does something need to be done
> > globally from Exchange for this to work? Does this open the folder
> up
> > for other people to access it? Am I going about this the wrong way?
>
> > I talked to our Exchange admin about creating a master account that
> > had read access to all mailboxes but we thought it would be a huge
> > security violation.
>
> > Any suggestions are appreciated!
>
> Exchange has a set of permissions just like NTFS does, and it doesn't
> matter what application you use, you can't access a resource if you
> don't have the right permissions. By default, you don't have
> permission to open another user's folder. This means that the
> logged-on user that your web app is impersonating can only access
> their own mailbox. You will either have to give yourself full
> permission across the mailbox store, or create a separate account with
> those permissions (maybe you have a service account already created?).
> If this is meant to allow any user to see other users' calendars, then
> each user will need to give everyone access to their own calendars.
>
> Lee.
>
> --
> _______________________________________
>
> Outlook Web Access For PDA , OWA For WAPwww.owapda.com
> email a@t leederbyshire d.0.t c.0.m
> _______________________________________- Hide quoted text -
>
> - Show quoted text -
date: 21 Feb 2007 07:29:31 -0800
author: Eric1776
Re: WebDAV folder permissions
Yes, each user is accessing only their own calendar. I'm using Basic,
but NTLM seems to work too.
MyCredentials.Add(new Uri(strRootURI), "Basic",
(NetworkCredential)CredentialCache.DefaultCredentials);
I am not certain how the authentication is setup on the Exchange
server or how it supposed to be setup.
I don't have any problems getting across the servers. I can log in as
any user and it hits the exchange server just fine and pulls that
users events and tasks, but it gives me that 401 error until I go and
change the folder permissions on the calendar folder and tasks folder
in Outlook.
I appreciate your help!
On Feb 21, 11:42 am, "Lee Derbyshire [MVP]" <email a@t leederbyshire d.
0.t c.0.m> wrote:
> "Eric1776" wrote in message
>
> news:1172071770.981406.17550@k78g2000cwa.googlegroups.com...
>
> > It is setup so that each user that is authenticated with the
> intranet
> > sends their own credentials to the exchange store. So in theory,
> they
> > should each be able to access their own mailbox. But this doesn't
> seem
> > to be the case. If I log in as myself, I had to set the permissions
> > for the folder to reviewer before I could access it. If I logged in
> > another account I would have to do the same thing.
>
> > Thanks for your response.
>
> So they are only accessing their own Calendars? There should be no
> problem with that at all. If it works when you set the default
> permission to reviewer, then maybe the permissions aren't being used
> in the way that you think they are. I assume that you have the page
> protected by some kind of authentication? If so, then if the
> mailboxes are on a different server, then there are only certain
> combinations of authentication that work, such as Basic on local IIS
> server with Integrated + Basic on the remote server.
date: 21 Feb 2007 09:28:01 -0800
author: Eric1776
Re: WebDAV folder permissions
Actually, it only works with NTLM.
On Feb 21, 12:28 pm, "Eric1776" wrote:
> Yes, each user is accessing only their own calendar. I'm using Basic,
> but NTLM seems to work too.
>
> MyCredentials.Add(new Uri(strRootURI), "Basic",
> (NetworkCredential)CredentialCache.DefaultCredentials);
>
> I am not certain how the authentication is setup on the Exchange
> server or how it supposed to be setup.
>
> I don't have any problems getting across the servers. I can log in as
> any user and it hits the exchange server just fine and pulls that
> users events and tasks, but it gives me that 401 error until I go and
> change the folder permissions on the calendar folder and tasks folder
> in Outlook.
>
> I appreciate your help!
>
> On Feb 21, 11:42 am, "Lee Derbyshire [MVP]" <email a@t leederbyshire d.
>
>
>
> 0.t c.0.m> wrote:
> > "Eric1776" wrote in message
>
> >news:1172071770.981406.17550@k78g2000cwa.googlegroups.com...
>
> > > It is setup so that each user that is authenticated with the
> > intranet
> > > sends their own credentials to the exchange store. So in theory,
> > they
> > > should each be able to access their own mailbox. But this doesn't
> > seem
> > > to be the case. If I log in as myself, I had to set the permissions
> > > for the folder to reviewer before I could access it. If I logged in
> > > another account I would have to do the same thing.
>
> > > Thanks for your response.
>
> > So they are only accessing their own Calendars? There should be no
> > problem with that at all. If it works when you set the default
> > permission to reviewer, then maybe the permissions aren't being used
> > in the way that you think they are. I assume that you have the page
> > protected by some kind of authentication? If so, then if the
> > mailboxes are on a different server, then there are only certain
> > combinations of authentication that work, such as Basic on local IIS
> > server with Integrated + Basic on the remote server.- Hide quoted text -
>
> - Show quoted text -
date: 21 Feb 2007 09:32:21 -0800
author: Eric1776
Re: WebDAV folder permissions
On Feb 21, 12:28 pm, "Eric1776" wrote:
> Yes, each user is accessing only their own calendar. I'm using Basic,
> but NTLM seems to work too.
>
> MyCredentials.Add(new Uri(strRootURI), "Basic",
> (NetworkCredential)CredentialCache.DefaultCredentials);
>
> I am not certain how the authentication is setup on the Exchange
> server or how it supposed to be setup.
>
> I don't have any problems getting across the servers. I can log in as
> any user and it hits the exchange server just fine and pulls that
> users events and tasks, but it gives me that 401 error until I go and
> change the folder permissions on the calendar folder and tasks folder
> in Outlook.
>
> I appreciate your help!
>
> On Feb 21, 11:42 am, "Lee Derbyshire [MVP]" <email a@t leederbyshire d.
>
>
>
> 0.t c.0.m> wrote:
> > "Eric1776" wrote in message
>
> >news:1172071770.981406.17550@k78g2000cwa.googlegroups.com...
>
> > > It is setup so that each user that is authenticated with the
> > intranet
> > > sends their own credentials to the exchange store. So in theory,
> > they
> > > should each be able to access their own mailbox. But this doesn't
> > seem
> > > to be the case. If I log in as myself, I had to set the permissions
> > > for the folder to reviewer before I could access it. If I logged in
> > > another account I would have to do the same thing.
>
> > > Thanks for your response.
>
> > So they are only accessing their own Calendars? There should be no
> > problem with that at all. If it works when you set the default
> > permission to reviewer, then maybe the permissions aren't being used
> > in the way that you think they are. I assume that you have the page
> > protected by some kind of authentication? If so, then if the
> > mailboxes are on a different server, then there are only certain
> > combinations of authentication that work, such as Basic on local IIS
> > server with Integrated + Basic on the remote server.- Hide quoted text -
>
> - Show quoted text -
Here is my query:
// Build the SQL query.
strQuery = "<?xml version=\"1.0\"?>"
+ "<g:searchrequest xmlns:g=\"DAV:\">"
+ "\"DAV:href\", "
+ "<g:sql>SELECT \"urn:schemas:calendar:location\","
+ "\"urn:schemas:httpmail:subject\", "
+ "\"urn:schemas:calendar:dtstart\", "
+ "\"urn:schemas:calendar:dtend\", "
+ "\"urn:schemas:calendar:busystatus\", "
+ "\"urn:schemas:calendar:instancetype\", "
+ "\"urn:schemas:httpmail:textdescription\" "
+ "FROM Scope('SHALLOW TRAVERSAL OF \"" + strRootURI +
"\"') "
+ " WHERE NOT \"urn:schemas:calendar:instancetype\" =
1 "
+ "AND \"DAV:contentclass\" = 'urn:content-
classes:appointment' "
+ "AND (\"urn:schemas:calendar:dtstart\" > '" +
startDate + "') "
+ "AND (\"urn:schemas:calendar:dtend\" < '" +
endDate + "') "
+ "ORDER BY \"urn:schemas:calendar:dtstart\" ASC"
+ "</g:sql></g:searchrequest>";
Here is a part of the code. I have followed the example provided here
http://msdn2.microsoft.com/en-us/library/aa123570.aspx
// Create the HttpWebRequest object.
Request =
(HttpWebRequest)HttpWebRequest.Create(strRootURI);
// Add the network credentials to the request.
MyCredentials = new CredentialCache();
MyCredentials.Add(new Uri(strRootURI), "Negotiate",
(NetworkCredential)CredentialCache.DefaultCredentials);
Request.Credentials = MyCredentials;
// Specify the method.
Request.Method = "SEARCH";
I'm still not understanding why the authentication is not being passed
through.
date: 7 Mar 2007 10:57:50 -0800
author: Eric1776
Re: WebDAV folder permissions
"Eric1776" wrote in message
news:1173293870.087379.23840@p10g2000cwp.googlegroups.com...
> On Feb 21, 12:28 pm, "Eric1776" wrote:
> > Yes, each user is accessing only their own calendar. I'm using
Basic,
> > but NTLM seems to work too.
> >
> > MyCredentials.Add(new Uri(strRootURI), "Basic",
> > (NetworkCredential)CredentialCache.DefaultCredentials);
> >
> > I am not certain how the authentication is setup on the Exchange
> > server or how it supposed to be setup.
> >
> > I don't have any problems getting across the servers. I can log in
as
> > any user and it hits the exchange server just fine and pulls that
> > users events and tasks, but it gives me that 401 error until I go
and
> > change the folder permissions on the calendar folder and tasks
folder
> > in Outlook.
> >
> > I appreciate your help!
> >
> > On Feb 21, 11:42 am, "Lee Derbyshire [MVP]" <email a@t
leederbyshire d.
> >
> >
> >
> > 0.t c.0.m> wrote:
> > > "Eric1776" wrote in message
> >
> > >news:1172071770.981406.17550@k78g2000cwa.googlegroups.com...
> >
> > > > It is setup so that each user that is authenticated with the
> > > intranet
> > > > sends their own credentials to the exchange store. So in
theory,
> > > they
> > > > should each be able to access their own mailbox. But this
doesn't
> > > seem
> > > > to be the case. If I log in as myself, I had to set the
permissions
> > > > for the folder to reviewer before I could access it. If I
logged in
> > > > another account I would have to do the same thing.
> >
> > > > Thanks for your response.
> >
> > > So they are only accessing their own Calendars? There should be
no
> > > problem with that at all. If it works when you set the default
> > > permission to reviewer, then maybe the permissions aren't being
used
> > > in the way that you think they are. I assume that you have the
page
> > > protected by some kind of authentication? If so, then if the
> > > mailboxes are on a different server, then there are only certain
> > > combinations of authentication that work, such as Basic on local
IIS
> > > server with Integrated + Basic on the remote server.- Hide
quoted text -
> >
> > - Show quoted text -
>
> Here is my query:
>
> // Build the SQL query.
> strQuery = "<?xml version=\"1.0\"?>"
> + "<g:searchrequest xmlns:g=\"DAV:\">"
> + "\"DAV:href\", "
> + "<g:sql>SELECT \"urn:schemas:calendar:location\","
> + "\"urn:schemas:httpmail:subject\", "
> + "\"urn:schemas:calendar:dtstart\", "
> + "\"urn:schemas:calendar:dtend\", "
> + "\"urn:schemas:calendar:busystatus\", "
> + "\"urn:schemas:calendar:instancetype\", "
> + "\"urn:schemas:httpmail:textdescription\" "
> + "FROM Scope('SHALLOW TRAVERSAL OF \"" + strRootURI
+
> "\"') "
> + " WHERE NOT \"urn:schemas:calendar:instancetype\"
=
> 1 "
> + "AND \"DAV:contentclass\" = 'urn:content-
> classes:appointment' "
> + "AND (\"urn:schemas:calendar:dtstart\" > '" +
> startDate + "') "
> + "AND (\"urn:schemas:calendar:dtend\" < '" +
> endDate + "') "
> + "ORDER BY \"urn:schemas:calendar:dtstart\" ASC"
> + "</g:sql></g:searchrequest>";
>
>
> Here is a part of the code. I have followed the example provided
here
> http://msdn2.microsoft.com/en-us/library/aa123570.aspx
>
>
> // Create the HttpWebRequest object.
> Request =
> (HttpWebRequest)HttpWebRequest.Create(strRootURI);
>
> // Add the network credentials to the request.
> MyCredentials = new CredentialCache();
> MyCredentials.Add(new Uri(strRootURI), "Negotiate",
> (NetworkCredential)CredentialCache.DefaultCredentials);
> Request.Credentials = MyCredentials;
>
> // Specify the method.
> Request.Method = "SEARCH";
>
> I'm still not understanding why the authentication is not being
passed
> through.
You'll need to check the IIS logs, and see if a username is logged
with the DAV SEARCH requests.
Lee.
--
_______________________________________
Outlook Web Access For PDA , OWA For WAP
www.owapda.com
email a@t leederbyshire d.0.t c.0.m
_______________________________________
date: Thu, 8 Mar 2007 15:58:27 -0000
author: Lee Derbyshire [MVP] email a@t leederbyshire d.0.t c.0.m
|
|
