Answer the question
In order to leave comments, you need to log in
How to set up kerberos in Exchange (ews) on a site in iis without configuring browsers?
Corp site on asp.net mvc 5 on iis 7. Basic CRUD functionality with calendar events for exchange 2016 users via EWS. SPN are registered, Win authorization + impersonation are enabled, UseKernelMode on, useAppPoolCredentials false, ApplicationPoolIdenity pool, all domain users.
In general, if you register a site in the whitelist for negotiate-delegation in browsers (ie in the intranet security settings, ff - about: config, chrome - registry), does not ask for a login password and authorizes immediately, default credentials reach Exchange and EWS works fine . If not set, login/password is requested, but Exchange returns "The request failed. The remote server returned an error: (401) Unauthorized."
In both cases, win authorization works, i.e. I get WindowsIdentity.GetCurrent().Name and other fields from AD.
But jumping and setting up your favorite browser for everyone is not entirely correct. It doesn't matter whether the username \ password will be asked or transparently, can it be resolved without setting up browsers?
Answer the question
In order to leave comments, you need to log in
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question