Search code examples
c#exchange-serverexchangewebservicesexchange-server-2019

Exchange Web Service (EWS) returns an 403 Forbidden

Problem: Since some weeks we are getting an 403 Forbidden when we try to login to our Exchange Server 2019 (CU7) via EWS, using Independentsoft.Exchange.Service.

Code:

var lCredential = new NetworkCredential("MyUsername", "MyPassword");
m_Service = new Independentsoft.Exchange.Service("https://mail/EWS/Exchange.asmx", lCredential);
m_Service.RequestServerVersion = RequestServerVersion.Exchange2016;
FindFolderResponse lResponse = m_Service.FindFolder(StandardFolder.MailboxRoot);

Exception Message: System.Net.WebException: 'The remote server returned an error: (403) Forbidden.'

We have made the following Updates:

enter image description here

We have tried the access with multiple different users. But no success. The access to our OWA is successful.

Question: How can we fix the 403 forbidden?

We tested also getting calendar items with the same result of 404:

FindItemResponse lFindItemResponse = m_Service.FindItem(StandardFolder.Calendar, AppointmentPropertyPath.AllPropertyPaths);

We tested the access via an different library: Microsoft.Exchange.WebServices. The request seem to work. Also sending an e-mail works:

class Program
{
    static void Main(string[] args)
    {
        ExchangeService service = new ExchangeService(ExchangeVersion.Exchange2013_SP1);
        service.Credentials = new WebCredentials("username", "password");
        service.TraceEnabled = true;
        service.TraceFlags = TraceFlags.All;
        service.Url = new Uri("https://hostname/EWS/Exchange.asmx");
        EmailMessage email = new EmailMessage(service);

        // query root folder
        try
        {
            service.FindFolders(WellKnownFolderName.Root, new FolderView(100)); // throws no exception
        }
        catch (Exception e)
        {
            throw;
        }

        // send email:
        email.torecipients.add("address@hostname.com");
        email.subject = "helloworld";
        email.body = new messagebody("this is the first email i've sent by using the ews managed api");
        email.send(); // works
    }

    private static bool RedirectionUrlValidationCallback(string redirectionUrl)
    {
        // The default for the validation callback is to reject the URL.
        bool result = false;
        Uri redirectionUri = new Uri(redirectionUrl);
        // Validate the contents of the redirection URL. In this simple validation
        // callback, the redirection URL is considered valid if it is using HTTPS
        // to encrypt the authentication credentials. 
        if (redirectionUri.Scheme == "https")
        {
            result = true;
        }

        return result;
    }
}
Solution

  • Clearing EWSAllowList via PowerShell resolves the problem.

    Show the current configuration:

    [PS] C:\> Get-OrganizationConfig | select EWS*

    Clear the List:

    [PS] C:\> Set-OrganizationConfig -EwsApplicationAccessPolicy:$null