I am testing my app (currently with the java api) against a user on a corporate account.

On office365 , everything worked fine.

The funny thing. The autodiscovery was successful, but when I tried to issue an EWS call, I got an exception with a 403 error.

With the combination of:

email address:  roger@acme.com

password: 123

url: https://lonneymail.acme.com/EWS/Exchange.asmx

domain : northamerica

How should I: 

1) construct the webcredentials (either .net or java apis)

2) if I am using straight soap/https requests, do I need to include the domain in the mix? how exactly ?

I tried to look at the usual examples with "contoso" but there is a great deal of intermixing between user/email/domain/server, etc.... so in the above acme example, it is clear where each part belongs. 

thanks,

  Erez 

• Edited by Erez Katz 11 hours 2 minutes ago

With an OnPrem server there is generally going to be two auth options either NTML or Basic auth (or they may have both enabled in IIS). If its just authentication that is causing your request to fail you should get 401. I would suggest you do some testing with the EWSEditor https://ewseditor.codeplex.com/ that will show you right away if EWS is okay and you can also look (using the LogViewer in app) at the correct way to construct you headers etc.

Cheers
Glen

Thank you Glen. I will try the tools you mentioned as soon as I can. 

I noticed one more thing here.

Acme has 2 corporate domain: northamerica and southamerica.

Also, there are 2 email server urls that users use (not considering

lonneymail.acme.com  (for northamerica) and lonneymail2.acme.com.

I tried (for now in a browser) 2 potential ews url.

https://lonneymail.acme.com/EWS/Exchange.asmx  (for the northamerica user)

https://lonneymail2.acme.com/EWS/Exchange.asmx - for a potential southeramerica user

The first one gave me a 403 error - from what seems like a Checkpoint Firewall (had the logo)

the second one prompted me to a username/password.

So it seems that at acme, the northamerica admin decided to block the ews endpoint, while the southamerica admin kept it accessible.

Also, there are 3rd party email applications (that are known not to use ActiveSync) that are able to work well with clients of acme. 

I am guessing that either they keep their own "known to work" ews endpoint for the @acme.com and use those when the autodiscovery url fails.

Another option would be that while doing the autodiscovery process, they didn't stop when the first url was offered, rather kept going to the following steps and aggregated as many urls as possible to try. I hope this makes sense.

Any thoughts?