Hello

To summarize what we want to achieve using Kerberos, we would like to call Exchange Web Service (without using impersonation on Exchange side) from SharePoint 2013 application in context of the logged user and not the web application app pool account context. We use SharePoint 2013 and Exchange 2010

Im sending the code used to send the EWS call:

_emailAddress = Microsoft.SharePoint.SPContext.Current.Web.CurrentUser.Email;
AddDebug("Email address: " + _emailAddress);
if (_ews == null)
{
// Choose the lowest necessary Exchange version
_ews = new ExchangeService(ExchangeVersion.Exchange2010_SP1);
}
_ews.Url = new Uri("ADRES EWS");
// Override certificate check (due to lab environment using self-signed certs)
ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(ValidateServerCertificate);
// Use default EWS credentials, allows Windows Auth (so long as Kerberos set up correctly)
_ews.UseDefaultCredentials = true;

Items are queried from EWS by using  _ews.FindItems(WellKnownFolderName.Inbox, searchFilter, view)

Problem: despite having Kerberos implemented we are getting information of the app pool account and not current user. If we disable NTLM fallback on EWS web app (use the Negotiate:Kerberos provider) we get 401 error.

We have based our code on http://blogs.msdn.com/b/emeamsgdev/archive/2012/07/26/exchange-web-services-and-sharepoint-without-applicationimpersonation.aspx. We would like to achieve the same as author of the post.

Pawel, did you find solution to resolve this problem? Having the same problem (Sharepoint 2013, Exchange 2010 SP2, kerberos) ...