EWS Manage Api Exchange Online  TokenCredentials always returning 401

Hi,

Im trying to get acces to Exchange Online with the EWS manage api 2.2 and Im trying using this

       ExchangeService service = new ExchangeService();
            service.TraceEnabled = true;
           
            service.Url = new Uri("https://outlook.office365.com/EWS/Exchange.asmx");
            //service.HttpHeaders.Add("Authorization", "Bearer " + token);
            service.Credentials = new TokenCredentials(token);
            //service.PreAuthenticate = true;
            //service.SendClientLatencies = true;
            //service.EnableScpLookup = false;

Always I get 401 unauthorized the token I get Azure Ad Authentication library , with this code

   var authenticationContext = new AuthenticationContext(_config.AuthString, false);
            // Config for OAuth client credentials 
            var clientCred = new ClientCredential(_config.ClientId, _config.ClientSecret);
            AuthenticationResult authenticationResult = authenticationContext.AcquireToken(_config.ResourceUrl,clientCred);
            string token = authenticationResult.AccessToken;

The app is registered on Azure Ad and have all the permision ,

Im missing something? There is somewhere  a working example?

I thinks is the same problem that is explained  here

January 10th, 2015 12:21am

As your link says, don't use TokenCredentials, it doesn't work with OAuth tokens. Instead just put the token value in the Authorization header.

ExchangeService service = new ExchangeService(ExchangeVersion.Exchange2013);
string accessToken = GetAccessToken();
if (!string.IsNullOrEmpty(accessToken))
    service.HttpHeaders.Add("Authorization", "Bearer " + accessToken);

Where GetAccessToken is basically a wrapper around your ADAL code snippet.

Free Windows Admin Tool Kit Click here and download it now
January 10th, 2015 1:27am

I tried that but is not working,

January 12th, 2015 7:27am
Interesting. How did you register this app, and what permissions did you grant? Is it a web app or a native app?
Free Windows Admin Tool Kit Click here and download it now
January 13th, 2015 6:58pm
Is a web App , and it have full acces permitions , read and write on Azure AD and on Exchange Online  full acces 
January 13th, 2015 7:56pm
If you parse the token, what is the value of the scp claim?
Free Windows Admin Tool Kit Click here and download it now
January 14th, 2015 7:48pm

Got this "nuclear bomb", as i call this type of unexpected issues, in response too.

 {[x-ms-diagnostics, 2000010;reason="The access token is acquired using an authentication method that is too weak to allow access for this application. Presented auth strength was 1, required is 2.";error_category="insufficient_auth_strength"]}

As i see, have to use a trusted certificate via ADAL (not self-signed), i guess, to get prtectio level 2.

But all i initially was need - edit subject of an item at read-view outlook web (content) app...

January 31st, 2015 12:05am
I faced this issue too.. I registered app wit Visual Studio 2013 Office tools "Add Connected Service" feature...
Free Windows Admin Tool Kit Click here and download it now
January 31st, 2015 12:06am
Are you trying to use client credential OAuth flow rather than authorization code grant flow? You can use self-signed cert but it has to be added to the app manifest in Azure. http://blogs.msdn.com/b/exchangedev/archive/2015/01/22/building-demon-or-service-apps-with-office-365-mail-calendar-and-contacts-apis-oauth2-client-credential-flow.aspx
January 31st, 2015 12:11am

I've been fighting with this issue for almost a week. I am trying to write a daemon application but I cannot make it to do even minimum. I am using NodeJS and node-outlook. I tried several self-signed certificates using sha1, md5, sha265 algorithms. The problem is the same:

ERROR: { UNSENT: 0,
  OPENED: 1,
  HEADERS_RECEIVED: 2,
  LOADING: 3,
  DONE: 4,
  readyState: 4,
  onreadystatechange: [Function],
  responseText: '',
  responseXML: '',
  status: 401,
  statusText: null,
  open: [Function],
  setDisableHeaderCheck: [Function],
  setRequestHeader: [Function],
  getResponseHeader: [Function],
  getAllResponseHeaders: [Function],
  getRequestHeader: [Function],
  send: [Function],
  handleError: [Function],
  abort: [Function],
  addEventListener: [Function],
  removeEventListener: [Function],
  dispatchEvent: [Function] }
Headers content-length: 0
server: Microsoft-IIS/8.0
request-id: db48cb4f-31e8-485f-a534-175e6c4d4daa
x-calculatedbetarget: BLUPR10MB0594.namprd10.prod.outlook.com
x-backendhttpstatus: 401
x-ms-diagnostics: 2000010;reason="The access token is acquired using an authenti
cation method that is too weak to allow access for this application. Presented a
uth strength was 1, required is 2.";error_category="insufficient_auth_strength"
x-diaginfo: BLUPR10MB0594
x-beserver: BLUPR10MB0594
x-powered-by: ASP.NET
x-feserver: BLUPR0401CA0021
www-authenticate: Bearer client_id="00000002-0000-0ff1-ce00-000000000000", trust
ed_issuers="00000001-0000-0000-c000-000000000000@*", token_types="app_asserted_u
ser_v1", authorization_uri="https://login.windows.net/common/oauth2/authorize",
error="invalid_token",Basic Realm="",Basic Realm=""
date: Thu, 25 Jun 2015 18:52:23 GMT
connection: close

Has anybody resolved the issue?

Free Windows Admin Tool Kit Click here and download it now
June 25th, 2015 3:28pm

People, is there some Microsoft forum where I could actually get answers about this issue?

I followed the instructions published here http://blogs.msdn.com/b/exchangedev/archive/2015/01/22/building-demon-or-service-apps-with-office-365-mail-calendar-and-contacts-apis-oauth2-client-credential-flow.aspx, and it is still not working.

Was anybody successful in defeating this "The access token is acquired using an authentication method that is too weak to allow access for this application. Presented auth strength was 1, required is 2." error in NodeJs/node-outlook?

Thanks in advance.

June 26th, 2015 11:53am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics