Training
Certification
Microsoft Certified: Identity and Access Administrator Associate - Certifications
Demonstrate the features of Microsoft Entra ID to modernize identity solutions, implement hybrid solutions, and implement identity governance.
Identify the account to impersonate
Learn how your service application uses EWS to identify the user to impersonate.
Your service application identifies the user account to impersonate by using one of the following three identifiers:
The primary SMTP address.
The user principal name (UPN).
The security identifier (SID).
The identifier that you use depends, of course, on the information that your application has available.
Your application can use either the EWS Managed API or EWS SOAP requests to identify the user account that it is impersonating. The EWS Managed API uses the ExchangeService.ImpersonatedUserId property to identify the impersonated user. EWS uses the ExchangeImpersonation element, as shown in the following XML fragment.
XML
<soap:Header>
<t:ExchangeImpersonation>
<t:ConnectingSID>
Identifier
</t:ConnectingSID>
</t:ExchangeImpersonation>
</soap:Header>
Each of the following sections shows how to use one of the identifiers. For an example that shows the impersonation identifier in action, see Add appointments by using Exchange impersonation.
The SMTP email address is the primary email address that is associated with a user account.
In an EWS Managed API application, you specify the SMTP email address along with the ConnectingIdType.SMTP enumeration value.
cs
exchangeServiceInstance.ImpersonatedUserId = new ImpersonatedUserId(ConnectingIdType.SMTP, "alisa@contoso.com");
In an EWS SOAP request, the PrimarySmtpAddress element contains the email address for the user account.
XML
<soap:Header>
<t:ExchangeImpersonation>
<t:ConnectingSID>
<t:PrimarySmtpAddress>alisa@contoso.com</t:PrimarySmtpAddress>
</t:ConnectingSID>
</t:ExchangeImpersonation>
</soap:Header>
The UPN contains the fully qualified domain name (FQDN) for the location of the user account. This is not necessarily the user's mailbox domain. The UserPrincipalName attribute must be set correctly on the user account in Active Directory Domain Services (AD DS) for the user lookup to succeed.
In an EWS Managed API application, you specify the UPN along with the ConnectingIdType.PrincipalName enumeration value.
cs
exchangeServiceInstance.ImpersonatedUserId = new ImpersonatedUserId(ConnectingIdType.PrincipalName, "alias@billing.contoso.com");
In an EWS SOAP request, the PrincipalName element (ConnectingSIDType complexType) (EWS) element contains the UPN for the user account.
XML
<soap:Header>
<t:ExchangeImpersonation>
<t:ConnectingSID>
<t:PrincipalName>alisa@billing.contoso.com</t:PrincipalName>
</t:ConnectingSID>
</t:ExchangeImpersonation>
</soap:Header>
The SID is the identifier of the account to be impersonated in security descriptor definition language (SDDL) form.
In an EWS Managed API application, you specify the SID along with the ConnectingIdType.SID enumeration value.
cs
exchangeServiceInstance.ImpersonatedUserId = new ImpersonatedUserId(ConnectingIdType.SID, "S-1-5-21-1493619105-1843311271-3936346804-1118");
In an EWS SOAP request, the SID element contains the SID for the user account.
XML
<soap:Header>
<t:ExchangeImpersonation>
<t:ConnectingSID>
<t:SID>S-1-5-21-1493619105-1843311271-3936346804-1118</t:SID>
</t:ConnectingSID>
</t:ExchangeImpersonation>
</soap:Header>
Additional resources
Documentation
-
Add appointments by using Exchange impersonation
Learn how to use impersonation with the EWS Managed API or EWS in Exchange to add appointments to users' calendars.
-
Account does not have permission to impersonate requested user error - Microsoft Dataverse
Solves an error that occurs when you select Test Connection on an email server profile in Microsoft Dynamics 365.
-
Impersonation and EWS in Exchange
Learn how and when to use impersonation in your Exchange service applications.