Thursday, August 5, 2010

Exchange impersonation not working

We had a request from a customer regarding Exchange Impersonation. The customer wanted to use impersonation for an application that had to send emails as another user. He didn’t wanted to use “Send As” right and he asked us specifically to use Impersonation.
Exchange Impersonation enables a caller to impersonate a given user account. This enables the caller to perform operations by using the permissions that are associated with the impersonated account, instead of the permissions that are associated with the caller's account.

Our customer’ application was trying to send emails in the name of an user using SMTP protocol, connecting to an Exchange HUB Transport Server. We configured user1 to be able to impersonate user2.

Microsoft Exchange Server 2010 uses Role-Based Access Control (RBAC) to assign permissions to accounts. You can read more about impersonation configuration here: http://msdn.microsoft.com/en-us/library/bb204095.aspx .

If you still use Exchange 2007, you have to read this: http://msdn.microsoft.com/en-us/library/bb204095(EXCHG.80).aspx.

We configured the application to authenticate to the SMTP service as user1 and send emails as user2. We made a lot of tests and all we've got was “5.7.1 Client does not have permissions to send as this sender”. After some extensive research we found out a simple thing. You cannot use impersonation to send emails as another user using SMTP authentication, OWA or Outlook.
Exchange impersonation is designed to be used only for Exchange Web Services (EWS). For other requirements, you should use “Send As” right (http://technet.microsoft.com/en-us/library/bb676368.aspx). 

No comments:

Post a Comment