locked
Do SEND AS permissions work for clients using Exchange Web Services? RRS feed

  • Question

  • Our Java team is writing an application to do some e-mail reading/sending for a mailbox and would like to interface with Exchange via Exchange Web Services. They have tested their application with a test mailbox and would like to now put this into production. The mailbox they are working with is a shared mailbox and we would rather not enable the user account associated with this mailbox. If I grant a service account FULL ACCESS and SEND AS permissions to the shared mailbox, will they be able to send new e-mails using Exchange Web Services AS the shared mailbox?

    Or do I have to setup Impersonation via a RBAC role?

    I've read through this and am not 100% sure yet:

    https://msdn.microsoft.com/en-us/library/office/dn722377(v=exchg.150).aspx

    It is just one mailbox, one service account so I was hoping to just use SEND AS permissions and be done.


    Jason Meyer

    Thursday, October 1, 2015 7:08 PM

Answers

  • Winnie, I'm not trying to set those permissions via EWS, I'm trying to use those permissions via EWS.

    The good news is yesterday our Java developers did get SEND AS permissions to work via EWS.  That being accomplished tells me that impersonation is not required for a java application to use SEND AS permissions on a mailbox when accessing it via EWS.

    Edit on 11/30/2015, I believe that the only difference between impersonation and FULL ACCESS is that impersonation only works when accessing Exchange via EWS.  Versus FULL ACCESS can be used via any access method, MAPI, OWA, EWS, etc.


    Jason Meyer



    Friday, October 2, 2015 7:46 PM

All replies

  • You don't need impersonation. You can find examples here:

    https://msdn.microsoft.com/EN-US/library/office/dn641963(v=exchg.150).aspx#bk_createewsma

    For PowerShell EWS, this should work:

    $message = New-Object Microsoft.Exchange.WebServices.Data.EmailMessage($exchangeService)
    
                    
    $message.From = "shared@domain.com" #DELEGATE
    $message.Subject = "Test message"
    $message.Body = "Body text"
    $message.ToRecipients.Add("user@domain.com")
                    
    
    $message.Send()

    Thursday, October 1, 2015 8:38 PM
  • Really appreciate the feedback, any input on doing this via a Java application?

    Jason Meyer

    Thursday, October 1, 2015 8:42 PM
  • Sorry, I'm not a programmer :)
    Friday, October 2, 2015 6:45 AM
  • Hi,

    Generally, we can directly use Exchange Management Shell and EAC to assign Send As permission and Full Access permission to an account:

    https://technet.microsoft.com/en-us/library/jj919240(v=exchg.150).aspx

    If you want to use the EWS Managed API and EWS in Exchange to achieve it, please ask a question in Exchange Development forum for more help:

    https://social.technet.microsoft.com/Forums/exchange/en-us/home?forum=exchangesvrdevelopment

    Regards,


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Winnie Liang
    TechNet Community Support

    Friday, October 2, 2015 9:00 AM
  • Winnie, I'm not trying to set those permissions via EWS, I'm trying to use those permissions via EWS.

    The good news is yesterday our Java developers did get SEND AS permissions to work via EWS.  That being accomplished tells me that impersonation is not required for a java application to use SEND AS permissions on a mailbox when accessing it via EWS.

    Edit on 11/30/2015, I believe that the only difference between impersonation and FULL ACCESS is that impersonation only works when accessing Exchange via EWS.  Versus FULL ACCESS can be used via any access method, MAPI, OWA, EWS, etc.


    Jason Meyer



    Friday, October 2, 2015 7:46 PM