This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 48%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
Hi,
I have an old C# program connecting to EWS with the old standard method.
Now I have to use the oAuth2 method and I'm struggling. Could someone please be so kind and help me ?
My program uses always the same username/email address with the same password and adds/deletes/updates calendar entries.
I'm using this code here to get the token and after several tries I'm getting no error messages:
var cca = ConfidentialClientApplicationBuilder
.Create(ConfigurationManager.AppSettings["appId"])
.WithClientSecret(ConfigurationManager.AppSettings["clientSecret"])
.WithTenantId(ConfigurationManager.AppSettings["tenantId"])
.Build();
var ewsScopes = new string[] { "https://outlook.office365.com/.default" };
var authResult = await cca.AcquireTokenForClient(ewsScopes)
.ExecuteAsync();
var ewsClient = new ExchangeService();
ewsClient.Url = new Uri("https://outlook.office365.com/EWS/Exchange.asmx");
ewsClient.Credentials = new OAuthCredentials(authResult.AccessToken);
ewsClient.ImpersonatedUserId = new ImpersonatedUserId(ConnectingIdType.SmtpAddress, "username@keyman .com");
In the example code I found in the internet they listed the exchange folders of the user. I tried that and an "Unauthorized" error appeared.
I changed my sample code to add an appointment. I still get the "Unauthorized" error.
I found a lot of comments about permissions here https://www.outlook-integration.com/Docs/setupimpersonation#exch13up
Is that what is missing now ?
Also I found examples where someone used oAuth2 and connects still by using username and password ?
It feels like I found already a lot but I have to put the correct items together to make it work.
I hope someone has time to support me.
Thanks a lot in advance
Michael
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 84%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGS%3C/text%3E%3C/svg%3E)
Most likely its a problem with your Application registration did you assign the full_access_as_app Application permission this is the only permission that will work for EWS when using Client Credentials Flow.
You should check that scope is being returned in your token eg grab the token from authResult.AccessToken in debug and post it into https://jwt.io/ and you should see the following in your token if you have it configured correctly.
Good Morning Glen,
Thanks a lot for your reply. I have in my token test result no scope value.
I've added to my registered app the permission only for the calendar.
But I have noticed now that the connection I'm using needs the full access
to the whole mailbox and the access can't be restricted to the calendar.
I have asked my customer to make that change and let you know how
it went as soon as they changed it.
Regards
Michael
IT WORKS !!!! Really awesome. I'm so happy getting this solved.
Thanks a lot again.
Take care and stay healthy
Michael