Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
655 views
in Technique[技术] by (71.8m points)

exchange open runspace remotely (c#) access denied - lack of role?

I'm working with exchange server and i have error 'access denied' when trying to open runspace.

 if(_runspace.RunspaceStateInfo.State == RunspaceState.BeforeOpen)
                    _runspace.Open();
            }
            catch (Exception ex)
            {
                PowershellEnvironmentExceptionHandler.Handle(ex);
            }

I have no problem to connect remotely from powershell (using connect-exchangeonline) on this same credentials.

the code responsible for connection is :

 class ExchangeConnectionProvider
    {

        IKeyVaultProvider _keyProvider;
        Uri _uri = new Uri("https://outlook.office365.com/powershell-liveid/");
        string _shell = "http://schemas.microsoft.com/powershell/Microsoft.Exchange";
        private static readonly ILogger _logger = LogManager.GetCurrentClassLogger();

        public ExchangeConnectionProvider(IKeyVaultProvider keyProvider)
        {
            _keyProvider = keyProvider;
        }

        string GetUserName()
        {
            var username= CloudConfigurationManager.GetSetting("exchangeUser");
            if (string.IsNullOrEmpty(username))
                return string.Empty;
        return username;
        }
        

        string GetPassword()
        => CloudConfigurationManager.GetSetting("exchangePassword");

        internal WSManConnectionInfo Provide()
        {
            
            
            string username = GetUserName();
            string password = GetPassword();

      
            
            _logger.Info($"Connecting to exchange with username {username}");
            return Connect(username, password);
        }

       WSManConnectionInfo Connect(string username, string password)
    {


        //password = WebUtility.HtmlDecode(password);
        SecureString securePassword = new SecureString();
        foreach (char c in password)
        {
            securePassword.AppendChar(c);
        }



    
        SecureString secureStrin = new NetworkCredential("", password).SecurePassword;
        
        //var creds = new PSCredential(username, secureStrin);
        var creds = new PSCredential(username, securePassword);

        var connection = new WSManConnectionInfo(_uri, _shell, creds);
        connection.SkipCNCheck = true;
        connection.SkipCACheck = true;
        connection.SkipRevocationCheck = true;

        connection.AuthenticationMechanism = AuthenticationMechanism.Basic;
        connection.MaximumConnectionRedirectionCount = 2;
        return connection;
    }

Everything was working when i was using account which has exchange administrator role. It is not a problem with username/password.

Somebody has idea which role is responsible for allowing to

_runspace.Open();

The 'access denied' comes at live above.

I've done comparision between roles of user which i used before (and code was working) with current user current user:

Role Management
Security Group Creation and Membership

previous user:

Move Mailboxes
Reset Password
Migration
Distribution Groups
Team Mailboxes
Mail Recipient Creation
Security Group Creation and Membership
Role Management
Recipient Policies
Message Tracking
Mail Recipients

These two users works in different domains on cloud exchange - i was working on test domain (where everything was working) before.

I've also done comparision between these users properties (by get-user command) and the only differences are:

ExchangeVersion:

The worst thing is that i don't have access to the exchange server settings so i can't assing new roles to this user - i must cooperate with other department in company and it really takes too much time - if i would know the role needed operation above it would be much faster :)

exchange version:

0.20 (15.0.0.0) (current user, where i have problem)
1.1 (15.0.0.0) (previous user on test domain)

SKUAssigned:

null (current user)
true (previous user on test domain)
question from:https://stackoverflow.com/questions/65626431/exchange-open-runspace-remotely-c-access-denied-lack-of-role

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)
Waitting for answers

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...