Develop Reference

EWS managed-api gets 500 Internal Server Error when creating streaming subscription with affinity using OAuth

I have an application that uses EWS streaming subscriptions via the managed API (built from latest source on GitHub as NuGet version is out of date), and have been enhancing it to group subscriptions for mailboxes with the same GroupingInformation and ExternalEwsUrl user settings, to reduce the number of connections, as described in Maintain affinity between a group of subscriptions and the Mailbox server in Exchange.
I am also introducing modern authentication for Exchange Online: Authenticate an EWS application by using OAuth
I have only been testing the changes on a relatively small Azure tenant. When I try to create a subsequent subscription on a group, it works perfectly with basic authentication, but with OAuth authentication, it always fails with HTTP error 500. The EWS error message is "Request failed because EWS could not contact the appropriate CAS server for this request".
I include an excerpt from the XML trace, when using OAuth, for the request and response for the first subscription on the anchor mailbox, then the request and failed response for the second subscription. The GroupingInformation value for the two mailboxes was "VE1PR03" when these requests were made.
It is not obvious how the use of OAuth should affect the routing of the requests.
POST /EWS/Exchange.asmx HTTP/1.1
Content-Type: text/xml; charset=utf-8
Accept: text/xml
User-Agent: MyApp/2.2.0.20149 (ExchangeServicesClient/2.2.1.0)
Accept-Encoding: gzip,deflate
X-AnchorMailbox: user1#xyz.onmicrosoft.com
X-PreferServerAffinity: true
Authorization: Bearer ey..
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<t:RequestServerVersion Version="Exchange2016" />
<t:ExchangeImpersonation>
<t:ConnectingSID>
<t:SmtpAddress>user1#xyz.onmicrosoft.com</t:SmtpAddress>
</t:ConnectingSID>
</t:ExchangeImpersonation>
</soap:Header>
<soap:Body>
<m:Subscribe>
<m:StreamingSubscriptionRequest>
<t:FolderIds>
<t:DistinguishedFolderId Id="inbox">
<t:Mailbox>
<t:EmailAddress>user1#xyz.onmicrosoft.com</t:EmailAddress>
</t:Mailbox>
</t:DistinguishedFolderId>
</t:FolderIds>
<t:EventTypes>
<t:EventType>NewMailEvent</t:EventType>
</t:EventTypes>
</m:StreamingSubscriptionRequest>
</m:Subscribe>
</soap:Body>
</soap:Envelope>
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Encoding: gzip
Vary: Accept-Encoding
X-CalculatedFETarget: VI1P194CU002.internal.outlook.com
X-BackEndHttpStatus: 200,200
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Set-Cookie: exchangecookie=5bf5f04d41dd4205b2fd96f211c5b2b4; expires=Thu, 17-Jun-2021 14:06:18 GMT; path=/; secure; HttpOnly
Set-Cookie: X-BackEndOverrideCookie=VE1PR03MB5854.eurprd03.prod.outlook.com~1943309328; path=/; secure; HttpOnly
Server: Microsoft-IIS/10.0
X-FEProxyInfo: VI1P194CA0032.EURP194.PROD.OUTLOOK.COM
X-CalculatedBETarget: VE1PR03MB5854.eurprd03.prod.outlook.com
X-RUM-Validated: 1
x-ms-appId: f456225c-aef6-41fc-bbd5-8a5c9c9287d6
X-FromBackend-ServerAffinity: True
x-EwsHandler: Subscribe
X-AspNet-Version: 4.0.30319
X-BeSku: WCS5
X-DiagInfo: VE1PR03MB5854
X-BEServer: VE1PR03MB5854
X-Proxy-RoutingCorrectness: 1
X-Proxy-BackendServerStatus: 200
X-FEServer: VI1P194CA0032,LO2P265CA0158
X-Powered-By: ASP.NET
Date: Wed, 17 Jun 2020 14:06:18 GMT
<?xml version="1.0" encoding="utf-8"?>
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
<s:Header>
<h:ServerVersionInfo MajorVersion="15" MinorVersion="20" MajorBuildNumber="3088" MinorBuildNumber="29" Version="V2018_01_08" xmlns:h="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" />
</s:Header>
<s:Body>
<m:SubscribeResponse xmlns:m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types">
<m:ResponseMessages>
<m:SubscribeResponseMessage ResponseClass="Success">
<m:ResponseCode>NoError</m:ResponseCode>
<m:SubscriptionId>JwB2ZTFwcjAzbWI1ODU0LmV1cnByZDAzLnByb2Qub3V0bG9vay5jb20QAAAADJevxSPm2ESq94+CIcSMEp28L5vHEtgIEAAAAONzlukW2B5KmN/hjFV/so0=</m:SubscriptionId>
</m:SubscribeResponseMessage>
</m:ResponseMessages>
</m:SubscribeResponse>
</s:Body>
</s:Envelope>
POST /EWS/Exchange.asmx HTTP/1.1
Content-Type: text/xml; charset=utf-8
Accept: text/xml
User-Agent: MyApp/2.2.0.20149 (ExchangeServicesClient/2.2.1.0)
Accept-Encoding: gzip,deflate
X-AnchorMailbox: user1#xyz.onmicrosoft.com
X-PreferServerAffinity: true
Cookie: X-BackEndOverrideCookie=VE1PR03MB5854.eurprd03.prod.outlook.com~1943309328
Authorization: Bearer ey..
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<t:RequestServerVersion Version="Exchange2016" />
<t:ExchangeImpersonation>
<t:ConnectingSID>
<t:SmtpAddress>user2#xyz.onmicrosoft.com</t:SmtpAddress>
</t:ConnectingSID>
</t:ExchangeImpersonation>
</soap:Header>
<soap:Body>
<m:Subscribe>
<m:StreamingSubscriptionRequest>
<t:FolderIds>
<t:DistinguishedFolderId Id="inbox">
<t:Mailbox>
<t:EmailAddress>user2#xyz.onmicrosoft.com</t:EmailAddress>
</t:Mailbox>
</t:DistinguishedFolderId>
</t:FolderIds>
<t:EventTypes>
<t:EventType>NewMailEvent</t:EventType>
</t:EventTypes>
</m:StreamingSubscriptionRequest>
</m:Subscribe>
</soap:Body>
</soap:Envelope>
HTTP/1.1 500 Internal Server Error
X-CalculatedFETarget: VI1P194CU002.internal.outlook.com
X-BackEndHttpStatus: 500,500
X-FEProxyInfo: VI1P194CA0034.EURP194.PROD.OUTLOOK.COM
X-CalculatedBETarget: VE1PR03MB5854.eurprd03.prod.outlook.com
X-RUM-Validated: 1
x-ms-appId: f456225c-aef6-41fc-bbd5-8a5c9c9287d6
X-BeSku: WCS5
X-DiagInfo: VE1PR03MB5854
X-BEServer: VE1PR03MB5854
X-Proxy-RoutingCorrectness: 1
X-Proxy-BackendServerStatus: 500
X-FEServer: VI1P194CA0034,LO2P265CA0158
Content-Length: 839
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Date: Wed, 17 Jun 2020 14:06:18 GMT
Set-Cookie: exchangecookie=39b2d19d8e9740128573cb1af6358c33; expires=Thu, 17-Jun-2021 14:06:18 GMT; path=/; secure; HttpOnly
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
<?xml version="1.0" encoding="utf-8"?>
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
<s:Header>
<Action s:mustUnderstand="1" xmlns="http://schemas.microsoft.com/ws/2005/05/addressing/none">*</Action>
</s:Header>
<s:Body>
<s:Fault>
<faultcode xmlns:a="http://schemas.microsoft.com/exchange/services/2006/types">a:ErrorInvalidRequest</faultcode>
<faultstring xml:lang="en-US">Request failed because EWS could not contact the appropriate CAS server for this request.</faultstring>
<detail>
<e:ResponseCode xmlns:e="http://schemas.microsoft.com/exchange/services/2006/errors">ErrorInvalidRequest</e:ResponseCode>
<e:Message xmlns:e="http://schemas.microsoft.com/exchange/services/2006/errors">Request failed because EWS could not contact the appropriate CAS server for this request.</e:Message>
</detail>
</s:Fault>
</s:Body>
</s:Envelope>

After further investigation, I have resolved this by simply using the same ExchangeService object for each subscription in the group (I had been creating a new ExchangeService for each subscription). The grouping now works with both OAuth and basic authentication. The article on maintaining affinity does say "Create and use one ExchangeService object for the rest of the procedure", and I should have taken that more literally!
Before creating each subscription, including the first, one does of course need to set ExchangeService.ImpersonatedUserId to the SMTP address of the relevant mailbox user, and after creating the first subscription, add an assignment of the X-BackendOverrideCookie cookie value from the first subscription response to the HttpHeaders.
I hope this is useful for anyone else who is working with streaming subscriptions.

To pass X-BackEndOverrideCookie to subsequent requests, either:
Use the same ExchangeService for each subscription in the same grouping. This handles X-BackEndOverrideCookie automatically.
Use a fresh ExchangeService, but manually copy X-BackEndOverrideCookie via ExchangeService's CookieContainer property.
I recommend the second approach for thread-safety. If your application is a long-running service, you will likely need a retry loop to deal with failed subscriptions.
To transfer X-BackEndOverrideCookie manually:
string backEndOverrideCookie =
service1.CookieContainer.GetCookies(service1.Url)["X-BackEndOverrideCookie"]?.Value;
...
if (!string.IsNullOrWhiteSpace(backEndOverrideCookie))
service2.CookieContainer.SetCookies(service2.Url, "X-BackEndOverrideCookie=" + backEndOverrideCookie);
Note: Assigning to Credentials resets the ExchangeService's CookieContainer, and for OAuth you will need to do this regularly. Fortunately there's a simple workaround:
var cookieContainer = service.CookieContainer;
service.Credentials = new OAuthCredentials(authenticationResult.AccessToken);
service.CookieContainer = cookieContainer;

Having problems with Azure AD, Angular 2 and preflight is invalid (redirect)

Right now I am not having a great time integrating Angular 2 and Azure AD.
Steps to reproduce error:
I have created an Angular 2 front end, Web API(suave.io) and it deployed Azure
I have setup Azure AD on the Web Site and Web API
Followed this article:
https://blogs.msdn.microsoft.com/premier_developer/2017/04/26/using-adal-with-angular2/
I get the bearer Azure AD token (great)
I then call the Web API and I am getting
XMLHttpRequest cannot load https://#### /groups/. Response for preflight is invalid (redirect)
This is related to this issue.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Preflighted_requests
My Angular 2 code is this:
let headers = new Headers();
headers.append("Content-Type", "application/x-www-form-urlencoded");
headers.append("Authorization", 'Bearer ' + this.adalService.accessToken );
return this._http.get(this.API_BASE + `groups/`, { headers: headers})
.map((response: Response) => response.json())
This call removes the Authorization token and sends an Option call. I believe the request fails because there is no authentication header and AD rejects it before it gets to the Web API.
This is the request being now sent from chome:
OPTIONS /groups/ HTTP/1.1 Host: dev-api-integration-####.azurewebsites.net Connection: keep-alive Access-Control-Request-Method: GET Origin: http://localhost:4200/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Access-Control-Request-Headers: authorization Accept: */* Referer: http://localhost:4200/ Accept-Encoding: gzip, deflate, sdch, br Accept-Language: en-GB,en-US;q=0.8,en;q=0.6
My web config has:
<httpProtocol>
<customHeaders>
<clear />
<add name="Access-Control-Allow-Origin" value="http://localhost:4200/*" />
<add name="Access-Control-Allow-Headers" value="Authorization, Content-Type" />
<add name="Access-Control-Allow-Credentials" value="true"/>
<add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
</customHeaders>
</httpProtocol>
What can I do? This is a major issue for me at the moment. I guess more and more people will be using Angular 2 and AD integration in future. Any hints or ideas would be much appreciated.

Servicestack LinkedIn Oauth2 with Webauthenticator Not Returning to App

Hi Am having trouble with Servicestack authentication with Xamarin.auth component.
when try authenticate with ServiceStack with WebAuthencator , am getting authenticated but am not able to return to app as in case of Xamarin.Auth only.
[Route("/my-session")]
public class CustomUserSession : AuthUserSession ,IReturn<CustomUserSession>
{
public string GithubProfileUrl { get; set; }
public string TwitterProfileUrl { get; set; }
IRedisClientsManager RedisManager;
public override void OnAuthenticated(IServiceBase authService, IAuthSession session, IOAuthTokens tokens, Dictionary<string, string> authInfo)
{
base.OnAuthenticated(authService, session, tokens, authInfo);
var userAuthRepo = authService.ResolveService<IUserAuthRepository>();
var userAuth = userAuthRepo.GetUserAuth(session.UserAuthId);
}
}
here is the RAW request from JsonServiceClient
GET http://sample.com/api/my_info HTTP/1.1
Accept: application/json
Accept-Encoding: gzip, deflate
Authorization: DotNetOpenAuth.WebServerClient.XSRF-Session=GGcwh7UvAe3R5ivrrAv7MQ; ss-id=5byYKQ5TYwmYqK3EQ5Vi; ss-pid=82ZTomRsZmdRTTA6dkMF; X-UAId=1
Connection: keep-alive
Host: sample.com
RESPONSE :
HTTP/1.1 401 Unauthorized
Cache-Control: private
Server: Microsoft-IIS/8.5
WWW-Authenticate: LinkedIn realm="https://www.linkedin.com/uas/oauth2/authorization"
X-Powered-By: ServiceStack/4.0 Win32NT/.NET
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Fri, 25 Nov 2016 19:59:37 GMT
Content-Length: 0
while the same call to /api/my_info in browser redirects to auth and gets the info.
Browser Request :
GET /api/my_info HTTP/1.1
Host: sample.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
Cookie: ss-pid=pnxqAEU3ExIzrVZ8QdR/; ss-id=qCAkeAUDbQ+QRkZvIQgv; DotNetOpenAuth.WebServerClient.XSRF-Session=lFqnWxGQfdOZEF55MrLT_Q; X-UAId=1
Browser Respone:
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Server: Microsoft-IIS/8.5
X-Powered-By: ServiceStack Win32NT/.NET
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Tue, 22 Nov 2016 20:38:37 GMT
Content-Length: 9443
Connection: keep-alive
<!doctype html>
<html lang="en-us">
<head>
<title>Simple Snapshot of 11/22/2016</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<style type="text/css">
BODY, H1, H2, H3, H4, H5, H6, DL, DT, DD {
..............
Also JsonServiceClient gets ss-id but later calling authenticate service failing with 401.

There's an example project with docs showing how to authenticate ServiceStack with Xamarin.Auth available at:
github.com/ServiceStackApps/TechStacksAuth

Web.Config - staticContent - clientCache configurations

I have this Content folder to hold js/images/css etc which doesn't change so often. So, I have added a config file to this directory which looks like this -
<configuration>
<system.webServer>
<staticContent>
<!-- <clientCache cacheControlMode="UseExpires" httpExpires="Mon, 30 Nov 2015 20:45:45 GMT"/> -->
<clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="1.00:00:00"/>
</staticContent>
</system.webServer>
</configuration>
When I load the page for the first time, I can see these response/request headers for a requested js file -
Response Headers
Accept-Ranges:bytes
Cache-Control:max-age=86400
Content-Encoding:gzip
Content-Length:1730
Content-Type:application/x-javascript
Date:Mon, 30 Nov 2015 12:14:31 GMT
ETag:"038394f8fd11:0"
Last-Modified:Mon, 26 Oct 2015 14:14:08 GMT
Server:Microsoft-IIS/7.5
Vary:Accept-Encoding
X-Powered-By:ASP.NET
Request Headers
Accept:*/*
Accept-Encoding:gzip, deflate, sdch
Accept-Language:en-US,en;q=0.8
Cache-Control:no-cache
Connection:keep-alive
Host:dev.admin.ccmportal.williamslea.com
Pragma:no-cache
Referer:http://dev.admin.ccmportal.williamslea.com/
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36
Two questions -
When I re-load the page using F5, I see same response headers with
content length of 1730. Why content is reloaded even if I have set
it to be cached for 1 day?
What does Cache-Control:no-cache means in Request Header?
Thank you!

Content-Length will always show the content length, even when the content is pulled from cache.
Cache-Control: no-cache tells the browser it SHOULD forward the request toward the origin server even if it has a cached copy of what is being requested.
Content-Length spec: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.13
Cache-Control spec: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9
So it looks like your clientCache configuration is working correctly however it also looks like you're browser is not using the cache as per Cache-Control:no-cache
Do you have cache disabled in your dev tools or something similar?

Inserting data with OData in atom format

Odata is a new thing for me and I'm trying getting in deep with it. So I'm trying insert data using OData protocol in atom format and using a rest client. So I've created the following http Post request:
POST /HelloOdata/library.xsodata/books HTTP/1.1
Host: coe-he-55:8010
Authorization: Basic xxxxxxxxxxxxxxxxxxxxx
DataServiceVersion: 1.0
MaxDataServiceVersion: 2.0
accept: application/atom+xml
Content-Type: application/atom+xml
Cache-Control: no-cache
Postman-Token: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
<?xml version="1.0" encoding="utf-8"?>
<Entry xmlns:d="http://schemas.microsoft.com/ado/2007/08/dataservices"
xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata"
xmlns="http://www.w3.org/2005/Atom">
<title type="text">books</title>
<author>
<name />
</author>
<link href="books('Test_post')/Author" rel="http://schemas.microsoft.com/ado/2007/08/dataservices/related/Author" title="Author" type="application/atom+xml;type=entry"/>
<category term="HelloOdata.library.booksType"
scheme="http://schemas.microsoft.com/ado/2007/08/dataservices/scheme" />
<content type="application/xml">
<m:properties>
<d:title>Test_post</d:title>
<d:ISBN>ISBN_POST</d:ISBN>
<d:editions>2</d:editions>
</m:properties>
</content>
</Entry>
and as a response I've got: The serialized resource has an missing value for member 'title'.
Well my table books has only three properties which are title, ISBN and editions precisely those one I'm trying insert through this statement. So, do you have any idea what can be wrong in it?
Thank you
Pablo

I've found where the error was.
Unbelievably the right xml request is:
POST /HelloOdata/library.xsodata/books HTTP/1.1
Host: coe-he-55:8010
Authorization: Basic xxxxxxxxxxxxxxxxxxxxx
DataServiceVersion: 1.0
MaxDataServiceVersion: 2.0
accept: application/atom+xml
Content-Type: application/atom+xml
Cache-Control: no-cache
Postman-Token: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
<?xml version="1.0" encoding="utf-8"?>
<entry xmlns:d="http://schemas.microsoft.com/ado/2007/08/dataservices"
xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata"
xmlns="http://www.w3.org/2005/Atom">
<title type="text">books</title>
<author>
<name />
</author>
<category term="HelloOdata.library.booksType"
scheme="http://schemas.microsoft.com/ado/2007/08/dataservices/scheme" />
<content type="application/xml">
<m:properties>
<d:title>Test_post</d:title>
<d:ISBN>ISBN_POST</d:ISBN>
<d:editions>2</d:editions>
</m:properties>
</content>
</entry>
well I also had to get off with this part:
<link href="books('Test_post')/Author" rel="http://schemas.microsoft.com/ado/2007/08/dataservices/related/Author" title="Author" type="application/atom+xml;type=entry"/>
but this was an attempt after the first one, because the real problem was the tag
<Entry>
write with E and not
<entry>
Once I changed it, the Http request works well.
I saw this example of insertion of data with OData on the official website guideline:
http://www.odata.org/documentation/odata-version-2-0/operations and there the tag entry was written with capital letter.
Thank you!
Pablo