imap impersonation - how to do it

0 votes
asked Feb 19, 2012 by santhoma (160 points)
edited Feb 23, 2012

Hello

I am evaluating your product for an upcoming IMAP based project. We have a requirement to traverse through different exchange email user folders using a single admin user Id. In other words the admin user must have the ability to impersonate and read emails of others. I went through your tutorials, and found that rebex IMAP libaries actually have a support for this (http://forum.rebex.net/questions/45/imap-impersonation). I know such impersonation login mechanism used to work in exchange 2003, my underestanding is that newer versions do not support it (http://support.microsoft.com/default.aspx?scid=kb;en-us;937359).

I am stuck at this point, every time I try I get a LOGIN failed error. Can you please give me more details about how to configure IMAP impersonation at the exchange server side (for exchange 2007)? Also is this supported in exchange 2010?

thanks in advance

Applies to: Rebex Secure Mail

3 Answers

0 votes
answered Feb 20, 2012 by Lukas Pokorny (86,990 points)
edited Feb 22, 2012

Hello,

We are not sure about Exchange 2007, but in Exchange 2010, you can impersonate a user by using a mechanism specified by IMAP protocol's AUTHENTICATE PLAIN command.

A corresponding Rebex IMAP code involves constructing a username string by combining the two different user names:

    Imap imap = new Imap();
    imap.Connect(...);

    // credentials for authentication
    string loginUserName = ...;
    string password = ...;

    // user name of impersonated user
    string mailboxUserName = ...;

    // construct a username for impersonation
    string userName = mailboxUserName + "\0" + loginUserName;

    // authenticate to the server
    imap.Login(userName, password, ImapAuthentication.Plain);

This works with Exchange 2010. If you test it with Exchange 2007, please let us know whether it works as well!

0 votes
answered Feb 22, 2012 by santhoma (160 points)
edited Feb 23, 2012
commented Feb 22, 2012 by Lukas Pokorny (86,990 points)
edited Feb 22, 2012

This looks like this enables the legacy Exchange 2003 impersonation method, not the Exchange 2010 I described above. Is that correct?

In any case, SSL shouldn't make a difference, it's just a transparent security layer over which the IMAP protocol runs.

commented Feb 23, 2012 by santhoma (160 points)
edited Feb 23, 2012

Well I do not think anything has changed in 2010 as well.. check this link

http://social.technet.microsoft.com/Forums/en/exchangesvrgeneral/thread/8c8b4605-efae-49eb-a118-54aa418de6c2

Can you tell me from where did you get the idea of a NULL character in the login string of exch 2010 ?

0 votes
answered Feb 23, 2012 by Lukas Pokorny (86,990 points)
edited Feb 23, 2012

Thanks for the links, I'm sure other users will find them useful as well!

The idea of using the NULL character comes from RFC 2595 (page 8), a document that defines PLAIN authentication mechanism for IMAP, POP3 and SMTP.

...