imap impersonation - how to do it

Question

Hello

I am evaluating your product for an upcoming IMAP based project. We have a requirement to traverse through different exchange email user folders using a single admin user Id. In other words the admin user must have the ability to impersonate and read emails of others. I went through your tutorials, and found that rebex IMAP libaries actually have a support for this (http://forum.rebex.net/questions/45/imap-impersonation). I know such impersonation login mechanism used to work in exchange 2003, my underestanding is that newer versions do not support it (http://support.microsoft.com/default.aspx?scid=kb;en-us;937359).

I am stuck at this point, every time I try I get a LOGIN failed error. Can you please give me more details about how to configure IMAP impersonation at the exchange server side (for exchange 2007)? Also is this supported in exchange 2010?

thanks in advance

Answer 1

Hello,

We are not sure about Exchange 2007, but in Exchange 2010, you can impersonate a user by using a mechanism specified by IMAP protocol's AUTHENTICATE PLAIN command.

A corresponding Rebex IMAP code involves constructing a username string by combining the two different user names:

    Imap imap = new Imap();
    imap.Connect(...);

    // credentials for authentication
    string loginUserName = ...;
    string password = ...;

    // user name of impersonated user
    string mailboxUserName = ...;

    // construct a username for impersonation
    string userName = mailboxUserName + "\0" + loginUserName;

    // authenticate to the server
    imap.Login(userName, password, ImapAuthentication.Plain);

This works with Exchange 2010. If you test it with Exchange 2007, please let us know whether it works as well!

Answer 2

ok, it should work with exchange 2007 SP1 with Rollup Update 4 or later, please see links

http://support.microsoft.com/default.aspx?scid=kb;en-us;937359

http://support.microsoft.com/?kbid=949926

http://social.technet.microsoft.com/Forums/en/exchangesvrgeneral/thread/8c8b4605-efae-49eb-a118-54aa418de6c2

http://social.technet.microsoft.com/Forums/en/exchange2010/thread/7a01b11e-7072-442b-bb27-fe56ebdd8ba3

However what I still could not figure out is, will impersonation can work with IMAPS (SSL) or not

Comments

This looks like this enables the legacy Exchange 2003 impersonation method, not the Exchange 2010 I described above. Is that correct?

In any case, SSL shouldn't make a difference, it's just a transparent security layer over which the IMAP protocol runs.

---

Well I do not think anything has changed in 2010 as well.. check this link

http://social.technet.microsoft.com/Forums/en/exchangesvrgeneral/thread/8c8b4605-efae-49eb-a118-54aa418de6c2

Can you tell me from where did you get the idea of a NULL character in the login string of exch 2010 ?

Answer 3

Thanks for the links, I'm sure other users will find them useful as well!

The idea of using the NULL character comes from RFC 2595 (page 8), a document that defines PLAIN authentication mechanism for IMAP, POP3 and SMTP.