You know, setting up an intranet to use windows authentication SHOULD be easy. And actually it is, you just set authentication="windows", impersonation to true, set up the browsers correctly so that they see the server as part of the intranet so it will automatically send the credentials (and God help you if you're using IE and the settings get corrupted. You'll have to reset everything to the factory defaults.), etc. It gets a bit more complicated though when you want to set up your intranet site such that people can access their exchange/outlook accounts. At that point you need to set up Kerberos on your intranet.
I'm not going to go over how to do that since this article describes it fairly well. There are a few things that you'll need to do if you're using a newer version of IIS though (namely set it up for constrained delegation, which just requires picking that option, finding your exchange server, and picking http from the list of services if you're going to be doing WebDAV calls against it). But to be honest, that's all there is to it... Well you might also need to set up the SPN for the intranet server properly (HOST/server name that people use to get to it). Because if that isn't set up, then the browser wont trust the server and it wont send the info... But that's about it.
Anyway, once you get past all of that you may want to do some simple queries against the Exchange server that you just spent a couple hours getting set up... And if you're using the code that I provide on my site (or potentially your own), most likely you'll run into an issue. Mainly the code I have (and that is used most often out there) wasn't set up for windows authentication (it assumed that you knew the user name and password). However there is an easy fix. The network credential cache needs to have a couple entries switched:
System.Net.CredentialCache MyCredentialCache = new System.Net.CredentialCache();
MyCredentialCache.Add(new System.Uri(uri)
"Negotiate",
(System.Net.NetworkCredential)CredentialCache.DefaultCredentials);
You'll notice two changes the second item when we're adding to the credential cache is normally NTLM. We've switched it to Negotiate (basically telling the system that we're going to be using Kerberos). The third item in the add function is no longer a new networkcredential object containing our user name and password. Instead it uses the default credentials. The reason for this is fairly simple. The DefaultCredentials contains the current user's information. That's all that needs to change in our bit of code. So hopefully this little bit of code will help someone out as it took me a bit to track down what my issue was (I didn't change from NTLM to Negotiate)...
Also, in other news I've moved my utility library over to CodePlex. I also ended up adding a few bits of code, including classes to help with:
-
Serialization
-
File management
-
HTML, added functions to dump request/response variables
-
XMDP
-
OPML
-
Active Directory queries
-
Exchange queries
-
iCalendar/Appointment management in Exchange
-
APML
-
hCalendar
-
hCard
Plus a couple of other bits here and there. I'm also trying to improve the structure a bit and try to make things a bit more logical. So hopefully it will help someone out. Anyway, try it out, leave feedback, and happy coding.