融合应用与旧版注册

您必须通过 https://创建的必须创建的SSO(单点登录)应用程序apps.dev.microsoft.com .在此处创建融合应用程序-允许被许可方使用其Outlook.com帐户或组织帐户(较新的方式)登录.

Converged apps vs Old registrations

The SSO (Single Sign on) app that you had to create, needed to be created through https://apps.dev.microsoft.com. This was where you create the converged apps - which allows the consented parties to sign-in with their Outlook.com accounts or the organizational accounts (which is the newer way).

但是EWS没有使用它. EWS使用的是较早的创建应用程序的身份验证方法，这是您需要通过Azure门户-通过AAD应用程序注册进行的操作.有关EWS身份验证的更多文档，请参见: https://docs.microsoft.com/zh-cn/exchange/client-developer/exchange-web-services/authentication-and-ews-in-exchange

However EWS is not using this. EWS is using the authentication method of older way of creating apps, which is what you need to do through Azure Portal - through AAD App registrations. More documentation on authentication of EWS here: https://docs.microsoft.com/en-us/exchange/client-developer/exchange-web-services/authentication-and-ews-in-exchange

因此，基本上，您检索到的OAuth访问令牌可用于查询Microsoft Graph(作为示例)，但是您不能使用它来调用EWS.

So basically, the OAuth access token which you've retrieved can be used to query Microsoft Graph (as an example) but you can't use that to call EWS.

此创建的一个非常重要的区别是EWS(顾名思义，Exchange Web Services)仅是组织帐户.您不能为Outlook.com用户使用该API.

One very significant difference this creates is EWS is (as the name suggests, Exchange Web Services) is organizational accounts only. You can't use that API for the Outlook.com users.

• 如果您使用的是SSO框架，那么您将被锁定为新的应用程序注册方式.您可以从Outlook.com/或组织帐户对用户进行身份验证.您可以访问Microsoft Graph和其他类似资源-但不能访问EWS.
• 如果要使用EWS，则无法对Outlook.com用户进行身份验证.而且您无法获得可以通过SSO调用EWS的令牌.

• If you're using SSO framework, you are locked to the new way of app registrations. You can authenticate users from Outlook.com / or organizational accounts. You can access Microsoft Graph and other similar sources - but not EWS.
• If you want to use EWS - you can't authenticate Outlook.com users. And you can't get the token which you can call EWS through SSO.

• 使用您检索的访问令牌(如果您请求正确的作用域)，您仍然可以发送邮件-并且您的解决方案也可以与Outlook.com用户一起使用.检查图形API: https://docs.microsoft.com/zh-cn/graph/api/resources/mail-api-overview?view=graph-rest-1.0
• 如果您坚持使用EWS，则可以放弃访问令牌调用并使用makeEwsRequestAsync方法.这将要求您使用JavaScript编写SOAP，但是它可以工作.
• 如果您不喜欢JS中的SOAP(我完全理解)的想法，但仍然想通过C#代码使用EWS，则应该放弃使用SSO框架.而是使用OAuth通过Dialog API通过Dialog API对用户进行身份验证，以对您的AAD应用进行注册(不是融合模型，而是通过Azure门户进行注册)

• With the access token that you retrieve (if you request the correct scopes) you can still send mail - and your solution would also work with Outlook.com users. Check the Graph API: https://docs.microsoft.com/en-us/graph/api/resources/mail-api-overview?view=graph-rest-1.0
• If you insist on using EWS, you can drop the access token call and use the makeEwsRequestAsync method. This will require you to write SOAP in javascript but it works.
• If you dislike the idea of SOAP in JS (which I completely understand) and still want to use EWS through your C# code, you should drop using the SSO framework. Instead authenticate the user through the Dialog API using OAuth against your AAD App registration (Not the converged model, but registration through the Azure Portal)