| Author |
Message |
Guest
|
 Posted:
Thu Jan 20, 2005 9:11 pm Post subject:
WebDAV security when creating or updating calendar appointme |
|
|
In an application we are developing we use WebDAV to create Outlook
calendar appointments on the Exchange server. The problem we are
facing involves security. We want the application to be able to add to
any account, but view, edit and delete only the items it creates.
The program can create appointments with a WebDAV call using a super
user account that has a custom permission level with the following:
Create items - Checked
Read items - Unchecked
Folder visible - Checked
Edit items - Own
Delete items - Own
With this setup the account cannot view any existing calendar
appointments but should be able to delete anything it created.. right?
It doesn't. The WebDAV call ( HTTPRequest.GetResponse() ) returns with
a 401 unauthorized.
If I change the Read items to Checked the program runs fine, but now
the account has access to view all the calendar appointments, even the
ones it didn't create (a possible security risk).
Is there any way to set the security permissions so that it can only
create appointments and edit/delete appointments it creates?
If not using WebDAV then what interface to use?
|
|
| Back to top |
|
 |
Michael
Guest
|
| Posted:
Thu Jan 20, 2005 10:25 pm Post subject:
Re: WebDAV security when creating or updating calendar appoi |
|
|
You have to set securty descriptor property.
Property name: descriptor
Property namespace: http://schemas.microsoft.com/exchange/security/
Read more in Exchange SDK documentation
Michael
-------------------------------
If you need WebDAV API for Exchange server,
use our component WebDAV .NET for Exchange.
Check out http://www.independentsoft.com
<timothy.r.platt@gmail.com> wrote in message
news:1106233871.782668.272070@z14g2000cwz.googlegroups.com...
| Quote: | In an application we are developing we use WebDAV to create Outlook
calendar appointments on the Exchange server. The problem we are
facing involves security. We want the application to be able to add to
any account, but view, edit and delete only the items it creates.
The program can create appointments with a WebDAV call using a super
user account that has a custom permission level with the following:
Create items - Checked
Read items - Unchecked
Folder visible - Checked
Edit items - Own
Delete items - Own
With this setup the account cannot view any existing calendar
appointments but should be able to delete anything it created.. right?
It doesn't. The WebDAV call ( HTTPRequest.GetResponse() ) returns with
a 401 unauthorized.
If I change the Read items to Checked the program runs fine, but now
the account has access to view all the calendar appointments, even the
ones it didn't create (a possible security risk).
Is there any way to set the security permissions so that it can only
create appointments and edit/delete appointments it creates?
If not using WebDAV then what interface to use?
|
|
|
| Back to top |
|
|
Guest
|
| Posted:
Sat Jan 22, 2005 12:37 am Post subject:
Re: WebDAV security when creating or updating calendar appoi |
|
|
Does anyone know if the security descriptor can be set when the item is
created, or does it have to be done after the fact ?
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in