Share via


MYTH: CDO 1.21's Session.Logon parameter "profilePassword" actually does something...

...I'm back from a happy holiday vacation; I hope yours was happy too. Below is one of my favorite questions about CDO 1.21 because it gets asked a fair amount and the answer is simple, frustrating, and a little embarrassing for me as an MS employee. I haven't yet delivered this answer without a sheepish smile on my face...

The question is...

"I'm trying to access UserB's mailbox via CDO 1.21 using the following code in a process running as UserA...

Dim objSession

Set objSession = CreateObject("MAPI.Session")

objSession.Logon , "password", false, true, , true, "serverName" + vbLf + "UserB"

...however, I keep getting a password challenge to which I supply the same password in the code above and only then does it access UserB's mailbox. What gives?!"

And here is the answer...

https://msdn.microsoft.com/library/default.asp?url=/library/en-us/cdo/html/2e5e5030-9478-46e8-8271-27266ac44ec6.asp

“profilePassword

Optional. String. Specifies the profile password. To prompt the user to enter a profile password, omit profilePassword and set showDialog to True. The default value is an empty string. The profilePassword parameter is ignored on all Win32 platforms.”

While this parameter still exists and is documented and looks like what you want, the last sentence spells out in so many words that this parameter is no good for you anymore.

Resolution...

You need to run your process as an account that has permission to the mailboxes you wish to access. In other words if you want to access UserB’s mailbox using CDO 1.21 then the process needs to run as UserB or some kind of service account with permissions to UserB’s mailbox and then use…

objSession.Logon , , false, true, , true, "serverName" + vbLf + "UserB"

Comments

  • Anonymous
    January 10, 2007
    To clarify, the password was never of any use. It's part of a feature that nobody ever used in MAPI - the ability to password protect profiles. The idea may have made sense back in the 9x days (when any user on a machine had physical access to all data on the machine), but with NT, it made much more sense not to protect the profiles and just let NT credentials handle access to mailboxes.