Hi, can your library help with sending out of emails via an Office 365 account that has modern authentication switched on? My current solution which uses the standard net libraries can no longer send email via a users mailbox because the client has turned on MFA. MFA appears to be 2FA so there is a need to send an application password rather than the user’s password
@msutherland25,
If you mean OAuth2, please look at the article: Microsoft Graph Utility Features.
Otherwise, please describe more details about the issue.
Thank you. I am referring to using the dot net (winforms) version of Aspose.Email and there appears to be no mention of MS Graph in that? Is all this really necessary to send emails via a mailbox that uses MFA? Seems hugely tedious!
Would it not be easier to use EWS or EAS to get round the MFA? If MS had forced MFA on these protocols then most smartphones would stop working as well?
@msutherland25,
Unfortunately, Aspose.Email does not support MFA. I have logged the issue in our tracking system with ID EMAILNET-40179 to consider implementing such a feature.
@msutherland25,
Our development team investigated your requirements. Unfortunately, we do not plan to support MFA in Aspose.Email. MFA is based on the following forms of verification:
- Microsoft Authenticator app
- OATH Hardware token (don’t confuse with OAuth)
- SMS
- Voice call
EWS client performs authentication every time when a request occurs to the server. Sometimes, invocation of a method in the EWS client may lead to multiple server requests, so it also will be lead to multiple authentications. As you understand in this case, software can’t implement authentication over SMS, hardware token, voice call or some similar method. That’s why when Microsoft introduced modern authentication methods, it also presented OAuth authentication. This is also the modern authentication method just like MFA but OAuth is more acceptable for EWS.
OAuth has been implemented for our clients which works over EWS, IMAP, POP3 and SMTP. Also, Microsoft provided the capability to work with passwords for applications when MFA is used, and OAuth is not acceptable. In this case (when MFA is enabled), you have to create an “app password” that will be used only for your application (EWS/IMAP/some else).