Send Mails via Microsoft Graph

ramomJr · June 5, 2022, 1:52pm

Hi,

After Microsoft announced to disable Basic Authentication this year in October for Exchange Online, I am looking for a solution to continue sending mails with Aspose.Email and an Exchange Online. I came across this blog article: https://blog.aspose.com/2022/04/18/create-and-send-messages-using-microsoft-graph-api-in-csharp/

But when I pretend exactly like this I get this error message (anonymized):

Server error Status: InvalidAuthenticationToken
Description: CompactToken parsing failed with error code: 80049217
Details:
“>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>”

POST: https://graph.microsoft.com/v1.0/me/sendMail

Authorization: Bearer XXXXX
Content-Length: 332
Content-Type: application/json
Accept: application/json

{“message”:{“body”:{“content”:“EMAILNET-39318 REST API v1.0 - Create Message”,“contentType”:“Text”},“sender”:{“emailAddress”:{“address”:“rightMailadress@tld.de”,“name”:“Testname”}},“subject”:“EMAILNET-39318 XXXXX”,“toRecipients”:[{“emailAddress”:{“address”:“test@test.de”,“name”:""}}]}}

StatusCode: Unauthorized
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000
request-id: XXXX
client-request-id: XXXX
x-ms-ags-diagnostic: {“ServerInfo”:{“DataCenter”:“Germany West Central”,“Slice”:“E”,“Ring”:“5”,“ScaleUnit”:“001”,“RoleInstance”:“XXXX”}}
WWW-Authenticate: Bearer realm="", authorization_uri=“https://login.microsoftonline.com/common/oauth2/authorize”, client_id=“00000003-0000-0000-c000-000000000000”
Date: Sun, 05 Jun 2022 13:47:29 GMT
Content-Type: application/json

{“error”:{“code”:“InvalidAuthenticationToken”,“message”:“CompactToken parsing failed with error code: 80049217”,“innerError”:{“date”:“2022-06-05T13:47:30”,“request-id”:“XXXXX”,“client-request-id”:“XXXXX”}}}
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

tahir.manzoor · June 6, 2022, 6:49am

@ramomJr

The Imap/Pop3/Smtp clients are already support OAuth authentication. You may use it as soon as MS implements support of OAuth for these protocols.

You can use modern authentication and Aspose.Email does support it. Please read the following article for more detail.
Access Mail Services using OAuth

ramomJr · June 6, 2022, 2:04pm

Hello,

thank you for the tip. But for the solution presented there, the password of the client is needed. Is there also a more privacy friendly version where the user does not have to enter the password, but can be fetched via the NetworkCredentials?

tahir.manzoor · June 6, 2022, 5:17pm

@ramomJr

Please read the following detail to achieve your requirement.

How To Enable or disable modern authentication

To use modern authentication, make sure that it is enabled. Modern authentication is enabled by default in Exchange Online. For tenants created before August 1, 2017, modern authentication is turned off by default.
In the Microsoft 365 admin center at https://admin.microsoft.com, go Settings > Org Settings > Modern Authentication. In the Modern authentication flyout that appears, you can identify the protocols that no longer require Basic authentication.
For new Office 365 tenants in Azure, Basic Authentication is disabled by default for all applications. In this case, the text will be displayed in this section.

Your organization has security defaults enabled, which means modern authentication to Exchange Online is required, and basic authentication connections are blocked. You must turn off security defaults in the Azure portal before you can change any settings here.

You can enable Basic Auth support for tenant from the Azure portal (Azure Active Directory → Properties → Manage Security defaults → Enable Security defaults = No ).
For more information, see the documentation on Enable or disable modern authentication for Outlook in Exchange Online | Microsoft Learn

How To use modern authentication with EwsClient

To use modern authentication with EwsClient the following is required:

App registration with Azure Active Directory.
Adding code to get an authentication token from a token server.
Using the token to authenticate.

Note: There are two types of permissions that can be used to access EWS. Choose a specific type of permission, depending on the app you are creating:

Delegated permissions are used by apps that have a signed-in user present. For these apps, either the user or an administrator consents to the permissions that the app requests. In other words, when you connect to the service, a dialog window will appear to enter username and password. App can never have more privileges than the signed-in user.
Application permissions are used by apps that run without a signed-in user present, for example, apps that run as background services or daemons. Only an administrator can consent to application permissions.

Refer to Microsoft documentation for more information: https://docs.microsoft.com/en-us/exchange/client-developer/exchange-web-services/how-to-authenticate-an-ews-application-by-using-oauth

App registration with Azure Active Directory

The registration procedure depends on the type of permission selected. To register your app, refer to the Microsoft documentation:

docs.microsoft.com

Authenticate an EWS application by using OAuth

Learn how to use OAuth authentication with your EWS Managed API applications.

You can download full code examples to use modern authentication with IMAP and SMTP clients.
EWSModernAuthenticationImapSmtp.zip (3.9 KB)

To use different permission types of modern authentication with EWS client, you can get code example here:

With Delegated authentication - EWSModernAuthenticationDelegated.zip (3.6 KB)

With Application authentication - EWSModernAuthenticationApp.zip (3.4 KB)