Home > Software engineering >  How to send mail using O365 mailbox without user interaction via Azure application registration
How to send mail using O365 mailbox without user interaction via Azure application registration

Time:11-07

As we know, Microsoft has stopped basic authentication for all of its services. Now we need to use modern authentication.

A few years ago, I developed (in C#) a service that ran on a Windows server and sent emails automatically. I was using SMTP with basic authentication (login password). The implementation was very simple and the program worked like a charm. Now that's another story. I have to use OAuth2 and since the program is a service the authentication has to be done without user interaction.

I contacted our O365 expert who simply created an application in Azure. Nothing more... I have to deal with that. He gave me this information (obviously the information is hidden):

TenantID: xxxxxxxx CLientID: xxxxxxx ClientSecret: xxxxxxx SecretID: xxxxxxxx

What is strange here is that I don't see any link with the mailbox I use to send emails.

Also I asked him to make me a screenshot with the permissions configuration in Azure. Screenshot

What I want to do is simple. I just want to send mails using the mailbox that I used with the SMTP protocol. I don't want to do anything else, just send.

I tried the code below (in VB.NET) and I do get a token.

Dim credentials = New ClientSecretCredential(tenantID, clientID, clientSecret, New TokenCredentialOptions With {.AuthorityHost = AzureAuthorityHosts.AzurePublicCloud})
Dim graphServiceClient As New GraphServiceClient(credentials)

After I used this code to send an email (variables are initialized with the correct values) :

        Dim mailMessage = New Message With {
                    .Subject = subject,
                    .Body = New ItemBody With {
                        .ContentType = BodyType.Html,
                        .Content = message
                    },
                    .ToRecipients = toRecipients,
                    .CcRecipients = ccRecipients
                }
        ' Send mail as the given user. 
        graphServiceClient.Users(fromAddress).SendMail(mailMessage, True).Request().PostAsync().Wait()

But I get an error:

enter image description here

Apparently I don't have the right to use the email address that is in the 'fromAddress' variable.

I can understand it because as I said at the beginning, what link can the application registered in Azure have with the mailbox that I want to use to send an email?

This is where I arrived. And there, I turn around.

If anyone could help me and point me in the right direction...

Thank you all.

CodePudding user response:

It looks like your trying (and want to use) the client credentials flow https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow however you have assigned delegate permissions which won't work. You have to assign Application permissions and consent to them for this to work. App permission give your app permission to send as any user in the tenant if you don't want this or its too broad you can scope that down to particular mailboxes using Application access polices https://learn.microsoft.com/en-us/graph/auth-limit-mailbox-access

CodePudding user response:

---- UPDATE -----

On the good advice of Glen, I asked my O365 administrator to change the permissions : Delegated ---> Application.

Now everything works perfectly.

  • Related