I'm absolutely new to C#.
I'd like to write simple tray application that will check mail mailboxes for new mail. No extra functionality needed. Except maybe for opening a browser for specific account.
So far i tried TcpClient() and raw IMAP commands, but looks like i'm not allowed to:
* OK Gimap ready for requests from 80.235.87.101 k8mb64099440een
* NO [WEBALERT https://accounts.google.com/ContinueSignIn?sarp=1&scc=1&plt=AKgnsbvKabQnjALUA3Xdbjo28....Fgf4FIEg_33cqJJiB96NNrV8F_0MrM5A] Web login required.
tag NO [ALERT] Please log in via your web browser: http://support.google.com/mail/accounts/bin/answer.py?answer=78754 (Failure)
Then, I went to Google Developer Console, created a project, enabled Gmail API. But, the moment I saw quota limits, I started to ask myself - how would I go about releasing an open source app if there are operation quotas?
So the first question: is Gmail API there for business google accounts?
Secondly, is there any example on how could I just auth to check my private email to see if there are new messages or not?
Thank you.
On the quota issue
The default quota limits are pretty high and largely to protect Google infrastructure. They can be raised by filing out the request. IMAP has similar limits just not documented as clearly.
If you use the Gmail API with history.list() to poll for updates it'll be more efficient/cheaper than with IMAP. Should easily support hundreds of thousands of users of said app.
That said, oauth2 for installed apps (Gmail API or IMAP or anything) has a clear deficiency in that anyone that installs the app can basically make calls and eat up quota. Thunderbird and other open-source things (even those that use IMAP with oauth2) have similar problems...
first question
yes, Gmail API is for business google accounts (Apps for Work) as well as normal user #gmail.com accounts.
second question
there are quickstarts for a number of languages including c#
https://developers.google.com/gmail/api/quickstart/
that should get you through the basics (auth, setting up API). you may need to look at the java/python quickstarts if something isn't covered as extensively in the C# docs. for checking for updates on a mailbox see this guide:
https://developers.google.com/gmail/api/guides/sync
For accessing Gmail details via code you need to allow access to emails by enabling pop3 or IMAP settings in your account Screen shot for enabling POP# or IMAP settings in Gmail account
Turn On Access for less secure apps in the Gmail account.
Enable for less secure app by clicking on to the following link
https://support.google.com/accounts/answer/6010255?hl=en-GB
Then , you wont get error such as " NO [WEBALERT ....] "
Related
How do third party mailapps like samsung email and many others get access to exchange data without being registred as a application in the azure ad?
Every guide about exchange authentification (OAuth) i found online had the requirement to register your application in the azure active directory before it can be used to read mails etc. But if that's the case, how do widespreaded mailapps like samsung deal with this problem? They are never listed as an registerted application, yet they have full access on your mails, calendar etc. In real-time too.
I try to solve this with an app that is written in c# using the .net framework. I dont know if that is already a problem in that regard.
How do third party mailapps like samsung email and many others get
access to exchange data without being registered as a application in
the azure ad?
Samsung have their own Azure Application registration that must be consented to its generally done once by the tenant admin.
There is a good reason for the consent framework to allow both control of what applications can access data but also to allow for the correct auditing of the access. If you want to know what App registration a particular mail client is using just look at the Azure Signin logs. Another recent case was around this Apple's mail app see https://practical365.com/microsoft-auto-update-apple-mail-app-profiles/
I have a Windows Service which currently sends emails of office 365 users using their email and password via the older smtp method.
Microsoft is turning this ability off very soon.
Currently I use mailkit and c# within a windows service
The only details I have are the users smtp username and password
My app has no user interaction ability as it runs on another box
I have read many ways about how to send email with oauth2 and ms and it seems a lot of people do it differently, and their is no clear path. I have seen such as using ms azure registered applications and different azure library's.
So my question is, what is the easiest route to take regarding a new non user inactive service being able to still send email on behalf of a user.
Most of the users I deal with are not able to setup up azure and it's products as their are small companies with limited it support.
I feel like I have perhaps gone down the wrong path of trying to use azure graph
So what is the correct, most similar to smtp and simple route to recreate a simple email sending windows service using c#
Thank you for your time in reading this
As far as I know Microsoft usually recommends the use of the GraphApi for this stuff.
The preferred way would be to use delegated permissions, i.e. your application has the permission to send an email in the name of the logged in user. If I understood you correctly that is not an option for you because you want to send the mails from a non-interactive background service.
That means that you application itself needs the permission to send an email in any users name. Obviously this is a much broader permission and you should think about if you really want to do it this way. Also, if you are in some kind of corporate context, you might also have to involve and get consent from the data protection officer or the like.
On the technical side such a permission is called an "application permission" thus you need the Mail.Send application permission which requires admin consent i.e. not the individual users of your application decide if they what to give you permission to send mail in their name (this would be delegate permissions) but an AAD admin has to consent for all of them at once.
See https://learn.microsoft.com/en-us/graph/api/user-sendmail?view=graph-rest-1.0&tabs=http#permissions
and https://learn.microsoft.com/en-us/graph/permissions-reference#application-permissions-38
I've read some related questions, but they are not 100% related, as the requirements vary a bit.
I have a .NET5 web application, some kind of custom CRM for the company I work in.
We have multiple users (employees, my colleagues), which can create quotations, etc.
Also, they can send these quotations to customers. Every user has its email account name attached to it.
The current way this application works is that I've created and enabled Gmail API for each email account, and authorized it, by myself, manually.
The problem is that every time we need to add a new user (new employee for instance) - I need to enable Gmail API of his email account (company's one, but it doesn't matter), add the credential file and token manually to the server, authenticate it, and only then - the application can use the email.
I know that there are many sites (like Monday, etc) - that have automations and integrations with Gmail, and any time I want some integration - I get notified with the OAuth screen, and approve it. I want the same thing in my application.
I understand that I have to create some kind on "Gmail global credential", which will be "added" with account tokens or something like that (every app user will oauth and allow access)?
Just can't find the correct documentation for it.
My backend is written in Blazor Server, .NET5.
I would appreciate if one could explain the main stages of this procedure.
Thanks!
I'm writing a desktop application that can access GMail via IMAP. But I'm not sure if I implemented OAuth correctly.
MailKit says I should use a Service Account (https://github.com/jstedfast/MailKit/blob/master/FAQ.md#GMailOAuth2)
But Google says a Service Account should only be used if a Service wants to access it's own data, not the data of the user. Also I don't know how a different user can login in my application then.
I also found this tutorial and it's working for me (https://www.limilabs.com/blog/oauth2-gmail-imap-installed-applications)
But I don't know if it's a good practice. I can't hide the "ClientSecret" if I want do deploy my application. How to solve this? Also the user has to copy the auth key manually from the browser into the application.
Can someone suggest a quick, but state of the art solution? I'd like to build a Mail application and not an Oauth application ):
I have created a dummy mail to create Empty Label in Google APPs mail.
Now I want to remove this dummy mail after label is created?
How can I do that?
Take the following with a grain of salt. This is far outside my own experience, but I have to take a crack at that bounty!
A cursory look at the available Google APIs tells me that you're out of luck for doing this programmatically with their APIs. But I may be looking at the wrong set of APIs.
What you can do is delete mail through IMAP. How IMAP functions apply to Gmail is given here
How to setup IMAP for google apps/gmail here
Unfortunately, there doesn't appear to be a way to set that setting for an entire domain. If that's a problem, then you may have to use some kind of web automation product. And if you're really crazy, you could roll your own simple automaton that does only the required clicking (fill in username and password, then two clicks to enable imap).
So if you can manage to set up IMAP on the accounts that have the dummy mail, and have a way to get the username and password of each afflicted account, then you can use an IMAP library for .NET to delete them. See:
Accessing Imap in C#
using c# .net librarires to check for IMAP messages from gmail servers
Seems like it ought to be simpler, right? Sad face.