Really getting frustrated at this. My company is using Outlook 365 for its Exchange services. I am trying to automate sending of exception emails from the client via exchange. However all of the literature on the subject seems to show that I have to provide a NetworkCredential with plain text username/passwords somehow. I am hoping to connect using the logged in user's account.
From an infrastructure point of view, I understand that Office 365 is authenticating users via ADFS, which is why bog standard negotiate is not working. It would also make sense that this is why I need the plain text password. However it would seem to me that there should be no reason why Kerberos style auth would not work.
In summary, is there some programmatic way to send emails via Outlook 365 without encoding privileged information into the application either the source or the config?
Thanks
Generally, if you can login to the Office 365 Live with Internet Explorer without providing username\password than you should be able to get the NetworkCredintials for the currently logged in user with CredentialCache.DefaultCredentials.
Related
I have a Windows Service which currently sends emails of office 365 users using their email and password via the older smtp method.
Microsoft is turning this ability off very soon.
Currently I use mailkit and c# within a windows service
The only details I have are the users smtp username and password
My app has no user interaction ability as it runs on another box
I have read many ways about how to send email with oauth2 and ms and it seems a lot of people do it differently, and their is no clear path. I have seen such as using ms azure registered applications and different azure library's.
So my question is, what is the easiest route to take regarding a new non user inactive service being able to still send email on behalf of a user.
Most of the users I deal with are not able to setup up azure and it's products as their are small companies with limited it support.
I feel like I have perhaps gone down the wrong path of trying to use azure graph
So what is the correct, most similar to smtp and simple route to recreate a simple email sending windows service using c#
Thank you for your time in reading this
As far as I know Microsoft usually recommends the use of the GraphApi for this stuff.
The preferred way would be to use delegated permissions, i.e. your application has the permission to send an email in the name of the logged in user. If I understood you correctly that is not an option for you because you want to send the mails from a non-interactive background service.
That means that you application itself needs the permission to send an email in any users name. Obviously this is a much broader permission and you should think about if you really want to do it this way. Also, if you are in some kind of corporate context, you might also have to involve and get consent from the data protection officer or the like.
On the technical side such a permission is called an "application permission" thus you need the Mail.Send application permission which requires admin consent i.e. not the individual users of your application decide if they what to give you permission to send mail in their name (this would be delegate permissions) but an AAD admin has to consent for all of them at once.
See https://learn.microsoft.com/en-us/graph/api/user-sendmail?view=graph-rest-1.0&tabs=http#permissions
and https://learn.microsoft.com/en-us/graph/permissions-reference#application-permissions-38
This isn't a code specific question, but more of a general question regarding OAuth2. I maintain a system that for the past 20+ years has been able to easily connect to any SMTP enabled email server, then send an email (only requiring authentication info and a server path). This email account is always system related, and isn't specific to one user, such as support#.
With GMail and Office365 (and other major email providers) dropping support for SMTP direct sends, I have been learning OAuth2. With all the reading I've done, OAuth2 is very email server specific (or so it seems). But from a systems standpoint, I need to be able to send support email regardless of whom is logged into the system, and regardless of what email host, with no authentication popups.
Is a single solution even possible with OAuth2? Will I need to code for every email provider differently? (GMail, Office365, etc) (I can currently get an authorization token from Office 365, but it seems very specific to Office 365) I have yet to figure out how to actually send an email through Office365 with my OAuth2 token, since MailKit doesn't seem to support OAuth. Is there a single protocol that will allow me to send an OAuth2 token through any email host?
I understand how SMTP direct send has been abused for a long time, but replacing it sucks.
I've a web application where i have used office 365 login (for sharepoint) to authenticate the user and then redirect to my web application.
Now i want to access the logged in office 365 user's calendar and add events, get list of calendars etc.. I've looked into office 365 API but it uses OAuth2 authentication which i don't want to go for.
So i went for ExchangeService API but it needs the NetworkCredentials of the user, which means i have to add the username and password for each user, which is not possible.
Is there any way i can use the logged in office 365 user's details and access the calendars and events?
The best way to access Office365 resources like mailboxes, calendars, contacts etc. is by using Microsoft Graph.
There are many SDK and code samples to start developing with Graph API. Here is a guide for ASP.NET MVC app.
I'm trying to use the Office 365 api inside a Windows Service to link e-mails to in-house projects.
I've been able to authenticate myself using the Office 365 API documentation
Although I have some problems/questions.
First problem:
await outlookClient.Me.Folders["inbox"].Messages.ExecuteAsync();
Isn't working for me, I don't get any response, even after 5 min...
Another question is:
Is it possible to never ask for the office365 credentials when starting the program?
Because this is running in a windows Service.
Did anybody successfully implement this?
If so: Is it possible to get a full working example?
I've been trying different things now, but much examples are for asp.net of other where an authentication is always required.
I haven't done a service specifically, but it should work if you use the client credential auth flow.
That flow would give you the unattended scenario you want for a service. However, there does have to be consent at some point. The way it works with client credential flow is you would have a signup web page. An administrator from the Office 365 org would go that page and login and grant consent to your app. This would be a onetime thing. Your app would then be able to get a token silently that grants access to all mailboxes in the organization.
I'm absolutely new to C#.
I'd like to write simple tray application that will check mail mailboxes for new mail. No extra functionality needed. Except maybe for opening a browser for specific account.
So far i tried TcpClient() and raw IMAP commands, but looks like i'm not allowed to:
* OK Gimap ready for requests from 80.235.87.101 k8mb64099440een
* NO [WEBALERT https://accounts.google.com/ContinueSignIn?sarp=1&scc=1&plt=AKgnsbvKabQnjALUA3Xdbjo28....Fgf4FIEg_33cqJJiB96NNrV8F_0MrM5A] Web login required.
tag NO [ALERT] Please log in via your web browser: http://support.google.com/mail/accounts/bin/answer.py?answer=78754 (Failure)
Then, I went to Google Developer Console, created a project, enabled Gmail API. But, the moment I saw quota limits, I started to ask myself - how would I go about releasing an open source app if there are operation quotas?
So the first question: is Gmail API there for business google accounts?
Secondly, is there any example on how could I just auth to check my private email to see if there are new messages or not?
Thank you.
On the quota issue
The default quota limits are pretty high and largely to protect Google infrastructure. They can be raised by filing out the request. IMAP has similar limits just not documented as clearly.
If you use the Gmail API with history.list() to poll for updates it'll be more efficient/cheaper than with IMAP. Should easily support hundreds of thousands of users of said app.
That said, oauth2 for installed apps (Gmail API or IMAP or anything) has a clear deficiency in that anyone that installs the app can basically make calls and eat up quota. Thunderbird and other open-source things (even those that use IMAP with oauth2) have similar problems...
first question
yes, Gmail API is for business google accounts (Apps for Work) as well as normal user #gmail.com accounts.
second question
there are quickstarts for a number of languages including c#
https://developers.google.com/gmail/api/quickstart/
that should get you through the basics (auth, setting up API). you may need to look at the java/python quickstarts if something isn't covered as extensively in the C# docs. for checking for updates on a mailbox see this guide:
https://developers.google.com/gmail/api/guides/sync
For accessing Gmail details via code you need to allow access to emails by enabling pop3 or IMAP settings in your account Screen shot for enabling POP# or IMAP settings in Gmail account
Turn On Access for less secure apps in the Gmail account.
Enable for less secure app by clicking on to the following link
https://support.google.com/accounts/answer/6010255?hl=en-GB
Then , you wont get error such as " NO [WEBALERT ....] "