This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hello Microsoft Team,
I have the following goal: We want to send a message in a "One-to-One" Teams chat from an ASP .Net Core application. For this, we intended to use the Graph API and have created the following example based on the documentation:
Code Example:
using Azure.Identity;
using Microsoft.Graph.Models;
using Microsoft.Identity.Client;
namespace TeamsExampel
{
public class TestTeamsMessage
{
private string TENANT_ID = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
private string APP_CLIENT_ID = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
private string APP_CLIENT_SECRET = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
private string SERVICEACCOUNT = "******@anaxco.de";
public async Task SendTeamsMessage()
{
await SendMessageAsync("******@anaxco.de", "This is a test message");
}
private async Task<object> SendMessageAsync(string receiverEmail, string message)
{
var scopesChat = new List<string> { "https://graph.microsoft.com/.default" };
var options = new ClientCertificateCredentialOptions
{
AuthorityHost = AzureAuthorityHosts.AzurePublicCloud
};
try
{
var clientSecretCredential = new ClientSecretCredential(TENANT_ID, APP_CLIENT_ID, APP_CLIENT_SECRET, options);
var graphClient = new Microsoft.Graph.GraphServiceClient(clientSecretCredential, scopesChat);
var userReceiver = await graphClient.Users[receiverEmail].GetAsync();
var userService = await graphClient.Users[SERVICEACCOUNT].GetAsync();
if (userReceiver == null)
{
return $"User {receiverEmail} not found.";
}
var newChat = new Chat
{
ChatType = ChatType.OneOnOne,
TenantId = TENANT_ID,
Members = new List<ConversationMember>
{
new AadUserConversationMember
{
TenantId= TENANT_ID,
UserId =userService.Id,
Roles = new List<string> { "owner" },
AdditionalData = new Dictionary<string, object>
{
{
"******@odata.bind" , $"https://graph.microsoft.com/v1.0/users('{userService.Id}')"
},
},
},
new AadUserConversationMember
{
TenantId= TENANT_ID,
UserId= userReceiver.Id,
Roles = new List<string> { "owner" },
AdditionalData = new Dictionary<string, object>
{
{
"******@odata.bind" , $"https://graph.microsoft.com/v1.0/users('{userReceiver.Id}')"
},
},
}
},
};
var createdChat = await graphClient.Chats.PostAsync(newChat);
ChatMessage msg = new ChatMessage()
{
CreatedDateTime = DateTime.Now,
ChatId = createdChat.Id,
From = new ChatMessageFromIdentitySet
{
User = new Identity
{
Id = userService.Id,
DisplayName = userService.DisplayName,
}
},
MessageType = ChatMessageType.Message,
Body = new ItemBody
{
ContentType = BodyType.Html,
Content = message
}
};
var chatresult = await graphClient.Chats[createdChat.Id].Messages.PostAsync(msg);
return chatresult;
}
catch (Exception ex)
{
return ex;
}
}
}
}
Permissions:
We have configured the ASP .Net Core application with the appropriate Application permissions according to the documentation.
Error Message:
We are receiving the following error message when we run the code:
HTTP Status Code 403, InsufficientPrivileges
We’ve been unable to create a working example based on the documentation. We would greatly appreciate your assistance in resolving this issue.
Thank you in advance!
Hi @Carsten Cors
Application permissions are typically used for data migration (importing messages from third-party platforms) rather than sending messages.
To send messages, you should use delegated permissions instead.
Hope this helps.
If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.
Hi CarlZhao-MSFT,
Thank you for your quick response. However, this doesn't align with our goals. We need to ensure that the ASP.NET application allows for a non-interactive sign-in. The objective is for the application to send a message to users in the organization during specific events, which should then be displayed in the Teams chat.
If this isn't possible through the Graph API, we would appreciate it if you could suggest alternative solutions.
Maybe you can try using the ROPC flow instead, which requires you to hardcode the user's password on the backend without having to interact in the browser.
Okay, I'll give that a try. However, I assume that for the hardcoded account, the two-factor authentication should be disabled?
Yes, MFA must be disabled for hardcoded accounts.
Hi @Carsten Cors
Is there anything else I can help you with regarding this issue? If you still need further help, please feel free to let me know. If your question has been solved, then you can click "Accept Answer", which may help members with similar questions find the answer easily. Thank you very much!