Send email using latest Graph client package

Question

Send email using latest Graph client package

lakshmi 821

We are using a multi tenant application.

App registration is created in Tenant A and the same bot application is used by Tenant B customers also.

So we want to use the same app registration for Tenant B also to send email.

It was working till the graph client version 4 using the sign in process. We will get the token when user sign in and if its a different tenant user, then it will ask for accepting the app registration and valid token will be created.

We have used the same token to create the graph client in the latest nuget version and we were getting unauthorized error

Same can we achieve using the application permission

Or can we use the below code in the document, https://learn.microsoft.com/en-us/graph/sdks/choose-authentication-providers?tabs=csharp#on-behalf-of-provider

// Multi-tenant apps can use "common",
// single-tenant apps must use the tenant ID from the Azure portal
var tenantId = "common";
// Value from app registration
var clientId = "YOUR_CLIENT_ID";
var authenticationProvider = new BaseBearerTokenAuthenticationProvider(
    new IntegratedWindowsTokenProvider(clientId, tenantId));
var graphClient = new GraphServiceClient(authenticationProvider);
return graphClient;

CarlZhao-MSFT 46,431 Reputation points

2024-07-11T09:22:43.68+00:00

Are you using OBO flow? But I don't see you passing the middle tier token.
lakshmi 821 Reputation points

2024-07-12T10:03:28.7133333+00:00
We have used the below code to create graph client using the delegated sign in token, and it worked.

private GraphServiceClient GetAuthenticatedClient(string token) { // Use Azure.Identity to get the token var tokenCredential = new DelegatedTokenCredential(token); var scopes = new[] { "https://graph.microsoft.com/.default" }; return new GraphServiceClient(tokenCredential, scopes); }

Would it be possible to use the above code , "Multi-tenant apps can use "common"," for creating token by ourselves using the app registration id and tenant id and use that token for different graph operations. So that we can avoid the extra user interference for sign in

1 answer

Your answer

CarlZhao-MSFT 46,431 Reputation points

2024-07-11T09:22:43.68+00:00

Are you using OBO flow? But I don't see you passing the middle tier token.
lakshmi 821 Reputation points

2024-07-12T10:03:28.7133333+00:00

We have used the below code to create graph client using the delegated sign in token, and it worked.

private GraphServiceClient GetAuthenticatedClient(string token) { // Use Azure.Identity to get the token var tokenCredential = new DelegatedTokenCredential(token); var scopes = new[] { "https://graph.microsoft.com/.default" }; return new GraphServiceClient(tokenCredential, scopes); }

Would it be possible to use the above code , "Multi-tenant apps can use "common"," for creating token by ourselves using the app registration id and tenant id and use that token for different graph operations. So that we can avoid the extra user interference for sign in

Answer 1

CarlZhao-MSFT 46,431

Hi @lakshmi

Do you mean to create an unattended application context using the "common" endpoint?

Then the answer is "no", application contexts do not support "common" endpoints, only "tenant_id" endpoints. The "common" endpoints are only available for delegated contexts to log in users from different tenants.

Hope this helps.

If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.

Share via

Send email using latest Graph client package

1 answer

Your answer