Building an app to send email using Microsoft Graph API through which different user of different company domain can send email
I am building an application using C# that will send emails using Microsoft Graph API, and I want to enable users from different email domains to send emails. I have registered my application through Azure App registration under multi-tenant option and delegated permission for Microsoft Graph API User.Read and Mail.Send. When someone from another domain tries to send an email using this application, they are prompted to request approval for an access token. I have a few questions:
What happens when the user presses request for approval? Does it trigger an email to the xyz company Azure admin for approval?
Does the xyz Azure admin need to approve the request for the requested user from their Azure AD admin page?
Is Azure Admin access absolutely necessary for this?
What is the best way to handle this scenario? What settings or coding do I need so that different users from different companies (i.e., different domains like xyz.co.in) can send email using my application (registered in Azure AD by my organization azureAdmin@mycompany.co.uk)?
Microsoft Graph
C#
-
Subhasis Ghosh 0 Reputation points
2024-09-30T11:40:22.76+00:00 This is my full question-
I am developing an application using C# that will be able to send email using Microsoft Graph API. My main intention is that using this application, different users from different companies (i.e. different email domains) will be able to send emails.
I am providing details of what I have done till now.
Suppose my company’s email domain is azureAdmin@mycompany.co.uk.
1. The Azure admin of my company has registered an application through Azure App registration under multi-tenant option.
2. As this is a desktop application, we are using Redirect URI as default – https://login.microsoftonline.com/common/oauth2/nativeclient
3. My company’s azure admin (azureAdmin@mycompany.co.uk) is the owner of the application.
4. Delegated permission for Microsoft Graph API User.Read and Mail.Send is added.
5. In the code, I have used clientID from the Azure App registration page and tenantID as common
private static readonly string clientId = "df4f2813-0e13-41c2-a3ae-dfb2f249672f";
private static readonly string tenantId = "common";
private static readonly string[] scopes = { "Mail.Send", "User.Read" };
private static readonly string authority = $"https://login.microsoftonline.com/{tenantId}";
private IPublicClientApplication _pca;
private GraphServiceClient _graphClient;
private AuthenticationResult _authResult;
private List<string> _attachmentFilePaths = new List<string>();
public MainForm()
{
InitializeComponent();
InitializeGraphClient();
}
6. Then I use AcquireTokenInteractive() to acquire token interactively from user.
var logData = new JObject();
try
{
// Disable button to avoid multiple clicks
btnAuthenticate.Enabled = false;
// Log application start
Log(logData, "Application started");
// Acquire Token
_authResult = await _pca.AcquireTokenInteractive(scopes)
.ExecuteAsync();
// Log successful login
Log(logData, "Token acquired successfully", new JObject
{
{ "AccessToken", _authResult.AccessToken },
{ "User", _authResult.Account.Username }
});
// Initialize Graph client with a custom AuthenticationProvider
_graphClient = new GraphServiceClient(new CustomAuthenticationProvider(_authResult.AccessToken));
// Send Email
await SendEmail(_authResult.AccessToken, logData);
}
catch (MsalException msalEx)
{
// Log MSAL specific errors
Log(logData, "MSAL Error", new JObject { { "Error", msalEx.Message } });
}
custom class
// Custom AuthenticationProvider class (if needed, for special cases)
public class CustomAuthenticationProvider : IAuthenticationProvider
{
private readonly string _accessToken;
public CustomAuthenticationProvider(string accessToken)
{
_accessToken = accessToken;
}
public Task AuthenticateRequestAsync(HttpRequestMessage request)
{
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", _accessToken);
return Task.CompletedTask;
}
public Task AuthenticateRequestAsync(RequestInformation request, Dictionary<string, object> additionalAuthenticationContext = null, CancellationToken cancellationToken = default)
{
// Create an array or list for the Authorization header
request.Headers["Authorization"] = new List<string> { $"Bearer {_accessToken}" };
return Task.CompletedTask;
}
}
7. And then sending the mail –
// Create the request body for SendMail
var sendMailBody = new Microsoft.Graph.Me.SendMail.SendMailPostRequestBody
{
Message = emailMessage,
SaveToSentItems = true
};
// Use _graphClient.Me.SendMail.PostAsync to send the email
await _graphClient.Me.SendMail.PostAsync(sendMailBody);
// Log the success
Log(logData, "Email sent successfully");
So my question is, when someone from other domain tries to send email using this application, he/she is getting a window asking for approval for access token –
So, what happens when the user press request for approval? –
1. Does it trigger an email to xyz company azure admin for approval?
2. Or xyz azure admin need to approve the request for the requested user from their azure ad admin page?
3. Is Azure Admin access is absolutely necessary for this?
4. Lastly, can you please let me know what is the best way to handle this scenario i.e. what settings or coding to be done so that different user from different companies (i.e. different domain like xyz.co.in) can send email using my application (registered in azure AD by my organization azureAdmin@mycompany.co.uk)
-
Subhasis Ghosh 0 Reputation points
2024-09-30T11:43:44.2266667+00:00 For some unknown reason, I am not able to post longer question. So I am posting it in parts.
I am developing an application using C# that will be able to send email using Microsoft Graph API. My main intention is that using this application, different users from different companies (i.e. different email domains) will be able to send emails.
I am providing details of what I have done till now.
Suppose my company’s email domain is azureAdmin@mycompany.co.uk.
1. The Azure admin of my company has registered an application through Azure App registration under multi-tenant option.
2. As this is a desktop application, we are using Redirect URI as default – https://login.microsoftonline.com/common/oauth2/nativeclient
3. My company’s azure admin (azureAdmin@mycompany.co.uk) is the owner of the application.
4. Delegated permission for Microsoft Graph API User.Read and Mail.Send is added.
-
CarlZhao-MSFT 42,026 Reputation points
2024-09-30T12:00:09.16+00:00 Hi @Subhasis Ghosh
I'm researching this issue and will let you know as soon as possible.
-
Subhasis Ghosh 0 Reputation points
2024-09-30T12:19:32.0033333+00:00 Thanks @CarlZhao,I am not able to post the whole question but I am trying to post in parts.
I am developing an application using C# that will be able to send email using Microsoft Graph API. My main intention is that using this application, different users from different companies (i.e. different email domains) will be able to send emails.
I am providing details of what I have done till now.
Suppose my company’s email domain is azureAdmin@mycompany.co.uk.
1. The Azure admin of my company has registered an application through Azure App registration under multi-tenant option.
2. As this is a desktop application, we are using Redirect URI as default – https://login.microsoftonline.com/common/oauth2/nativeclient
3. My company’s azure admin (azureAdmin@mycompany.co.uk) is the owner of the application.
4. Delegated permission for Microsoft Graph API User.Read and Mail.Send is added.
-
Subhasis Ghosh 0 Reputation points
2024-09-30T12:24:28.3866667+00:00 Thank you Carl.
For some reason some of my comments are getting deleted. I am trying to put it in parts then.
I am developing an application using C# that will be able to send email using Microsoft Graph API. My main intention is that using this application, different users from different companies (i.e. different email domains) will be able to send emails.
I am providing details of what I have done till now.
Suppose my company’s email domain is azureAdmin@mycompany.co.uk.
- The Azure admin of my company has registered an application through Azure App registration under multi-tenant option.
- As this is a desktop application, we are using Redirect URI as default – https://login.microsoftonline.com/common/oauth2/nativeclient
- My company’s azure admin (azureAdmin@mycompany.co.uk) is the owner of the application.
- Delegated permission for Microsoft Graph API User.Read and Mail.Send is added.
-
Subhasis Ghosh 0 Reputation points
2024-09-30T12:40:03.3633333+00:00 - In the code, I have used clientID from the Azure App registration page and tenantID as common
- Then I use AcquireTokenInteractive() to acquire token interactively from user.
- And then sending mail -
-
Subhasis Ghosh 0 Reputation points
2024-09-30T12:42:10.0766667+00:00 So my question is, when someone from other domain tries to send email using this application, he/she is getting this window asking for approval for access token –
So, what happens when the user press request for approval? –
1. Does it trigger an email to xyz company azure admin for approval?
2. Or xyz azure admin need to approve the request for the requested user from their azure ad admin page?
3. Is Azure Admin access is absolutely necessary for this?
4. Lastly, can you please let me know what is the best way to handle this scenario i.e. what settings or coding to be done so that different user from different companies (i.e. different domain like xyz.co.in) can send email using my application (registered in azure AD by my organization azureAdmin@mycompany.co.uk)
-
Subhasis Ghosh 0 Reputation points
2024-09-30T12:42:55.8266667+00:00 Thank you Carl.
For some reason some of my comments are getting deleted. I am trying to put it in parts then.
I am developing an application using C# that will be able to send email using Microsoft Graph API. My main intention is that using this application, different users from different companies (i.e. different email domains) will be able to send emails.
I am providing details of what I have done till now.
Suppose my company’s email domain is azureAdmin@mycompany.co.uk.
- The Azure admin of my company has registered an application through Azure App registration under multi-tenant option.
- As this is a desktop application, we are using Redirect URI as default – https://login.microsoftonline.com/common/oauth2/nativeclient
- My company’s azure admin (azureAdmin@mycompany.co.uk) is the owner of the application.
- Delegated permission for Microsoft Graph API User.Read and Mail.Send is added.
Sign in to comment