MailKit.Security.AuthenticationException: '535: 5.7.139 Authentication unsuccessful, the user credentials were incorrect.

Question

I am getting this error "MailKit.Security.AuthenticationException: '535: 5.7.139 Authentication unsuccessful, the user credentials were incorrect." for my mail integration in my ASP.Net Core API Application.

I am using a Microsoft account to send the email, i tested it with PowerShell command and it is working but when i integrate it in my application it is not working.

I have disabled the security defaults and the account does not have any MFA and is excluded in conditional access policy for MFA

These are the settings i have set

"EmailSettings": {

"Host": "smtp.office365.com",

"Port": 587,

"Email": "Email ID",

"Password": "App Password",

"DisplayName": "Display Name",

"EnableSSL": "true"

}

And calling them like this in my code

await _emailService.SendAsync(dto.Email, "Subject", emailbody);

Email Service file:

public async Task SendAsync(string email, string subject, string body)

{

 await SendEmailAsync(email, subject, body);

}

public async Task SendEmailAsync(string toEmail, string subject, string body)

{

var smtpHost = _config["EmailSettings:Host"];

var smtpPortString = _config["EmailSettings:Port"];

var smtpEmail = _config["EmailSettings:Email"];

var smtpPassword = _config["EmailSettings:Password"];

var displayName = _config["EmailSettings:DisplayName"];

var enableSSL = _config["EmailSettings:EnableSSL"];

if (string.IsNullOrEmpty(smtpHost) || string.IsNullOrEmpty(smtpPortString) ||

    string.IsNullOrEmpty(smtpEmail) || string.IsNullOrEmpty(smtpPassword))

{

    throw new ArgumentNullException("Missing required email configuration values.");

}

if (!int.TryParse(smtpPortString, out int smtpPort))

{

    throw new ArgumentException("Invalid SMTP port number.");

}

bool useSSL = bool.TryParse(enableSSL, out var parsedSsl) && parsedSsl;

var secureSocketOption = useSSL ? SecureSocketOptions.StartTls : SecureSocketOptions.Auto;

var message = new MimeMessage();

message.From.Add(new MailboxAddress(displayName, smtpEmail));

message.To.Add(MailboxAddress.Parse(toEmail));

message.Subject = subject;

message.Body = new TextPart("html")

{

    Text = body

};

try

{

    using var client = new SmtpClient();

    Console.WriteLine($"Connecting to SMTP server {smtpHost}:{smtpPort} with SSL: {useSSL}...");

    await client.ConnectAsync(smtpHost, smtpPort, secureSocketOption);

    await client.AuthenticateAsync(smtpEmail, smtpPassword);

    await client.SendAsync(message);

    await client.DisconnectAsync(true);

    Console.WriteLine("Email sent successfully.");

}

catch (MailKit.Security.AuthenticationException authEx)

{

    Console.WriteLine($"Authentication error: {authEx.Message}");

    throw;

}

catch (Exception ex)

{

    Console.WriteLine($"General error: {ex.Message}");

    throw;

}

}

I am getting the error on this line : "await client.SendAsync(message);"

Answer 1

Office 365 no longer supports basic security (username and password). You will need to use oauth2. See this thread:

https://github.com/jstedfast/MailKit/discussions/1768

Answer 2

Hi @Ajay Mahajan,

From what you've described, I think the problem might be that you are using App Password while MFA is disabled. Please make sure that you're not mixing up app password with regular password or OAuth2 tokens as app passwords are only valid if MFA is enabled. If MFA is disabled, you should use the regular password.

Other than that, you could try:

Verify SMTP Authentication Is Enabled

Even if MFA is disabled and security defaults are turned off, Office 365 tenants may still block SMTP authentication by default.

• Go to Exchange Admin Center → Settings → Mail Flow
• Ensure Authenticated SMTP is enabled for the user account you're using.
• Also check that SMTPClientAuthenticationDisabled is set to false for the tenant

Set-TransportConfig -SmtpClientAuthenticationDisabled $false

This setting is often overlooked and is a frequent cause of the 535 error.

Check TLS Compatibility

Office 365 requires TLS 1.2 or higher. If your application or environment is using an older version (e.g., TLS 1.0 or 1.1), authentication will fail.

You can find more information here: https://learn.microsoft.com/en-us/microsoft-365-apps/end-of-support/microsoft-365-services-connectivity#basic-authentication-deprecation-in-exchange-online

• Ensure your application is configured to use SecureSocketOptions.StartTls and that TLS 1.2 is enabled in your environment.
• You can force TLS 1.2 in your ASP.NET Core app by adding this in your program.cs:

System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

Try verifying if your Outlook credentials are correct via Web

It’s a good idea to verify your Outlook credentials by logging in through the web interface—just to be sure everything is working as expected. It doesn’t hurt to double-check.

Also please be noted, as others have pointed out, that Microsoft is phasing out support for basic security.

If you are still encountering problem, feel free to reach out and consider using Outlook and Office 365 if you feel the problem is tied to your account.