Graph API Users's MailBox

Babu P 1 Reputation point
2020-07-08T21:18:49.19+00:00

I'm working on office 365 mail's backup using Microsoft Graph SDK in windows forms application.

I want get get all users mails using office 365 administrator account.May i know what are permission i need to provide.?

I can get mails from logged in account (office 365 administrator) but not for others users.

below is the example code.

var messages = await graphClient.Users[UserID].MailFolders[MailFolderID].Messages
.Request()
.GetAsync();

Thanks,
Babu.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,548 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Bob German 1 Reputation point Microsoft Employee
    2020-07-08T21:54:28.867+00:00

    Hi Babu -

    I order to get to another user's mailbox - and the other user hasn't delegated their mailbox access in Exchange Online (like an administrative assistant might do) - you need to use Application permissions rather than Delegated (which acts on behalf of the user). Here is the relevant documentation on the call: https://learn.microsoft.com/en-us/graph/api/user-list-messages?view=graph-rest-1.0&tabs=http
    Notice that there are three kinds of permissions listed - you need "Application" permissions.

    To get those you need to use Client Credentials Flow - see https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow for details.

    Once you get this working - you are likely to run into throttling issues if you try to load a large volume of email. Details are here: https://learn.microsoft.com/en-us/graph/throttling

    Thanks and best of luck!

    0 comments No comments

  2. Babu P 1 Reputation point
    2020-07-10T19:10:02.417+00:00

    @BobGerman-9536 - Thanks for your answer.

    I'm not sure how to do this

    To get those you need to use Client Credentials Flow - see https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow for details.

    I want to do this on C# Windows Forms Application. I'm explaining below.

    1. Getting Token
                   try
                       {
                           authResult = await app.AcquireTokenInteractive(scopes)
                               .WithAccount(accounts.FirstOrDefault())
                               .WithPrompt(Microsoft.Identity.Client.Prompt.SelectAccount)
                               .ExecuteAsync();
                           AccessToken = authResult.AccessToken.ToString();
                       }
                       catch (MsalException msalex)
                       {
                           WriteLog("Error(GetAccessToken()) MsalException: " + msalex.Message.ToString());
                       }
      
    2. using the above token i'm creating "graphClient"

    try
    {
    graphClient = new GraphServiceClient(
    "https://graph.microsoft.com/v1.0",
    new DelegateAuthenticationProvider(
    async (requestMessage) =>
    {
    var token = AccessToken;
    requestMessage.Headers.Authorization = new AuthenticationHeaderValue("bearer", AccessToken);
    requestMessage.Headers.Add("xxx", "yyyy");

                             }));
                     return graphClient;
                 }
    
    1. using the graphClient I'm listig the users.
                    var users = await graphClient.Users
                              .Request()
                              .GetAsync();
      

    From this users list how can i access all user mailbox. (note: this is working for the account when i give to get token but not for all the users.) I gave all the application permissions but still not working.

    Code: ErrorAccessDenied
    Message: Access is denied. Check credentials and try again.

    Thankss,
    Babu.

    0 comments No comments