This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hi all,
I'm trying to build a deamon service which sends email using OAuth2 Authentication with Office 365.
We created the app on Azure and set all scopes and permissions (both to Graph section and Exchange Online section).
We're using MailKit as library. We successfully obtain an access token with the follow implementation:
var scopes = new [] {"https://graph.microsoft.com/.default"};
var app = ConfidentialClientApplicationBuilder
.Create(client_id)
.WithTenantId(tenant)
.WithCertificate(certificate)
.Build();
var token = await app.AcquireTokenForClient(scopes).ExecuteAsync();
return token;
But when we try to authenticate using the SmtpClient we receive an error 535: 5.7.3 Authentication unsuccessfull. The code we're using is the following:
var parser = await GetOfficeCredentialsServiceV1();
var office365User = "******@mydomain.onmicrosoft.com";
using (var client = new MailKit.Net.Smtp.SmtpClient())
{
client.ServerCertificateValidationCallback = OnValidateCertificate;
await client.ConnectAsync("smtp.office365.com", 587, SecureSocketOptions.StartTls);
var oauth2 = new SaslMechanismOAuth2(office365User, parser.AccessToken);
await client.AuthenticateAsync(oauth2); // ERROR
//.....
}
Using a personal account withthe following code we're not experiencing any error and the e-mails are sent correctly:
var app = PublicClientApplicationBuilder.CreateWithApplicationOptions(options).Build();
var accounts = await app.GetAccountsAsync();
var scopes = new []
{
"user.read", "Mail.Read", "Mail.ReadBasic", "Mail.ReadWrite", "Mail.Send", "email",
"https://outlook.office.com/IMAP.AccessAsUser.All", "https://outlook.office.com/POP.AccessAsUser.All", "https://outlook.office.com/SMTP.Send"
};
var authToken = await app.AcquireTokenSilent(scopes, accounts.FirstOrDefault())
.WithForceRefresh(true)
.ExecuteAsync();
Are we missing some configuration on the Azure App or something else?
Thank you
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYS%3C/text%3E%3C/svg%3E)
Hi anonymous user,
Welcome to Microsoft Q&A!
Considering that your question is related to develop service using Graph, but the "office-outlook-itpro" tag is only for general issues about Outlook client and the "office-exchange-server-mailflow" is for mail flow questions involving Exchange server. So I'll add a tag for "microsoft-graph-mail and hope your issue could be resolved soon.
You don't need to use SmptClient, once you have the access token (with necessary permissions), use the /sendMail endpoint. Here's a recent article that walks you over the process: https://practical365.com/upgrade-powershell-scripts-sendmailmessage/
Hi @Vasil Michev , thanks for your answer and sorry for the late reply (I'm currently on vacation).
I've just spoken with the other devs which are currently developing the spike and they confirmed me that your solution works properly.
However, we're wondering why with an SMTP Client the approach did not work.
Many thanks again.
Alberto
Because you are getting the token in the context of an application (client credentials flow), not a user.