VB.NET/ASP.NET/ASP MVC - Retrieve email using Gmail/G Suite OAuth 2.0 + IMAP4 protocol in background service (service account)¶

Installation¶

Before you can use the following sample codes, you should download the EAGetMail Installer and install it on your machine at first. Full sample projects are included in this installer.

Install from NuGet

You can also install the run-time assembly by NuGet. Run the following command in the NuGet Package Manager Console:

Install-Package EAGetMail

Add reference¶

To use EAGetMail POP3 & IMAP Component in your project, the first step is “Add reference of EAGetMail to your project”. Please create or open your project with Visual Studio, then go to menu -> Project -> Add Reference -> .NET -> Browse..., and select Installation path\Lib\[netversion]\EAGetMail.dll, click Open-> OK, the reference will be added to the project, you can start to use it to retrieve email and parse email in your project.

.NET assembly¶

Because EAGetMail has separate builds for .Net Framework, please refer to the following table and choose the correct dll.

Separate builds of run-time assembly for .Net Framework 2.0, 4.0, 4.5, 4.6.1, 4.7.2 .NET Core 3.1, .NET 5.0, NET Standard 2.0 and .Net Compact Framework 2.0, 3.5.

Google Service Account¶

Normal OAuth requires user input user/password in Web Browser. Obviously, it is not suitable for background service. In this case, you should use google service account to access G Suite email service without user interaction. Service account only works for G Suite user, it doesn’t work for personal Gmail account.

Create project in Google Developers Console¶

To use “G Suite Service Account OAuth” in your application, you should create a project in Google Developers Console at first.

• Open Google Developer Console, create a new project by https://console.developers.google.com/projectcreate.

  

• After you created the project, select it from projects list as current project.

  

Create service account in current project¶

• Click "Credentials" -> "Manage service accounts"

  

• Click "CREATE SERVICE ACCOUNT"

  

• Input a name for your service account, click "CREATE"

  

• In "Service account permissions", select "Project" -> "Owner" as role

  

• In "Grant users access to this service account", keep everything default and click "DONE"

  

After service account is created, you should enable "Domain-wide delegation" and create service key pair to access G Suite user mailbox.

Enable “Domain-wide delegation” and create service key¶

• Go back to your service account, click "Edit" -> "SHOW DOMAIN-WIDE DELEGATION", check "Enable G Suite Domain-wide Delegation", input a name for product oauth consent, click "Save".

  

• Go back to your service account again, click "Create Key", you can select "p12" or "json" key type, both can work well, then you will get a file which contains private key, save the file to local disk.

  Now you have created service account with key pair successfully. You can use created private key in your codes to request "access token" impersonating a user in G Suite.

  

• To access user data in G Suite, you must get authorization from G Suite administrator. You should go to service accounts list, click "View Client ID" like this:

  

• Then copy your “Client ID” and service account email address, forward it to G Suite administrator for authorization.

  

Enable Gmail API¶

Enable Gmail API in "Library" -> Search "Gmail", then click "Gmail API" and enable it. If you use Gmail API protocol to send email, you should enable this API, if you use SMTP protocol, you don’t have to enable it.

Authorize service account by G Suite administrator¶

To use service account to access user mailbox in G Suite, G Suite Administrator should authorize specified service account at first.

• G Suite Administrator should open admin.google.com, go to Admin Console, click "Security" > API Control;

  

• Click Add new and enter your service account client ID.

• Enter the client ID of the service account or OAuth2 client ID of the app.

• In OAuth Scopes, add each scope that the application can access (should be appropriately narrow). and input https://mail.google.com/, email, profile in One or More API Scopes, click "Authorize".

  

After G Suite administrator authorized service account, you can use it to access any users mailbox in G Suite domain.

Enable TLS Strong Encryption Algorithms in .NET 2.0 and .NET 4.0¶

Because HttpWebRequest is used to get access token from web service. If you’re using legacy .NET framework (.NET 2.0 - .NET 3.5 and .NET 4.0 - 4.6.1), you need to enable Strong Encryption Algorithms to request access token:

Put the following content to a file named NetStrongEncrypt.reg, right-click this file -> Merge -> Yes. You can also download it from https://www.emailarchitect.net/webapp/download/NetStrongEncrypt.zip.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

Access token lifetime¶

You don’t have to request access token every time. By default, access token expiration time is 3600 seconds, you can reuse the access token repeatedly before it is expired.

VB.NET/ASP.NET/ASP MVC - Retrieve email using Gmail/G Suite OAuth 2.0 from IMAP4 server with service account - example¶

' You can install Google.Apis.Auth.OAuth2 by NuGet
' Install-Package Google.Apis.Auth
Imports  System
Imports  System.IO
Imports  System.Net
Imports  System.Net.Sockets
Imports  System.Text
Imports  System.Threading
Imports  System.Threading.Tasks
Imports  System.Security.Cryptography.X509Certificates
Imports  System.Runtime.InteropServices
Imports  Google.Apis.Auth.OAuth2
Imports  EAGetMail
Imports  System.Globalization

Function _generateFileName(ByVal sequence As Integer) As String
    Dim currentDateTime As DateTime = DateTime.Now
    Return String.Format("{0}-{1:000}-{2:000}.eml",
                    currentDateTime.ToString("yyyyMMddHHmmss", New CultureInfo("en-US")),
                    currentDateTime.Millisecond,
                    sequence)
End Function

Public Sub RetrieveEmail()
    Try
        ' service account email address
        Const serviceAccount As String = "xxxxxx@xxxxx.iam.gserviceaccount.com"

        ' import service account key p12 certificate.
        Dim certificate = New X509Certificate2("D:\MyData\myoauth-77dec4d192ec.p12", "notasecret", X509KeyStorageFlags.Exportable)

        ' G Suite user email address
        Dim gsuiteUser = "user@gsuitdomain.com"

        Dim serviceAccountCredentialInitializer = New ServiceAccountCredential.Initializer(serviceAccount) With {
            .User = gsuiteUser,
            .Scopes = {"https://mail.google.com/"}
        }.FromCertificate(certificate)

        ' if service account key is in json format, copy the private key from json file:
        ' "private_key": "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n"
        ' and import it like this:

        ' Dim privateKey As String = "-----BEGIN PRIVATE KEY-----" & vbLf & "MIIEv...revdd" & vbLf & "-----END PRIVATE KEY-----" & vbLf
        ' Dim serviceAccountCredentialInitializer = New ServiceAccountCredential.Initializer(serviceAccount) With {
        '    .User = gsuiteUser,
        '    .Scopes = {"https://mail.google.com/"}
        ' }.FromPrivateKey(privateKey)

        ' request access token
        Dim credential = New ServiceAccountCredential(serviceAccountCredentialInitializer)
        If Not credential.RequestAccessTokenAsync(CancellationToken.None).Result Then
            Throw New InvalidOperationException("Access token failed.")
        End If

        ' Create a folder named "inbox" under current directory
        ' to save the email retrieved.
        Dim localInbox As String = String.Format("{0}\inbox", Directory.GetCurrentDirectory())

        ' If the folder is not existed, create it.
        If Not Directory.Exists(localInbox) Then
            Directory.CreateDirectory(localInbox)
        End If

        ' Gmail IMAP4 Server address, use access token as password
        Dim oServer As New MailServer("imap.gmail.com",
                    gsuiteUser,
                    credential.Token.AccessToken,
                    ServerProtocol.Imap4)

        ' User OAUTH 2.0
        oServer.AuthType = ServerAuthType.AuthXOAUTH2
        ' Enable SSL/TLS connection,
        oServer.SSLConnection = True
        ' IMAP SSL Port
        oServer.Port = 993

        Console.WriteLine("Connecting {0} ...", oServer.Server)

        Dim oClient As New MailClient("TryIt")
        oClient.Connect(oServer)

        ' Get New email only, if you want to get all emails, please remove this line
        oClient.GetMailInfosParam.GetMailInfosOptions = GetMailInfosOptionType.NewOnly

        Dim infos As MailInfo() = oClient.GetMailInfos()
        Console.WriteLine("Total {0} email(s)", infos.Length)

        For i As Integer = 0 To infos.Length - 1
            Dim info As MailInfo = infos(i)
            Console.WriteLine("Index: {0}; Size: {1}; UIDL: {2}",
                    info.Index, info.Size, info.UIDL)

            ' Retrieve email from email server
            Dim oMail As Mail = oClient.GetMail(info)

            Console.WriteLine("From: {0}", oMail.From.ToString())
            Console.WriteLine("Subject: {0}" & vbCr & vbLf, oMail.Subject)

            ' Generate an unqiue email file name based on date time.
            Dim fileName As String = _generateFileName(i + 1)
            Dim fullPath As String = String.Format("{0}\{1}", localInbox, fileName)

            ' Save email to local disk
            oMail.SaveAs(fullPath, True)

            ' Mark email as read to prevent retrieving this email again.
            oClient.MarkAsRead(info, True)

            ' If you want to delete current email, please use Delete method instead of MarkAsRead
            ' oClient.Delete(info)

        Next

        ' Quit and expunge emails marked as deleted from  server.
        oClient.Quit()
        Console.WriteLine("Completed!")

    Catch ep As Exception
        Console.WriteLine(ep.ToString())
    End Try
End Sub

TLS 1.2 protocol¶

TLS is the successor of SSL, more and more SMTP servers require TLS 1.2 encryption now.

If your operating system is Windows XP/Vista/Windows 7/Windows 2003/2008/2008 R2/2012/2012 R2, you need to enable TLS 1.2 protocol in your operating system like this:

Enable TLS 1.2 on Windows XP/Vista/7/10/Windows 2008/2008 R2/2012

Related links¶

• Retrieve email from Gmail using user interaction OAuth
• Retrieve email from Hotmail/Outlook/Live using user interaction OAuth
• Retrieve email from Office365 using user interaction OAuth
• Retrieve email from Office365 in background service