trentcioran
5 years ago
Hi,

I am trying to retrieve emails from O365 using an account granted the role of application impersonation, followed the steps described in this example C#/ASP.NET/ASP MVC - Retrieve Email using Microsoft OAuth 2.0 (Modern Authentication) + EWS Protocol from Office 365 in Background Service , my code is as follows


string client_id = "client_id...";
string client_secret = "client_secret...";

string tenant = "my_tenant_id_from_azure_portal...";

string requestData =
$"client_id={client_id}&client_secret={client_secret}&scope=https://outlook.office365.com/.default&grant_type=client_credentials";

string tokenUri = $"https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token";
string responseText = _postString(tokenUri, requestData);

OAuthResponseParser parser = new OAuthResponseParser();
parser.Load(responseText);

MailServer server = new MailServer(
config.ServerName,
config.Username,
parser.AccessToken, // use access token as password
ServerProtocol.ExchangeEWS); // use Http EWS protocol

server.SSLConnection = true;
server.AuthType = ServerAuthType.AuthXOAUTH2;

var client = new MailClient(ConfigurationManager.AppSettings["eagetmail.license"]);
client.Connect(server);



when the code executes the last line it throws an exception

"The remote server returned an error: (401) Unauthorized."

Am I missing something?

Here is the configuration of the azure application.

UserPostedImage

UserPostedImage

UserPostedImage

Thanks,
Manuel


ivan
  • ivan
  • 100% (Exalted)
  • Administration
5 years ago
1, you missed full_access_as_app

Click "API Permission" -> "Add a permission" -> "Exchange" -> "Application permissions" -> Check "full_access_as_app";

2. did you get approval from office365 administrator grant?

https://www.emailarchitect.net/eagetmail/ex/c/24.aspx#grant-admin-consent 

trentcioran
5 years ago

1, you missed full_access_as_app

Click "API Permission" -> "Add a permission" -> "Exchange" -> "Application permissions" -> Check "full_access_as_app";

2. did you get approval from office365 administrator grant?

https://www.emailarchitect.net/eagetmail/ex/c/24.aspx#grant-admin-consent 

Originally Posted by: ivan 



Hi Ivan, thank you for your help. I previously did 2 without success, after granting full_access_as_app and granting that request it works. Now I have the question: Why do I need to grant full access if the application just needs to read emails from different mailboxes? (that is what the sys admin is going to ask for sure).


Thanks again,
Manuel
ivan
  • ivan
  • 100% (Exalted)
  • Administration
5 years ago
because the application uses EWS protocol, there is no other permission except full_access_as_app "introduced in Office365 official document".
JamesC
  • JamesC
  • 52.25% (Neutral)
  • Newbie
4 years ago
Hi there,
I too am experiencing a 401 error with the sample code for retrieving emails but when I go into Admin\App Registrations on my application I do not get the option to assign permissions for Exchange. Has this been changed now by MS so that these permissions are assigned through Graph?
In Graph I have assigned the following (some came through as default)
 de6d7815-5289-4d8e-b8ed-0d2568c7b468.png You have insufficient rights to see the content.
All options have been Granted by the admin and the status has a green tick.

Many thanks for any advice James
ivan
  • ivan
  • 100% (Exalted)
  • Administration
4 years ago
It seems that Azure removed the permission from GUI, you should assign the permission manually like this:

Select Manifest in the left-hand navigation under Manage.

Locate the requiredResourceAccess property in the manifest, and add the following inside the square brackets ([]):

JSON

Copy

{
    "resourceAppId": "00000002-0000-0ff1-ce00-000000000000",
    "resourceAccess": [
        {
            "id": "dc890d15-9560-4a4c-9b7f-a736ec74ec40",
            "type": "Role"
        }
    ]
}
Select Save.

Select API permissions under Manage. Confirm that the full_access_as_app permission is listed.

Select Grant admin consent for org and accept the consent dialog.

Select Certificates & Secrets in the left-hand navigation under Manage.

Select New client secret, enter a short description and select Add.

Copy the Value of the newly added client secret and save it, you will need it later.
JamesC
  • JamesC
  • 52.25% (Neutral)
  • Newbie
4 years ago
Hi Ivan,
thanks a lot!
I can confirm that the above fixed my problems.

Many thanks James
ivan
  • ivan
  • 100% (Exalted)
  • Administration
4 years ago
I found we don't have to edit the manifest file manually if you're a user in your organization, you can find the permission at

Add permission -> API in APIs my organization uses -> Office 365 Exchange Online -> Application permissions -> Other permissions -> full_access_as_app

Similar Topics
Users browsing this topic

    EXPLORE TUTORIALS

    Send Email
    Read and Parse Email
    DKIM Solution
    © All Rights Reserved, AIFEI Software Limited & AdminSystem Software Limited.