Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

Options
Go to last post Go to first unread
trentcioran  
#1 Posted : Thursday, June 25, 2020 6:45:03 AM(UTC)
trentcioran

Rank: Newbie

Groups: Registered
Joined: 11/1/2016(UTC)
Posts: 4

Hi,

I am trying to retrieve emails from O365 using an account granted the role of application impersonation, followed the steps described in this example C#/ASP.NET/ASP MVC - Retrieve Email using Microsoft OAuth 2.0 (Modern Authentication) + EWS Protocol from Office 365 in Background Service, my code is as follows

Quote:

string client_id = "client_id...";
string client_secret = "client_secret...";

string tenant = "my_tenant_id_from_azure_portal...";

string requestData =
$"client_id={client_id}&client_secret={client_secret}&scope=https://outlook.office365.com/.default&grant_type=client_credentials";

string tokenUri = $"https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token";
string responseText = _postString(tokenUri, requestData);

OAuthResponseParser parser = new OAuthResponseParser();
parser.Load(responseText);

MailServer server = new MailServer(
config.ServerName,
config.Username,
parser.AccessToken, // use access token as password
ServerProtocol.ExchangeEWS); // use Http EWS protocol

server.SSLConnection = true;
server.AuthType = ServerAuthType.AuthXOAUTH2;

var client = new MailClient(ConfigurationManager.AppSettings["eagetmail.license"]);
client.Connect(server);


when the code executes the last line it throws an exception

"The remote server returned an error: (401) Unauthorized."

Am I missing something?

Here is the configuration of the azure application.

App Registration

App API Permissions

App Roles

Thanks,
Manuel


ivan  
#2 Posted : Thursday, June 25, 2020 4:04:04 PM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 1,067

Thanks: 9 times
Was thanked: 43 time(s) in 43 post(s)
1, you missed full_access_as_app

Click "API Permission" -> "Add a permission" -> "Exchange" -> "Application permissions" -> Check "full_access_as_app";

2. did you get approval from office365 administrator grant?

https://www.emailarchite...aspx#grant-admin-consent

trentcioran  
#3 Posted : Thursday, June 25, 2020 4:26:50 PM(UTC)
trentcioran

Rank: Newbie

Groups: Registered
Joined: 11/1/2016(UTC)
Posts: 4

Originally Posted by: ivan Go to Quoted Post
1, you missed full_access_as_app

Click "API Permission" -> "Add a permission" -> "Exchange" -> "Application permissions" -> Check "full_access_as_app";

2. did you get approval from office365 administrator grant?

https://www.emailarchite...aspx#grant-admin-consent



Hi Ivan, thank you for your help. I previously did 2 without success, after granting full_access_as_app and granting that request it works. Now I have the question: Why do I need to grant full access if the application just needs to read emails from different mailboxes? (that is what the sys admin is going to ask for sure).


Thanks again,
Manuel
ivan  
#4 Posted : Thursday, June 25, 2020 4:39:19 PM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 1,067

Thanks: 9 times
Was thanked: 43 time(s) in 43 post(s)
because the application uses EWS protocol, there is no other permission except full_access_as_app "introduced in Office365 official document".
Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

Powered by YAF.NET | YAF.NET © 2003-2020, Yet Another Forum.NET
This page was generated in 0.075 seconds.

EXPLORE TUTORIALS

© All Rights Reserved, AdminSystem Software Limited.