Rank: Newbie
Groups: Registered
Joined: 11/1/2016(UTC) Posts: 4
Hi,
I am trying to retrieve emails from O365 using an account granted the role of application impersonation, followed the steps described in this example
C#/ASP.NET/ASP MVC - Retrieve Email using Microsoft OAuth 2.0 (Modern Authentication) + EWS Protocol from Office 365 in Background Service , my code is as follows
Quote: string client_id = "client_id..."; string client_secret = "client_secret..."; string tenant = "my_tenant_id_from_azure_portal..."; string requestData = $"client_id={client_id}&client_secret={client_secret}&scope=https://outlook.office365.com/.default&grant_type=client_credentials"; string tokenUri = $"https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token"; string responseText = _postString(tokenUri, requestData); OAuthResponseParser parser = new OAuthResponseParser(); parser.Load(responseText); MailServer server = new MailServer( config.ServerName, config.Username, parser.AccessToken, // use access token as password ServerProtocol.ExchangeEWS); // use Http EWS protocol server.SSLConnection = true; server.AuthType = ServerAuthType.AuthXOAUTH2; var client = new MailClient(ConfigurationManager.AppSettings["eagetmail.license"]); client.Connect(server);
when the code executes the last line it throws an exception
"The remote server returned an error: (401) Unauthorized."
Am I missing something?
Here is the configuration of the azure application.
Thanks,
Manuel
Rank: Administration
Groups: Administrators
Joined: 11/11/2010(UTC) Posts: 1,152
Thanks: 9 times Was thanked: 55 time(s) in 55 post(s)
1, you missed full_access_as_app
Click "API Permission" -> "Add a permission" -> "Exchange" -> "Application permissions" -> Check "full_access_as_app";
2. did you get approval from office365 administrator grant?
https://www.emailarchite...aspx#grant-admin-consent
Rank: Newbie
Groups: Registered
Joined: 11/1/2016(UTC) Posts: 4
Originally Posted by: ivan 1, you missed full_access_as_app
Click "API Permission" -> "Add a permission" -> "Exchange" -> "Application permissions" -> Check "full_access_as_app";
2. did you get approval from office365 administrator grant?
https://www.emailarchite...aspx#grant-admin-consent Hi Ivan, thank you for your help. I previously did 2 without success, after granting full_access_as_app and granting that request it works. Now I have the question: Why do I need to grant full access if the application just needs to read emails from different mailboxes? (that is what the sys admin is going to ask for sure).
Thanks again,
Manuel
Rank: Administration
Groups: Administrators
Joined: 11/11/2010(UTC) Posts: 1,152
Thanks: 9 times Was thanked: 55 time(s) in 55 post(s)
because the application uses EWS protocol, there is no other permission except full_access_as_app "introduced in Office365 official document".
Rank: Newbie
Groups: Registered
Joined: 11/26/2020(UTC)
Posts: 2
Location: Nottm
Hi there,
I too am experiencing a 401 error with the sample code for retrieving emails but when I go into Admin\App Registrations on my application I do not get the option to assign permissions for Exchange. Has this been changed now by MS so that these permissions are assigned through Graph?
In Graph I have assigned the following (some came through as default)
All options have been Granted by the admin and the status has a green tick.
Many thanks for any advice James
Edited by moderator Saturday, November 28, 2020 1:42:26 AM(UTC)
| Reason: Not specified
Rank: Administration
Groups: Administrators
Joined: 11/11/2010(UTC) Posts: 1,152
Thanks: 9 times Was thanked: 55 time(s) in 55 post(s)
It seems that Azure removed the permission from GUI, you should assign the permission manually like this:
Select Manifest in the left-hand navigation under Manage.
Locate the requiredResourceAccess property in the manifest, and add the following inside the square brackets ([]):
JSON
Copy
Code:
{
"resourceAppId": "00000002-0000-0ff1-ce00-000000000000",
"resourceAccess": [
{
"id": "dc890d15-9560-4a4c-9b7f-a736ec74ec40",
"type": "Role"
}
]
}
Select Save.
Select API permissions under Manage. Confirm that the full_access_as_app permission is listed.
Select Grant admin consent for org and accept the consent dialog.
Select Certificates & Secrets in the left-hand navigation under Manage.
Select New client secret, enter a short description and select Add.
Copy the Value of the newly added client secret and save it, you will need it later.
Rank: Newbie
Groups: Registered
Joined: 11/26/2020(UTC)
Posts: 2
Location: Nottm
Hi Ivan, thanks a lot! I can confirm that the above fixed my problems. Many thanks James
Rank: Administration
Groups: Administrators
Joined: 11/11/2010(UTC) Posts: 1,152
Thanks: 9 times Was thanked: 55 time(s) in 55 post(s)
I found we don't have to edit the manifest file manually if you're a user in your organization, you can find the permission at Add permission -> API in APIs my organization uses -> Office 365 Exchange Online -> Application permissions -> Other permissions -> full_access_as_app
Forum Jump
EmailArchitect Support
Email Component Development
- EASendMail SMTP Component - .NET Version
- EASendMail SMTP Component - Windows Store Apps
- EASendMail SMTP ActiveX Object
- EAGetMail POP3 & IMAP4 Component - .NET Version
- EAGetMail POP3 & IMAP4 ActiveX Object
Exchange Server and IIS SMTP Plugin
- DomanKeys/DKIM for Exchange Server and IIS SMTP
- Disclaimer and S/MIME for Exchange Server and IIS
EmailArchitect Email Server
- EmailArchitect Email Server (General)
- EmailArchitect Email Server Development
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.