Closed MAlabaster closed 3 years ago
andrueastman
commented
3 years ago @MAlabaster
How did you create the instance of the graphClient? Did you set it up to use the InteractiveAuthProvider? Was it your intention to use the interactive flow or the UsernamePassword flow?
From the exception trace it looks like the graphClient is configured to use the InteractiveAuthProvider.
MAlabaster
commented
3 years ago That is correct. I could not get any of the private application examples to authorise except in my own company's accounts and from looking through the documentation I could not find an authorisation model that will allow my app to log into other tenants' emails with read/write email access using client secret. I only have access to the customers' email login credentials, and I used the fully interactive login in a management app to handle obtaining permission. The service does this at every poll interval, it works fine at first but after several minutes starts erroring. I'm using the beta nuget package because the standard also had authorisation problems.
public static string[] scopes = new string[] { "https://graph.microsoft.com/.default" };
public static IPublicClientApplication pcApp;
pcApp = PublicClientApplicationBuilder
.Create(clientID)
.WithRedirectUri(redirectUri)
.WithAuthority(AzureCloudInstance.AzurePublic, "redacted-xxxx-xxxx-xxxxxxxxxxxx")
.Build();
InteractiveAuthenticationProvider authProvider = new InteractiveAuthenticationProvider(pcApp, scopes);
AuthenticationResult authResult = null;
var accounts = await pcApp.GetAccountsAsync();
try
{
SecureString securePWD = new System.Net.NetworkCredential("", msgip.passWord).SecurePassword;
authResult = await pcApp.AcquireTokenByUsernamePassword(scopes, msgip.userName, securePWD)
.ExecuteAsync();
}
catch (MsalUiRequiredException msalURex)
{
if (msalURex.Message.StartsWith("AADSTS65001"))
{
eventLog1.WriteEntry("No permission for the app for user - check set up in the services management console",EventLogEntryType.Error);
return;
}
}
graphClient = new GraphServiceClient(authProvider);
maisarissi
commented
3 years ago Hi @MAlabaster
Thank you for reaching out and opening this issue. This client library will not leave the preview state. Microsoft.Graph v4 now integrates with Azure.Identity which supports a wide variety of authentication flows out of the box. We suggest that you migrate to v4 + Azure.Identity. Read more about it in this issue.
This issue won't be fixed, and the repository will be archived.
Due to the upcoming deprecation of EWS, I'm converting a c# windows service that imports email attachments from our customers' 365 mailbox folders. I registered a multi-tenant application but could not get authentication with client secret to work so I opted for a public client application and AcquireTokenByUsernamePassword, using stored usernames and passwords. The setup for the credential stores invokes interactive login to get permissions from the client account or AD administrator. The service polls the mail folder (not necessarily the inbox) at a selected interval and downloads email attachments then moves the processed emails to another folder. At irregular intervals I am getting a general error and it is clear that it is trying to display the standard login. A dump of the exception is shown in the attached file. The line where the error is occuring is getting all messages in the selected folder var foundMessages = await graphClient.Me.MailFolders[inboxId].Messages .Request() .Top(50) .Expand("attachments") .GetAsync(); MSGraph exception.txt
AB#9160