Posts Tagged ‘IMAP’

Access shared/delegate mailbox of Office 365

Thursday, February 4th, 2021

There are 2 ways of accessing a shared mailbox in Office 365: first -using regular IMAP authentication and a second one – using OAuth 2.0.

Shared mailbox – basic authentication

Make sure basic authentication is turned on:

Try authenticating to users’ regular mailbox with his credentials to check if basic authentication works and the user/password is correct:

client.UseBestLogin("AlexW@example.com", "AlexWPassword");

Access the shared mailbox

Use the following user format:

Username@DomainName\Shared@DomainName

You must use Login method:

client.Login(@"AlexW@example.com\invoices@example.com", "AlexWPassword"); 

-or-

alternatively you may use LoginPlain method:

client.LoginPlain("invoices@example.com", "AlexW@example.com", "AlexWPassword");

Don’t use UseBestLogin for Office365 shared mailboxes and basic authentication.

The reason is Office  365 advertises LOGIN PLAIN as a preferred login method and UseBestLogin chooses to use it. However Office 365 does not recognize Username@DomainName\Shared@DomainName user pattern when using LOGIN PLAIN. For Office 365 to accept a LOGIN PLAIN to a shared mailbox, you need to provide all 3 parameters separately: shared mailbox, user and user password – use LoginPlain to do that.

Shared mailbox – OAuth 2.0

It is much simpler with OAuth. Use any of the available OAuth 2.0 flows:

https://www.limilabs.com/blog/oauth2-password-grant-office365-exchange-imap-pop3-smtp

https://www.limilabs.com/blog/oauth2-office365-exchange-imap-pop3-smtp

When you’ve obtained an access token you simply use it to access shared mailbox:

string accessToken = result.AccessToken;

using (Imap client = new Imap())
{
    client.ConnectSSL("outlook.office365.com");
    client.LoginOAUTH2("invoices@example.com", accessToken);

    client.SelectInbox();

    List<long> uids = imap.Search(Flag.Unseen);
    foreach (long uid in uids)
    {
        var eml = imap.GetMessageByUID(uid)
        IMail email = new MailBuilder().CreateFromEml();
        string subject = email.Subject);
    }
    client.Close();
}

OAuth 2.0 password grant with Office365/Exchange IMAP/POP3/SMTP

Thursday, November 19th, 2020

First you need to register your application in Azure Portal.

Here’s a detailed guide how to do that:
https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app

Enable additional flows:

Then you need to apply correct API permissions and grant the admin consent for your domain.

This image has an empty alt attribute; its file name is image-1.png

In the API permissions / Add a permission wizard, select Microsoft Graph and then Delegated permissions to find the following permission scopes listed:

  • offline_access
  • email
  • IMAP.AccessAsUser.All
  • POP.AccessAsUser.All
  • SMTP.Send

Remember to grant admin consent.

Use Microsoft Authentication Library for .NET (MSAL.NET) nuget package to obtain an access token:
https://www.nuget.org/packages/Microsoft.Identity.Client/

string clientId = "Application (client) ID";
string tenantId = "Directory (tenant) ID";

string userEmail = "Username for mailbox";
string userPassword = "Password for that user";

IPublicClientApplication app = PublicClientApplicationBuilder.Create(clientId)
    .WithAuthority(AzureCloudInstance.AzurePublic, tenantId)
    .Build();

var scopes = new string[] 
{
    "offline_access",
    "email",
    "https://outlook.office.com/IMAP.AccessAsUser.All",
    "https://outlook.office.com/POP.AccessAsUser.All",
    "https://outlook.office.com/SMTP.Send",
};

Now acquire the access token and user email address:

var accounts = await app.GetAccountsAsync();

AuthenticationResult result;
if (accounts.Any())
{
    IAccount account = accounts.FirstOrDefault();
    result = await app.AcquireTokenSilent(scopes, account).ExecuteAsync();
}
else
{
    SecureString securePassword = new SecureString();
    foreach (char c in userPassword)
    {
        securePassword.AppendChar(c);
    }
    result = await app.AcquireTokenByUsernamePassword(
        scopes, 
        userEmail, 
        securePassword).ExecuteAsync();
}

string user = result.Account.Username;
string accessToken = result.AccessToken;

Finally you can connect to IMAP/POP3/SMTP server and authenticate:

using (Imap client = new Imap())
{
    client.ConnectSSL("outlook.office365.com");
    client.LoginOAUTH2(user, accessToken);
 
    client.SelectInbox();

    // ...

    client.Close();
} 

OAuth 2.0 with Office365/Exchange IMAP/POP3/SMTP

Tuesday, June 23rd, 2020

First you need to register your application in Azure Portal.

Here’s a detailed guide how to do that:
https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app

Remember to add authentication entries (localhost is needed for .net core):

Then you need to apply correct API permissions and grant the admin consent for your domain.

In the API permissions / Add a permission wizard, select Microsoft Graph and then Delegated permissions to find the following permission scopes listed:

  • offline_access
  • email
  • IMAP.AccessAsUser.All
  • POP.AccessAsUser.All
  • SMTP.Send

Remember to grant admin consent.

Use Microsoft Authentication Library for .NET (MSAL.NET) nuget package to obtain an access token:

https://www.nuget.org/packages/Microsoft.Identity.Client/

var pcaOptions = new PublicClientApplicationOptions
{
    ClientId = "Application (client) ID",

    TenantId = "Directory (tenant) ID",
    // -or-
    // for @outlook.com/@hotmail accounts instead of setting TenantId use:
    // AadAuthorityAudience = AadAuthorityAudience.PersonalMicrosoftAccount, 

    RedirectUri = "https://login.microsoftonline.com/common/oauth2/nativeclient"
    // RedirectUri = "http://localhost" // for .net core
};

var pca = PublicClientApplicationBuilder
    .CreateWithApplicationOptions(pcaOptions)
    .Build();

var scopes = new string[] 
{
    "offline_access",
    "email",
    "https://outlook.office.com/IMAP.AccessAsUser.All",
    "https://outlook.office.com/POP.AccessAsUser.All",
    "https://outlook.office.com/SMTP.Send",
};

In addition, you can request for offline_access scope. When a user approves the offline_access scope, your app can receive refresh tokens from the Microsoft identity platform token endpoint. Refresh tokens are long-lived. Your app can get new access tokens as older ones expire.

Now acquire the access token and user email address:

var authResult = pca.AcquireTokenInteractive(scopes).ExecuteAsync().Result;

string user = authResult.Account.Username;
string accessToken = authResult.AccessToken;

Finally you can connect to IMAP/POP3/SMTP server and authenticate:

using (Imap client = new Imap())
{
    client.ConnectSSL("outlook.office365.com");
    client.LoginOAUTH2(user, accessToken);
 
    client.SelectInbox();

    // ...

    client.Close();
} 

As this is fairly new feature for Exchange/Office365, here are some useful links:

https://docs.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth

https://stackoverflow.com/questions/29747477/imap-auth-in-office-365-using-oauth2

https://stackoverflow.com/questions/43473858/connect-to-outlook-office-365-imap-using-oauth2

https://stackoverflow.com/questions/61597263/office-365-xoauth2-for-imap-and-smtp-authentication-fails

Using App Passwords with Gmail

Friday, October 18th, 2019

Go to your Google Account and on the left navigation panel, choose Security.

On the “Signing in to Google” panel, make sure I that 2-Step Verification is turned on and choose App Passwords. …

Select device and choose the device you’re using. Choose Generate.

Copy the generated password:

Log in to your IMAP, SMTP, POP3 account using your email and the generated password (instead of your email’s password):

Remember – no spaces!

C# code:

using (Imap client = new Imap()) 
{ 
    client.ConnectSSL("imap.gmail.com"); 
    client.UseBestLogin("XXXXX@gmail.com", "kvrcdzlicajaupje"); 

    // ... 

    client.Close(); 
}

VB.NET code:

Using imap As New Imap 
    imap.ConnectSSL("imap.gmail.com") 
    imap.UseBestLogin("XXXXX@gmail.com", "kvrcdzlicajaupje") 

    ' ... 

    imap.Close() 
End Using

Outlook365: IMAP, POP3, and SMTP settings

Wednesday, January 2nd, 2019

Outlook365 supports access via IMAP, POP3 and SMTP protocols. Below you can find the configuration settings for all protocols.

Latest Office 365 version

For latest Office 365 after the service upgrade, use the following settings:

IMAP

Server: outlook.office365.com
SSL: true-implicit, true-explicit (StartTLS)
Port: 993 (default), 143 (default)
User: pat@domain.onmicrosoft.com or pat@your-domain.com

POP3

Server: outlook.office365.com
SSL: true-implicit, true-explicit (StartTLS)
Port: 995 (default), 110 (default)
User: pat@domain.onmicrosoft.com or pat@your-domain.com

SMTP

Server: smtp.office365.com
SSL: true-explicit (StartTLS)
Port: 587(default)
User: pat@domain.onmicrosoft.com or pat@your-domain.com

IMAP and POP3 servers allow both: implicit/TLS SSL and explicit SSL/TLS, so you can ConnectSSL method -or- Connect and StartTLS.

SMTP server requires explicit SSL – use Connect and StartTLS method.

// C#

using (Imap client = new Imap())
{
    client.ConnectSSL("outlook.office365.com");
    client.UseBestLogin("user@domain.onmicrosoft.com", "password");
    ...
}

using (Pop3 client = new Pop3())
{
    client.ConnectSSL("outlook.office365.com");
    client.UseBestLogin("user@domain.onmicrosoft.com", "password");
    ...
}

using (Smtp client = new Smtp ())
{
    client.Connect("smtp.office365.com");
    client.StartTLS();

    client.UseBestLogin("user@domain.onmicrosoft.com", "password");
    ...
}
' VB.NET

Using client As New Imap()
	client.ConnectSSL("outlook.office365.com")
	client.UseBestLogin("user@domain.onmicrosoft.com", "password")
	...
End Using

Using client As New Pop3()
	client.ConnectSSL("outlook.office365.com")		
	client.UseBestLogin("user@domain.onmicrosoft.com", "password")
	...
End Using

Using client As New Smtp()
	client.Connect("smtp.office365.com")
	client.StartTLS()

	client.UseBestLogin("user@domain.onmicrosoft.com", "password")
	...
End Using

Office 365 pre-upgrade

For latest Office 365 pre-upgrade, use the following settings:

On the main screen go to “Options” / “See All Options…”:

Now click the “Settings for POP, IMAP, and SMTP access…” link:

You can find POP, SMTP and IMAP server addresses and settings on the popup window:

Office365 uses default ports for IMAP, POP3 and SMTP protocols. That means that you don’t need to remember port numbers, as Mail.dll .NET email component is going to use correct port numbers by default.

IMAP

Server: podXXXX.outlook.com
SSL: true-implicit
Port: 993 (default)
User: pat@domain.onmicrosoft.com or pat@your-domain.com

POP3

Server: podXXXX.outlook.com
SSL: true-implicit
Port: 995 (default)
User: pat@domain.onmicrosoft.com or pat@your-domain.com

SMTP

Server: podXXXX.outlook.com
SSL: true-explicit
Port: 587 (default)
User: pat@domain.onmicrosoft.com or pat@your-domain.com

IMAP and POP3 servers use implicit SSL – use ConnectSSL method. SMTP server requires explicit SSL – use Connect and StartTLS method.

// C#

using (Imap client = new Imap())
{
    client.ConnectSSL("podXXXX.outlook.com");
    client.UseBestLogin("user@domain.onmicrosoft.com", "password");
    ...
}

using (Pop3 client = new Pop3())
{
    client.ConnectSSL("podXXXX.outlook.com");
    client.UseBestLogin("user@domain.onmicrosoft.com", "password");
    ...
}

using (Smtp client = new Smtp ())
{
    client.Connect("podXXXX.outlook.com");
    client.StartTLS();

    client.UseBestLogin("user@domain.onmicrosoft.com", "password");
    ...
}
' VB.NET

Using client As New Imap()
	client.ConnectSSL("podXXXX.outlook.com")
	client.UseBestLogin("user@domain.onmicrosoft.com", "password")
	...
End Using

Using client As New Pop3()
	client.ConnectSSL("podXXXX.outlook.com")		
	client.UseBestLogin("user@domain.onmicrosoft.com", "password")
	...
End Using

Using client As New Smtp()
	client.Connect("podXXXX.outlook.com")
	client.StartTLS()

	client.UseBestLogin("user@domain.onmicrosoft.com", "password")
	...
End Using

You can find more details about using implicit and explicit SSL or TLS with email protocols: