Connect Office365 MailBox - Azure with Mail.dll LoginOAUTH2

0 votes

Hello Limilabs,

I need your help to resolve a problem that arises at a customer's installation.

I purchased the mail.dll library (license ID 31f50dcd-ad3e-4c44-ab18-6576edfc31a7) in order to connect to windows service (.Net Fw 4.7.2) with office365 mail box through Azure.

One of the features is to use the oAuth2 protocol, and to do this i followed this guide :
https://www.limilabs.com/blog/oauth2-client-credential-flow-office365-exchange-imap-pop3-smtp

I registered App on Azure, completed and verified each step of the guide and this is the result of the permissions on the mailbox : 

PS C:\Users\administrator> Get-MailboxPermission -Identity mailbox@customerdomain.com

Identity             User                 AccessRights                  IsInherited Deny

--------             ----                 ------------                  ----------- ----

5706258a-7390-49f... NT AUTHORITY\SELF    {FullAccess, ReadPermission}  False       False

5706258a-7390-49f... b88266ad-ed84-499... {FullAccess}                  False       False

But when try to connect my this code (C#):

oProject pProject   /*Class with configuration*/

if (pProject.pop3_UseTLS)
    System.Net.ServicePointManager.SecurityProtocol = 
        System.Net.SecurityProtocolType.Tls12;

var app = ConfidentialClientApplicationBuilder
    .Create(pProject.clientId)
    .WithTenantId(pProject.tenantId)
    .WithClientSecret(pProject.clientSecretvalue)
    .Build();

string[] scopes = new string[] { 
    "https://outlook.office365.com/.default" 
    };

var result = await app.AcquireTokenForClient(scopes)
    .ExecuteAsync();
string accessToken = result.AccessToken;

pProject.pop3_access_token = accessToken

mPop3 = new Limilabs.Client.POP3();
mPop3.ConnectSSL(pProject.pop3_server, pProject.pop3_port);

mPop3.LoginOAUTH2(
    pProject.pop3_username, pProject.pop3_access_token);

An exception is raised :

Limilabs.Client.POP3.Pop3ResponseException: Authentication failure: unknown user name or bad password.
at __00000___0.___(Pop3Response 0)
at Limilabs.Client.POP3.Pop3.LoginOAUTH2(String user, String accessToken)
at POP3Main.fetchmessages(oProject pProject)

I also read that the exception is speaking, but I assure you that the clientId, tenantId, clientSecretvalue
and email box (i tryed both "mailbox" and "mailbox@customerdomain.com" as user) are correct.
I tried to set guids intentionally wrong and I get a different error (correctly mail.dll says that app does not exist, tenant does not exist etc etc)

Have you had similar cases, could you give me a suggestion \ hint ?

Thank you very much for your help, I trust you to get out of this situation.

ago by (200 points)

Can you include results of:

Get-ServicePrincipal

Do IDs match?

Can you also check if IMAP/POP3 is enabled for your organization and mailbox?

ago by (303k points)

Hi Limilabs, this is the result fo command :

Get-AzADServicePrincipal -DisplayName "AppToAccessPop3"

AccountEnabled : True
AddIn : {}
AlternativeName : {}
AppDescription :
AppDisplayName : AppToAccessPop3
AppId : 6a1c8be8-01b6-4161-98f2-6ce2558ba1d9
AppOwnerOrganizationId : eae98225-a0ce-4271-83b3-e7a363bdf667
AppRole : {}
AppRoleAssignedTo :
AppRoleAssignment :
AppRoleAssignmentRequired : False
ApplicationTemplateId :
ClaimsMappingPolicy :
CreatedObject :
DelegatedPermissionClassification :
DeletedDateTime :
Description :
DisabledByMicrosoftStatus :
DisplayName : AppToAccessPop3
Endpoint :
FederatedIdentityCredentials :
HomeRealmDiscoveryPolicy :
Homepage :
Id : b88266ad-ed84-4990-b2e0-be8094d7c102
Info : {
}
KeyCredentials : {}
LoginUrl :
LogoutUrl :
MemberOf :
Note :
NotificationEmailAddress : {}
Oauth2PermissionGrant :
Oauth2PermissionScope : {}
OdataId :
OdataType : #microsoft.graph.serviceprincipal
OwnedObject :
Owner :
PasswordCredentials : {}
PreferredSingleSignOnMode :
PreferredTokenSigningKeyThumbprint :
ReplyUrl : {}
ResourceGroupName :
SamlSingleSignOnSetting : {
}
ServicePrincipalName : {6a1c8be8-01b6-4161-98f2-6ce2558ba1d9}
ServicePrincipalType : Application
SignInAudience : AzureADandPersonalMicrosoftAccount
Tag : {HideApp, WindowsAzureActiveDirectoryIntegratedApp}
TokenEncryptionKeyId :
TokenIssuancePolicy :
TokenLifetimePolicy :
TransitiveMemberOf :
AdditionalProperties : {
[id, b88266ad-ed84-4990-b2e0-be8094d7c102],
[createdDateTime, 2025-07-02T13:16:20Z],
[resourceSpecificApplicationPermissions, System.Object[]],
[verifiedPublisher, System.Collections.Generic.Dictionary`2[System.String,System.Object]]

}

I response yor question :

Do IDs match?
Yes, it seems so

Can you also check if IMAP/POP3 is enabled for your organization and mailbox?
Yes, the configuration is how explained in your guide

I take this opportunity to ask a question ... why the OAUTH2 Login method generates the error "unknown user name or bad password."

I do not pass any password ...

Very very thanks for tour suppors, i waiting...

ago by (200 points)

why the OAUTH2 Login method generates the error "unknown user name or
bad password."

I do not pass any password

It is the Exchange server that raises this error.
Access token is infact a password.

Please provide the response of Get-ServicePrincipal

Can you also check if IMAP/POP3 is enabled for your organization and mailbox?

ago by (303k points)

Goodmornig

Please provide the response of Get-ServicePrincipal

Sure, below the result :
I saw there's a 12,000 character limit for posting. So I had to trim the command output. Looking for something specific?

PS C:\Windows\system32> Get-AzADServicePrincipal

DisplayName                                            Id                                   AppId                               
-----------                                            --                                   -----                               
Azure DevOps                                           0027446b-ccc8-4c19-bc2b-790805920b67 499b84ac-1321-427f-aa17-267ca6975798
diagrams.net                                           005c4117-df6c-4849-867c-becc713c5e8e b5ff67d6-3155-4fca-965a-59a3655c4476
Microsoft Device Management Checkin                    00894686-00a2-4424-a35b-156339e8fafa ca0a114d-6fbc-46b3-90fa-2ec954794ddb
Windows Azure Service Management API                   00d53e6c-8b79-452c-bcc0-a78208ea3e4e 797f4846-ba00-4fd7-ba43-dac1f8f63013
Azure AD Application Proxy                             0137ab77-70df-4fd1-b143-80c46022bf46 47ee738b-3f1a-4fc7-ab11-37e4822b007e
Business Central to Common Data Service                0193112e-9a2e-4154-a453-1d9e295d3126 88c57617-94ff-4043-a396-8a85a8d38922
Microsoft Substrate Management                         01d385e4-1769-48e6-b47c-f19097194e0e 98db8bd6-0cc0-4e67-9de5-f187f1cd1b41
Office 365 Exchange Online                             01f5601e-230a-4b2b-95b3-d684d609ba34 00000002-0000-0ff1-ce00-000000000000
Microsoft Whiteboard Services                          026e07c6-41f4-49c1-bf01-2601a3303473 95de633a-083e-42f5-b444-a4295d8e9314
SharePointPnP.ProvisioningApp.Tenant                   02b89d9b-e59b-44b4-8593-a1c501e6be89 5d9fff84-5b34-4204-bc91-3aaf5f298c5d
AML Registries                                         02c6b339-5516-4a53-a40e-7b87170483ae 44b7b882-eb46-485c-9c78-686f6b67b176
Microsoft Intune AndroidSync                           0368cb66-b49c-4f1a-9bcc-9784fea1baec d8877f27-09c0-43aa-8113-40151dae8b14
AppToAccessPop3                                        b88266ad-ed84-4990-b2e0-be8094d7c102 6a1c8be8-01b6-4161-98f2-6ce2558ba1d9

Can you also check if IMAP/POP3 is enabled for your organization and mailbox?

Yes, I checked and it seems the flags are set correctly.
If I could attach some images, I'd be happy to show you how they're set.

ago by (200 points)

Are Enable Security defaults set to no, and Conditional Access | Policies empty?

I suggest going through the process of creating new secret again (maybe you copied it wrong).

ago by (303k points)

Please log in or register to answer this question.

...