2

We observe that quite recently our Email were failing to authenticate. Upon finding the reason for such action, we found out that a Policy at Office 365 Admin is causing this issue.

Further, we also found out that it's being blocked by a policy that says our App uses a Legacy Authentication scheme. Later it was understood that Microsoft will stop allowing Basic Authentication (Passing a Username and Password as for credentials) in the future and any connection which uses IMAPI, POP and SMTP protocols for connection. Further communication on Office 365 platform should be on minimum TLS 1.1 or 1.2

I am using a Web Job in Azure to execute Emails and for such System.Net.Mail.SmtpClient for Emailing. This Web Job executes bulk emails. I have checked my App Service, under SSL/TLS properties and have set HTTPS only and TLS 1.2. However, I am using Basic Authentication as the authenticating method. Below is the way I did the coding:

System.Net.Mail.SmtpClient objSmtpClient = null;

//uses the TLS port 587 with authentication
ServicePointManager.ServerCertificateValidationCallback = delegate (object s, System.Security.Cryptography.X509Certificates.X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { return true; };
objSmtpClient = new System.Net.Mail.SmtpClient("email.host.com", 587);
objSmtpClient.UseDefaultCredentials = false;
objSmtpClient.Credentials = new NetworkCredential(userName, passWord);
objSmtpClient.DeliveryMethod = SmtpDeliveryMethod.Network;
objSmtpClient.EnableSsl = true;

According to these facts, I want to know what are the other ways I can authenticate to Office 365 Email service on a .NET Framework and send Emails? If,

  1. SMTP protocol is not supported
  2. Basic Authentication is not supported

References: Can I send SMTP email through Office365 shared mailbox?

hiFI
  • 1,887
  • 3
  • 28
  • 57
  • 1
    Basic auth support was removed about 2 weeks ago. There's no fallback, you'll have to update your client to move to newer, more secure means. – Tanveer Badar Oct 06 '21 at 04:51
  • Not sure about Azure in particular but other systems require you to generate a token jwt or other that you will send as part of the request. – AliK Oct 06 '21 at 04:51
  • Thank you both for your comments. @TanveerBadar That's what I am struggling for. I can't find much documentation on other ways I can authenticate to Office 365. Seems like I will need to get an OAuth Token as AliK mentioned. If you do have any suggestion please feel free tell. – hiFI Oct 06 '21 at 05:00
  • 1
    @hiFI Can you reach out to Barry Dorrens over twitter with the issue? He might be able to help you directly or point you to better documentation/examples. – Tanveer Badar Oct 06 '21 at 05:52
  • @hiFI- Have you gone through this [Documentation](https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth) how to use OAuth authentication to connect with IMAP, POP or SMTP protocols and access email data for Office 365 users. – VenkateshDodda Oct 22 '21 at 11:32

1 Answers1

2

Microsoft Exchange online Docs say:

disabling SMTP AUTH in all tenants in which it's not being used and SMTP AUTH will still be available when Basic authentication is permanently disabled on October 1, 2022 and The reason SMTP will still be available is that many multi-function devices such as printers and scanners can't be updated to use modern authentication. However, we strongly encourage customers to move away from using Basic authentication with SMTP AUTH when possible.

There are 2 MailKit issues that discuss and show code for options, do any of these work for you when you disable SMTP auth on your m365 test environment tenant?

client.Authenticate (new SaslMechanismPlain ("username", "password"));

1: How can I implement service-to-service authentication with Office365 using the OAuth2 SASL mechanism? 2: Office365 IMAP/POP basic auth retirement October 2020

Does this test pass for you: 'TestSaslInitialResponse'

OzBob
  • 4,227
  • 1
  • 39
  • 48
  • 1
    Hi, @ozbob sorry to get back to you now. I wasn't able to use `client.Authenticate (new SaslMechanismPlain ("username", "password"));` but was able to use `client.Authenticate ("username", "password");` and subsequently was able to send email as well – hiFI Oct 13 '22 at 09:31