0 votes
by (140 points)

Hello,
I'm trying to integrate the OAuth2 login on Office365 in our app.
I've converted this sample in donet framework 4.8 : https://github.com/rebexnet/RebexExtras/tree/master/Office365_OAuth2_IdentityClient/EwsOAuthAppOnlyConsole_IdentityClient
And I've got an execption (details below)on this line : Await client.LoginAsync(accessToken, EwsAuthentication.OAuth20)
The accessToken is well filled

Exception and log level debug :

Authenticating via Office365...
Connecting to EWS...
Authenticating to EWS...
Error: Rebex.Net.EwsException: Root element is missing. ---> Rebex.Net.EwsException: Root element is missing. ---> System.Xml.XmlException: Root element is missing.
at System.Xml.XmlTextReaderImpl.Throw(Exception e)
at System.Xml.XmlTextReaderImpl.ParseDocumentContent()
at System.Xml.XmlTextReaderImpl.Read()
at sfpmj.izcux.ymixu(XmlReader p0)
at sfpmj.xseyv.bxiva(Stream p0)
at sfpmj.cuajy.luwkk(gsnkd p0)
at sfpmj.cuajy.melup[T](String p0, Object p1)
at Rebex.Net.Ews.cdgrw(EwsFolderId p0, rmcbm p1)
at Rebex.Net.Ews.kzrqz.aoedu()
at Rebex.Net.Ews.dzvaj[T](String p0, Func1 p1, matxv p2) --- End of inner exception stack trace --- at Rebex.Net.Ews.dzvaj[T](String p0, Func1 p1, matxv p2)
at Rebex.Net.Ews.ykvwe(EwsFolderId p0)
at Rebex.Net.Ews.asvjq.kgiye()
at Rebex.Net.Ews.dzvaj[T](String p0, Func1 p1, matxv p2) --- End of inner exception stack trace --- at Rebex.Net.Ews.dzvaj[T](String p0, Func1 p1, matxv p2)
at Rebex.Net.Ews.csdem(String p0)
at Rebex.Net.Ews.naqai(Object p0, Enum p1, Object[] p2)
at sfpmj.xkoxp.vocdo(Object p0)
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
at EwsOAuth2.EwsOAuth2.VB$StateMachine7EwsRunAsync.MoveNext() in D:\CODE\Rebex\EWS_OAUTH2\EwsOAuth2\Module1.vb:line 41
2022-07-22 12:45:41.874 DEBUG Ews(1)[3] EWS: Executing Connect method.
2022-07-22 12:45:41.888 INFO Ews(1)[3] EWS: Connecting to https://outlook.office365.com:443 using Ews.
2022-07-22 12:45:41.889 INFO Ews(1)[3] Info: Assembly: Rebex.Ews R6.5 for .NET 4.0-4.8
2022-07-22 12:45:41.890 INFO Ews(1)[3] Info: Platform: Windows 6.2.9200 32-bit; CLR: 4.0.30319.42000
2022-07-22 12:45:41.890 DEBUG Ews(1)[3] Info: Culture: en; Windows-1252
2022-07-22 12:45:41.892 DEBUG Ews(1)[3] HTTP: Connecting to 'https://outlook.office365.com:443'...
2022-07-22 12:45:41.892 DEBUG Ews(1)[3] Info: Assembly: Rebex.Networking R6.5 for .NET 4.0-4.8
2022-07-22 12:45:41.892 DEBUG Ews(1)[3] Info: Platform: Windows 6.2.9200 32-bit; CLR: 4.0.30319.42000
2022-07-22 12:45:41.892 DEBUG Ews(1)[3] Info: Culture: en; Windows-1252
2022-07-22 12:45:41.902 DEBUG Ews(1)[3] Proxy: Resolving 'outlook.office365.com'.
2022-07-22 12:45:41.907 DEBUG Ews(1)[3] Proxy: Connecting to 40.99.205.2:443 (no proxy).
2022-07-22 12:45:41.915 DEBUG Ews(1)[3] Proxy: Connection established.
2022-07-22 12:45:41.977 DEBUG Ews(1)[3] TLS: Using classic TLS core.
2022-07-22 12:45:41.996 DEBUG Ews(1)[3] TLS: Enabled cipher suites: 0x000F3DF7EBE00640.
2022-07-22 12:45:42.054 DEBUG Ews(1)[3] TLS: Applicable cipher suites: 0x000F3DF7EBE00640.
2022-07-22 12:45:42.061 DEBUG Ews(1)[3] TLS: HandshakeMessage:ClientHello was sent.
2022-07-22 12:45:42.080 DEBUG Ews(1)[3] TLS: HandshakeMessage:ServerHello was received.
2022-07-22 12:45:42.081 DEBUG Ews(1)[3] TLS: Negotiating TLS 1.2, RSA with ephemeral ECDH, AES with 256-bit key in GCM mode, AEAD.
2022-07-22 12:45:42.083 DEBUG Ews(1)[3] TLS: The server supports secure renegotiation.
2022-07-22 12:45:42.084 DEBUG Ews(1)[3] TLS: Extended master secret is enabled.
2022-07-22 12:45:42.085 DEBUG Ews(1)[3] TLS: HandshakeMessage:Certificate was received.
2022-07-22 12:45:42.098 DEBUG Ews(1)[3] TLS: HandshakeMessage:ServerKeyExchange was received.
2022-07-22 12:45:42.098 DEBUG Ews(1)[3] TLS: HandshakeMessage:ServerHelloDone was received.
2022-07-22 12:45:42.100 DEBUG Ews(1)[3] TLS: Verifying server certificate ('CN=outlook.com, O=Microsoft Corporation, L=Redmond, S=Washington, C=US').
2022-07-22 12:45:42.129 DEBUG Ews(1)[3] TLS: Certificate verification result: Accept
2022-07-22 12:45:42.130 DEBUG Ews(1)[3] TLS: Verifying server key exchange signature.
2022-07-22 12:45:42.152 DEBUG Ews(1)[3] TLS: Using ephemeral ECDH public key exchange with NIST P-384 curve.
2022-07-22 12:45:42.161 DEBUG Ews(1)[3] TLS: HandshakeMessage:ClientKeyExchange was sent.
2022-07-22 12:45:42.174 DEBUG Ews(1)[3] TLS: CipherSpec:ChangeCipherSpec was sent.
2022-07-22 12:45:42.175 DEBUG Ews(1)[3] TLS: HandshakeMessage:Finished was sent.
2022-07-22 12:45:42.187 DEBUG Ews(1)[3] TLS: CipherSpec:ChangeCipherSpec was received.
2022-07-22 12:45:42.188 DEBUG Ews(1)[3] TLS: HandshakeMessage:Finished was received.
2022-07-22 12:45:42.189 DEBUG Ews(1)[3] TLS: Connection secured using cipher: TLS 1.2, RSA with ephemeral ECDH, AES with 256-bit key in GCM mode, AEAD.
2022-07-22 12:45:42.194 DEBUG Ews(1)[3] HTTP: Sending request: HEAD /EWS/Services.wsdl
2022-07-22 12:45:42.194 DEBUG Ews(1)[3] HTTP: PreAuthenticate: False
2022-07-22 12:45:42.196 DEBUG Ews(1)[3] HTTP: Request Connection: keep-alive.
2022-07-22 12:45:42.199 DEBUG Ews(1)[3] HTTP: Sending request (119 bytes).
2022-07-22 12:45:42.224 DEBUG Ews(1)[3] HTTP: Received response: 401 Unauthorized.
2022-07-22 12:45:42.224 DEBUG Ews(1)[3] HTTP: Received 17 headers.
2022-07-22 12:45:42.224 DEBUG Ews(1)[3] HTTP: Response Content-Length: 0 bytes.
2022-07-22 12:45:42.224 DEBUG Ews(1)[3] HTTP: Response Connection not specified; using 'keep-alive'.
2022-07-22 12:45:42.224 DEBUG Ews(1)[3] HTTP: Response Content-Encoding not specified.
2022-07-22 12:45:42.227 DEBUG Ews(1)[3] HTTP: Server requires authentication: Basic Realm=""
2022-07-22 12:45:42.231 DEBUG Ews(1)[3] EWS: Server supports OAuth 2.0: True
2022-07-22 12:45:42.231 DEBUG Ews(1)[3] EWS: Connect succeeded.
2022-07-22 12:45:42.944 DEBUG Ews(1)[4] EWS: Executing Login method.
2022-07-22 12:45:42.949 INFO Ews(1)[4] EWS: Authenticating to Exchange server using OAuth 2.0.
2022-07-22 12:45:42.950 DEBUG Ews(1)[4] EWS: Executing GetFolderId method.
2022-07-22 12:45:43.018 DEBUG Ews(1)[4] SOAP: SOAP request:




xxxxxx@ecaxxxx.com


en-US





IdOnly







2022-07-22 12:45:43.018 DEBUG Ews(1)[4] HTTP: Sending request: POST /EWS/Exchange.asmx
2022-07-22 12:45:43.018 DEBUG Ews(1)[4] HTTP: PreAuthenticate: False
2022-07-22 12:45:43.018 DEBUG Ews(1)[4] HTTP: Request Connection: keep-alive.
2022-07-22 12:45:43.019 DEBUG Ews(1)[4] HTTP: Sending request (1807 bytes).
2022-07-22 12:45:43.020 DEBUG Ews(1)[4] HTTP: Sending 735 bytes of data.
2022-07-22 12:45:43.073 DEBUG Ews(1)[4] HTTP: Received response: 403 .
2022-07-22 12:45:43.073 DEBUG Ews(1)[4] HTTP: Received 29 headers.
2022-07-22 12:45:43.073 DEBUG Ews(1)[4] HTTP: Response Content-Length: 0 bytes.
2022-07-22 12:45:43.073 DEBUG Ews(1)[4] HTTP: Response Connection not specified; using 'keep-alive'.
2022-07-22 12:45:43.073 DEBUG Ews(1)[4] HTTP: Response Content-Encoding not specified.
2022-07-22 12:45:43.073 DEBUG Ews(1)[4] HTTP: Response Transfer-Encoding not specified.
2022-07-22 12:45:43.074 DEBUG Ews(1)[4] HTTP: Exchange cookie: xxxxxxx
2022-07-22 12:45:43.075 INFO Ews(1)[4] HTTP: Request failed: 403
2022-07-22 12:45:43.112 DEBUG Ews(1)[4] HTTP: Received content (0 bytes).
2022-07-22 12:45:43.113 DEBUG Ews(1)[4] HTTP: Closing response stream.
2022-07-22 12:45:43.128 ERROR Ews(1)[4] EWS: GetFolderId failed: System.Xml.XmlException: Root element is missing.
at System.Xml.XmlTextReaderImpl.Throw(Exception e)
at System.Xml.XmlTextReaderImpl.ParseDocumentContent()
at System.Xml.XmlTextReaderImpl.Read()
at sfpmj.izcux.ymixu(XmlReader p0)
at sfpmj.xseyv.bxiva(Stream p0)
at sfpmj.cuajy.luwkk(gsnkd p0)
at sfpmj.cuajy.melup[T](String p0, Object p1)
at Rebex.Net.Ews.cdgrw(EwsFolderId p0, rmcbm p1)
at Rebex.Net.Ews.kzrqz.aoedu()
at Rebex.Net.Ews.dzvaj[T](String p0, Func1 p1, matxv p2) 2022-07-22 12:45:43.132 ERROR Ews(1)[4] EWS: Login failed: Rebex.Net.EwsException: Root element is missing. ---> System.Xml.XmlException: Root element is missing. at System.Xml.XmlTextReaderImpl.Throw(Exception e) at System.Xml.XmlTextReaderImpl.ParseDocumentContent() at System.Xml.XmlTextReaderImpl.Read() at sfpmj.izcux.ymixu(XmlReader p0) at sfpmj.xseyv.bxiva(Stream p0) at sfpmj.cuajy.luwkk(gsnkd p0) at sfpmj.cuajy.melup[T](String p0, Object p1) at Rebex.Net.Ews.cdgrw(EwsFolderId p0, rmcbm p1) at Rebex.Net.Ews.kzrqz.aoedu() at Rebex.Net.Ews.dzvaj[T](String p0, Func1 p1, matxv p2)
--- End of inner exception stack trace ---
at Rebex.Net.Ews.dzvaj[T](String p0, Func1 p1, matxv p2) at Rebex.Net.Ews.ykvwe(EwsFolderId p0) at Rebex.Net.Ews.asvjq.kgiye() at Rebex.Net.Ews.dzvaj[T](String p0, Func1 p1, matxv p2)
2022-07-22 12:45:49.419 DEBUG Ews(1)[4] HTTP: Closing HTTP session (1).
2022-07-22 12:45:49.419 DEBUG Ews(1)[4] TLS: Closing TLS socket.
2022-07-22 12:45:49.422 DEBUG Ews(1)[4] TLS: Alert:CloseNotify was sent.

Applies to: Rebex Secure Mail

1 Answer

0 votes
by (134k points)
edited by

Update: We added a workaround for this in Rebex Secure Mail R6.6. Customers using Rebex EWS to access Microsoft 365 are advised to upgrade.


This error is known to occur when the EWS server responds with a content-type indicating text/xml, but then sends an empty response body.

This causes the “Root element is missing” error when attempting to parse it, because the response is not a valid XML. However, this masks the real issue, which has been reported in the response headers. It can be retrieved by creating a log at LogLevel.Verbose level instead of LogLevel.Debug - then, locate "Root element is missing" error in the log, and check out the headers of the "403" response above it for the actual error reason. In the next release, Rebex Secure Mail will report a proper error in these cases.

This issue has been recently encountered by several customers implementing app-only authentication, and it looks like it's caused by access tokens that don't have appropriate permissions for the EWS API call. Apparently, for EWS access, Mail.Send and Mail.Read permissions are not sufficient, and full_access_as_app is needed instead. See https://forum.rebex.net/21652/example-registration-authentication-process-connect-outlook?show=21657#a21657 for more information.

...