0 votes
by (260 points)

Hello,
I'm testing the SMTP OAuth2 login on Office365 in our app.

It fails on login method:

client.Login(userName, _accessToken, SmtpAuthentication.OAuth20);

Username and token are valid, they works with EWS and IMAP client.
The API permission on Microsoft Graph are:

  • email
  • EWS.Acces
  • sAsUser.All
  • IMAP.AccessAsUser.All
  • offline_access
  • openid
  • profile
  • SMTP.Send

What is wrong?

Thanks.

Here the log.

2022-07-28 12:30:01.438 Opening log file.
2022-07-28 12:30:01.452 INFO FileLogWriter(1)[1] Info: Assembly: Rebex.Common R6.5 for .NET 4.6-4.8
2022-07-28 12:30:01.461 INFO FileLogWriter(1)[1] Info: Platform: Windows 6.2.9200 64-bit; CLR: 4.0.30319.42000
2022-07-28 12:30:01.464 DEBUG FileLogWriter(1)[1] Info: Culture: it; Windows-1252
2022-07-28 12:30:01.970 DEBUG Smtp(1)[1] Info: State changed from 'Disconnected' to 'Connecting'.
2022-07-28 12:30:01.970 INFO Smtp(1)[1] Info: Connecting to smtp.office365.com:587 using Smtp.
2022-07-28 12:30:01.971 INFO Smtp(1)[1] Info: Assembly: Rebex.Smtp R6.5 for .NET 4.6-4.8
2022-07-28 12:30:01.971 INFO Smtp(1)[1] Info: Platform: Windows 6.2.9200 64-bit; CLR: 4.0.30319.42000
2022-07-28 12:30:01.972 DEBUG Smtp(1)[1] Info: Culture: it; Windows-1252
2022-07-28 12:30:02.012 DEBUG Smtp(1)[1] Proxy: Resolving 'smtp.office365.com'.
2022-07-28 12:30:02.096 DEBUG Smtp(1)[1] Proxy: Connecting to 52.97.232.194:587 (no proxy).
2022-07-28 12:30:02.135 DEBUG Smtp(1)[1] Proxy: Connection established.
2022-07-28 12:30:02.136 DEBUG Smtp(1)[1] Info: Connection succeeded.
2022-07-28 12:30:02.136 DEBUG Smtp(1)[1] Info: State changed from 'Connecting' to 'Reading'.
2022-07-28 12:30:02.181 INFO Smtp(1)[1] Response: 220 ZR0P278CA0036.outlook.office365.com Microsoft ESMTP MAIL Service ready at Thu, 28 Jul 2022 10:30:01 +0000
2022-07-28 12:30:02.183 DEBUG Smtp(1)[1] Info: State changed from 'Reading' to 'Ready'.
2022-07-28 12:30:02.192 DEBUG Smtp(1)[1] Info: State changed from 'Ready' to 'Sending'.
2022-07-28 12:30:02.196 INFO Smtp(1)[1] Command: EHLO sthlv4-e1
2022-07-28 12:30:02.196 DEBUG Smtp(1)[1] Info: State changed from 'Sending' to 'Reading'.
2022-07-28 12:30:02.228 INFO Smtp(1)[1] Response: 250-ZR0P278CA0036.outlook.office365.com Hello [51.179.36.12]
2022-07-28 12:30:02.228 INFO Smtp(1)[1] Response: 250-SIZE 157286400
2022-07-28 12:30:02.228 INFO Smtp(1)[1] Response: 250-PIPELINING
2022-07-28 12:30:02.228 INFO Smtp(1)[1] Response: 250-DSN
2022-07-28 12:30:02.228 INFO Smtp(1)[1] Response: 250-ENHANCEDSTATUSCODES
2022-07-28 12:30:02.228 INFO Smtp(1)[1] Response: 250-STARTTLS
2022-07-28 12:30:02.228 INFO Smtp(1)[1] Response: 250-8BITMIME
2022-07-28 12:30:02.228 INFO Smtp(1)[1] Response: 250-BINARYMIME
2022-07-28 12:30:02.228 INFO Smtp(1)[1] Response: 250-CHUNKING
2022-07-28 12:30:02.228 INFO Smtp(1)[1] Response: 250 SMTPUTF8
2022-07-28 12:30:02.229 DEBUG Smtp(1)[1] Info: State changed from 'Reading' to 'Ready'.
2022-07-28 12:30:02.237 DEBUG Smtp(1)[1] Info: State changed from 'Ready' to 'Sending'.
2022-07-28 12:30:02.237 INFO Smtp(1)[1] Command: STARTTLS
2022-07-28 12:30:02.237 DEBUG Smtp(1)[1] Info: State changed from 'Sending' to 'Reading'.
2022-07-28 12:30:02.288 INFO Smtp(1)[1] Response: 220 2.0.0 SMTP server ready
2022-07-28 12:30:02.288 DEBUG Smtp(1)[1] Info: State changed from 'Reading' to 'Ready'.
2022-07-28 12:30:02.291 DEBUG Smtp(1)[1] Info: Upgrading connection to TLS.
2022-07-28 12:30:02.492 DEBUG Smtp(1)[1] TLS: Using classic TLS core.
2022-07-28 12:30:02.559 DEBUG Smtp(1)[1] TLS: Enabled cipher suites: 0x000F3DF7EBE00640.
2022-07-28 12:30:02.654 DEBUG Smtp(1)[1] TLS: Applicable cipher suites: 0x000F3DF7EBE00640.
2022-07-28 12:30:02.685 DEBUG Smtp(1)[1] TLS: HandshakeMessage:ClientHello was sent.
2022-07-28 12:30:02.785 DEBUG Smtp(1)[1] TLS: HandshakeMessage:ServerHello was received.
2022-07-28 12:30:02.788 INFO Smtp(1)[1] TLS: Negotiating TLS 1.2, RSA with ephemeral ECDH, AES with 256-bit key in GCM mode, AEAD.
2022-07-28 12:30:02.795 DEBUG Smtp(1)[1] TLS: The server supports secure renegotiation.
2022-07-28 12:30:02.800 DEBUG Smtp(1)[1] TLS: Extended master secret is enabled.
2022-07-28 12:30:02.806 DEBUG Smtp(1)[1] TLS: HandshakeMessage:Certificate was received.
2022-07-28 12:30:02.843 DEBUG Smtp(1)[1] TLS: HandshakeMessage:ServerKeyExchange was received.
2022-07-28 12:30:02.849 DEBUG Smtp(1)[1] TLS: HandshakeMessage:CertificateRequest was received.
2022-07-28 12:30:02.849 DEBUG Smtp(1)[1] TLS: HandshakeMessage:ServerHelloDone was received.
2022-07-28 12:30:02.859 DEBUG Smtp(1)[1] TLS: Verifying server certificate ('CN=outlook.com, O=Microsoft Corporation, L=Redmond, S=Washington, C=US').
2022-07-28 12:30:02.972 DEBUG Smtp(1)[1] TLS: Certificate verification result: Accept
2022-07-28 12:30:02.976 DEBUG Smtp(1)[1] TLS: Verifying server key exchange signature.
2022-07-28 12:30:03.034 DEBUG Smtp(1)[1] TLS: Using ephemeral ECDH public key exchange with NIST P-384 curve.
2022-07-28 12:30:03.054 DEBUG Smtp(1)[1] TLS: Client certificate authentication was requested.
2022-07-28 12:30:03.054 DEBUG Smtp(1)[1] TLS: No suitable client certificate is available.
2022-07-28 12:30:03.059 DEBUG Smtp(1)[1] TLS: HandshakeMessage:Certificate was sent.
2022-07-28 12:30:03.061 DEBUG Smtp(1)[1] TLS: HandshakeMessage:ClientKeyExchange was sent.
2022-07-28 12:30:03.109 DEBUG Smtp(1)[1] TLS: CipherSpec:ChangeCipherSpec was sent.
2022-07-28 12:30:03.112 DEBUG Smtp(1)[1] TLS: HandshakeMessage:Finished was sent.
2022-07-28 12:30:03.166 DEBUG Smtp(1)[1] TLS: CipherSpec:ChangeCipherSpec was received.
2022-07-28 12:30:03.172 DEBUG Smtp(1)[1] TLS: HandshakeMessage:Finished was received.
2022-07-28 12:30:03.174 INFO Smtp(1)[1] TLS: Connection secured using cipher: TLS 1.2, RSA with ephemeral ECDH, AES with 256-bit key in GCM mode, AEAD.
2022-07-28 12:30:03.174 DEBUG Smtp(1)[1] Info: Connection upgraded to TLS 1.2.
2022-07-28 12:30:03.174 DEBUG Smtp(1)[1] Info: State changed from 'Ready' to 'Sending'.
2022-07-28 12:30:03.179 INFO Smtp(1)[1] Command: EHLO sthlv4-e1
2022-07-28 12:30:03.179 DEBUG Smtp(1)[1] Info: State changed from 'Sending' to 'Reading'.
2022-07-28 12:30:03.217 INFO Smtp(1)[1] Response: 250-ZR0P278CA0036.outlook.office365.com Hello [51.179.36.12]
2022-07-28 12:30:03.217 INFO Smtp(1)[1] Response: 250-SIZE 157286400
2022-07-28 12:30:03.217 INFO Smtp(1)[1] Response: 250-PIPELINING
2022-07-28 12:30:03.217 INFO Smtp(1)[1] Response: 250-DSN
2022-07-28 12:30:03.217 INFO Smtp(1)[1] Response: 250-ENHANCEDSTATUSCODES
2022-07-28 12:30:03.217 INFO Smtp(1)[1] Response: 250-AUTH LOGIN XOAUTH2
2022-07-28 12:30:03.217 INFO Smtp(1)[1] Response: 250-8BITMIME
2022-07-28 12:30:03.217 INFO Smtp(1)[1] Response: 250-BINARYMIME
2022-07-28 12:30:03.217 INFO Smtp(1)[1] Response: 250-CHUNKING
2022-07-28 12:30:03.217 INFO Smtp(1)[1] Response: 250 SMTPUTF8
2022-07-28 12:30:03.217 DEBUG Smtp(1)[1] Info: State changed from 'Reading' to 'Ready'.
2022-07-28 12:30:04.615 DEBUG Smtp(1)[1] Info: State changed from 'Ready' to 'Sending'.
2022-07-28 12:30:04.615 INFO Smtp(1)[1] Command: AUTH XOAUTH2 **************************************************************************************************************************************************************
2022-07-28 12:30:04.615 DEBUG Smtp(1)[1] Info: State changed from 'Sending' to 'Reading'.
2022-07-28 12:30:10.229 INFO Smtp(1)[1] Response: 535 5.7.3 Authentication unsuccessful [ZR0P278CA0036.CHEP278.PROD.OUTLOOK.COM]
2022-07-28 12:30:10.229 DEBUG Smtp(1)[1] Info: State changed from 'Reading' to 'Ready'.
2022-07-28 12:30:10.244 ERROR Smtp(1)[1] Info: Rebex.Net.SmtpException: Authentication unsuccessful [ZR0P278CA0036.CHEP278.PROD.OUTLOOK.COM] (535).
   at Rebex.Net.Smtp.bhxuu(String p0, String p1, SmtpAuthentication p2, GssApiProvider p3)
   at Rebex.Net.Smtp.qaiwm(String p0, String p1, SmtpAuthentication p2)
Applies to: Rebex Secure Mail

1 Answer

0 votes
by (148k points)

Hello,

These permissions are sufficient, and we are able to perform a successful SMTP OAuth2 login with our test application. To try the same code, get the repository with ImapOAuthWpfApp_IdentityClient sample app, but replace the IMAP code with the following SMTP code (and add reference to Rebex.Smtp to the project):

using (var client = new Smtp())
{
    client.Connect("smtp.office365.com", SslMode.Explicit);
    client.Login(_account.Username, _accessToken, SmtpAuthentication.OAuth20);
}

Does this work?

by (260 points)
Hello Lukas,
I tried the "smtp code" on ImapOAuthWpfApp_IdentityClient project bou I get always the same result:
Authentication unsuccessful [MR2P264CA0133.FRAP264.PROD.OUTLOOK.COM] (535).'

Thanks
by (148k points)
Hello, have you enabled authenticated SMTP client submission as well? This seems to be needed as well in addition to the permissions.
https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission
by (260 points)
Hello Lukas,
Authenticated SMTP is enabled on tenant and on user.
If I use "SmtpAuthentication.Login" (username and password) it works, with SmtpAuthentication.OAuth20 it doesn't work.

Thanks
by (148k points)
This is very unlikely to be a Rebex issue, and with no access to your Azure app registration and settings, our options are limited. I published a new sample app to our GitHub sample repository that shows how to use authenticate to SMTP on Office365 via OAuth2 with delegated authentication and send an e-mail: https://github.com/rebexnet/RebexExtras/tree/master/Office365_OAuth2_IdentityClient/SmtpOAuthWpfApp_IdentityClient

When I set the ClientId and TenantId in MainWindow.xaml.cs file to values corresponding to our registered application, the sample app can successfully authenticate and send email. Could you give this a try with your ClientId and TenantId?
...