Ask a Question

Unable to login to Office 365 IMAP, getting exception: Rebex.Net.ImapException: AUTHENTICATE failed (NO).

0 votes
by (120 points)
edited by

2022-08-16 18:30:29.266 Opening log file.
2022-08-16 18:30:29.270 INFO FileLogWriter(1)[10] Info: Assembly: Rebex.Common R6.5 for .NET 4.6-4.8
2022-08-16 18:30:29.273 INFO FileLogWriter(1)[10] Info: Platform: Windows 6.2.9200 64-bit; CLR: 4.0.30319.42000
2022-08-16 18:30:29.273 DEBUG FileLogWriter(1)[10] Info: Culture: th; windows-874
2022-08-16 18:30:33.463 DEBUG Imap(1)[10] Info: State changed from 'Disconnected' to 'Connecting'.
2022-08-16 18:30:33.463 INFO Imap(1)[10] Info: Connecting to Outlook.office365.com:993 using Imap.
2022-08-16 18:30:33.464 INFO Imap(1)[10] Info: Assembly: Rebex.Imap R6.5 for .NET 4.6-4.8 (Trial)
2022-08-16 18:30:33.464 INFO Imap(1)[10] Info: Platform: Windows 6.2.9200 64-bit; CLR: 4.0.30319.42000
2022-08-16 18:30:33.464 DEBUG Imap(1)[10] Info: Culture: th; windows-874
2022-08-16 18:30:33.464 INFO Imap(1)[10] Info: Using proxy HTTP CONNECT 192.168.4.14:8080.
2022-08-16 18:30:33.465 INFO Imap(1)[10] Info: Connecting to Outlook.office365.com.
2022-08-16 18:30:33.482 DEBUG Imap(1)[10] Proxy: Connecting to HTTP CONNECT proxy at 192.168.4.14:8080.
2022-08-16 18:30:33.585 DEBUG Imap(1)[10] Proxy: Connection established.
2022-08-16 18:30:33.678 DEBUG Imap(1)[10] Proxy: Connection initialized successfully.
2022-08-16 18:30:33.679 DEBUG Imap(1)[10] Info: Connection succeeded.
2022-08-16 18:30:33.684 DEBUG Imap(1)[10] Info: Upgrading connection to TLS.
2022-08-16 18:30:33.771 DEBUG Imap(1)[10] TLS: Using classic TLS core.
2022-08-16 18:30:33.799 DEBUG Imap(1)[10] TLS: Enabled cipher suites: 0x0C1FFFFFFFF4F666.
2022-08-16 18:30:33.898 DEBUG Imap(1)[10] TLS: Applicable cipher suites: 0x0C1FFFFFFFF4F666.
2022-08-16 18:30:33.910 DEBUG Imap(1)[10] TLS: HandshakeMessage:ClientHello was sent.
2022-08-16 18:30:34.024 DEBUG Imap(1)[10] TLS: HandshakeMessage:ServerHello was received.
2022-08-16 18:30:34.025 INFO Imap(1)[10] TLS: Negotiating TLS 1.2, RSA with ephemeral ECDH, AES with 256-bit key in GCM mode, AEAD.
2022-08-16 18:30:34.029 DEBUG Imap(1)[10] TLS: The server supports secure renegotiation.
2022-08-16 18:30:34.030 DEBUG Imap(1)[10] TLS: Extended master secret is enabled.
2022-08-16 18:30:34.033 DEBUG Imap(1)[10] TLS: HandshakeMessage:Certificate was received.
2022-08-16 18:30:34.054 DEBUG Imap(1)[10] TLS: HandshakeMessage:ServerKeyExchange was received.
2022-08-16 18:30:34.054 DEBUG Imap(1)[10] TLS: HandshakeMessage:ServerHelloDone was received.
2022-08-16 18:30:34.061 DEBUG Imap(1)[10] TLS: Verifying server certificate ('CN=outlook.com, O=Microsoft Corporation, L=Redmond, S=Washington, C=US').
2022-08-16 18:30:34.063 DEBUG Imap(1)[10] TLS: Certificate verification result: Accept
2022-08-16 18:30:34.066 DEBUG Imap(1)[10] TLS: Verifying server key exchange signature.
2022-08-16 18:30:34.101 DEBUG Imap(1)[10] TLS: Using ephemeral ECDH public key exchange with NIST P-384 curve.
2022-08-16 18:30:34.110 DEBUG Imap(1)[10] TLS: HandshakeMessage:ClientKeyExchange was sent.
2022-08-16 18:30:34.129 DEBUG Imap(1)[10] TLS: CipherSpec:ChangeCipherSpec was sent.
2022-08-16 18:30:34.130 DEBUG Imap(1)[10] TLS: HandshakeMessage:Finished was sent.
2022-08-16 18:30:34.211 DEBUG Imap(1)[10] TLS: CipherSpec:ChangeCipherSpec was received.
2022-08-16 18:30:34.217 DEBUG Imap(1)[10] TLS: HandshakeMessage:Finished was received.
2022-08-16 18:30:34.219 INFO Imap(1)[10] TLS: Connection secured using cipher: TLS 1.2, RSA with ephemeral ECDH, AES with 256-bit key in GCM mode, AEAD.
2022-08-16 18:30:34.225 DEBUG Imap(1)[10] Info: Connection upgraded to TLS 1.2.
2022-08-16 18:30:34.236 DEBUG Imap(1)[10] Info: State changed from 'Connecting' to 'Reading'.
2022-08-16 18:30:34.240 INFO Imap(1)[10] Response: * OK The Microsoft Exchange IMAP4 service is ready. [SwBMADEAUABSADAAMgBDAEEAMAAwADMAMwAuAGEAcABjAHAAcgBkADAAMgAuAHAAcgBvAGQALgBvAHUAdABsAG8AbwBrAC4AYwBvAG0A]
2022-08-16 18:30:34.248 DEBUG Imap(1)[10] Info: State changed from 'Reading' to 'Ready'.
2022-08-16 18:30:34.256 DEBUG Imap(1)[10] Info: State changed from 'Ready' to 'Sending'.
2022-08-16 18:30:34.259 INFO Imap(1)[10] Command: R00001 CAPABILITY
2022-08-16 18:30:34.259 DEBUG Imap(1)[10] Info: State changed from 'Sending' to 'Reading'.
2022-08-16 18:30:34.320 INFO Imap(1)[10] Response: * CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=XOAUTH2 SASL-IR UIDPLUS MOVE ID UNSELECT CHILDREN IDLE NAMESPACE LITERAL+
2022-08-16 18:30:34.320 INFO Imap(1)[10] Response: R00001 OK CAPABILITY completed.
2022-08-16 18:30:34.320 DEBUG Imap(1)[10] Info: State changed from 'Reading' to 'Ready'.
2022-08-16 18:30:35.915 DEBUG Imap(1)[10] Info: State changed from 'Ready' to 'Sending'.
2022-08-16 18:30:35.915 INFO Imap(1)[10] Command: R00002 AUTHENTICATE XOAUTH2 dXNlcj1pbWFwdXNlcjAxQHNjMzY1Lm9ubWljcm9zb2Z0LmNvbVx4MWF1dGg9QmVhcmVyIGV5SjBlWEFpT2lKS1YxUWlMQ0p1YjI1alpTSTZJbkZrU1ZjNFpUZDFiMkk0YnpaU1dIVmlXV051UXpoZlgybFdVWFJUTmxrd1JFeGlYMGhsU0ZwWWR6Z2lMQ0poYkdjaU9pSlNVekkxTmlJc0luZzFkQ0k2SWpKYVVYQktNMVZ3WW1wQldWaFpSMkZZUlVwc09HeFdNRlJQU1NJc0ltdHBaQ0k2SWpKYVVYQktNMVZ3WW1wQldWaFpSMkZZUlVwc09HeFdNRlJQU1NKOS5leUpoZFdRaU9pSm9kSFJ3Y3pvdkwyZHlZWEJvTG0xcFkzSnZjMjltZEM1amIyMGlMQ0pwYzNNaU9pSm9kSFJ3Y3pvdkwzTjBjeTUzYVc1a2IzZHpMbTVsZEM4MFl6QTRORFUwWlMxak1tWXdMVFF5TWpjdFlqVmxOUzFrWVRKaE9HWXpOakpqT0RJdklpd2lhV0YwSWpveE5qWXdOalE1TVRJNUxDSnVZbVlpT2pFMk5qQTJORGt4TWprc0ltVjRjQ0k2TVRZMk1EWTFNekF5T1N3aVlXbHZJam9pUlRKYVoxbEdhVzQzWm5wSEwyRnVRbEJOYTNSVVoxZHhhalY1TUVGQlBUMGlMQ0poY0hCZlpHbHpjR3hoZVc1aGJXVWlPaUpCWTJObGMzTWdUV0ZwYkdKdmVDSXNJbUZ3Y0dsa0lqb2lPR1prTXpBM056QXRNalExWmkwME5XVmhMVGsxT1RVdFpXUmxNV0kwTmpJd01XSmhJaXdpWVhCd2FXUmhZM0lpT2lJeElpd2lhV1J3SWpvaWFIUjBjSE02THk5emRITXVkMmx1Wkc5M2N5NXVaWFF2TkdNd09EUTFOR1V0WXpKbU1DMDBNakkzTFdJMVpUVXRaR0V5WVRobU16WXlZemd5THlJc0ltbGtkSGx3SWpvaVlYQndJaXdpYjJsa0lqb2lOR05sWkdabU9UUXRaRE0xWlMwME1qbGlMVGxoTVRBdE1HWmtOalpqWWpGbFltUXdJaXdpY21naU9pSXdMa0ZWYTBGVWExVkpWRkJFUTBvd1N6RTFaRzl4YW5wWmMyZG5UVUZCUVVGQlFVRkJRWGRCUVVGQlFVRkJRVUZDU2tGQlFTNGlMQ0p6ZFdJaU9pSTBZMlZrWm1ZNU5DMWtNelZsTFRReU9XSXRPV0V4TUMwd1ptUTJObU5pTVdWaVpEQWlMQ0owWlc1aGJuUmZjbVZuYVc5dVgzTmpiM0JsSWpvaVFWTWlMQ0owYVdRaU9pSTBZekE0TkRVMFpTMWpNbVl3TFRReU1qY3RZalZsTlMxa1lUSmhPR1l6TmpKak9ESWlMQ0oxZEdraU9pSjFTalpyWjA5Zlgzb3dhVU41YUVKVGEzTXhPVUZCSWl3aWRtVnlJam9pTVM0d0lpd2lkMmxrY3lJNld5SXdPVGszWVRGa01DMHdaREZrTFRSaFkySXRZalF3T0Mxa05XTmhOek14TWpGbE9UQWlYU3dpZUcxelgzUmpaSFFpT2pFMU1Ua3pOVGN3TUROOS5GelFWM0k0cHpIdlAwS3JOeUVsb0hnZ2ttT2NKZm81NGJxRm1pT091d1hKZkhwel8xWDNodkV3bkhiSnlUZlFUNkMyVHV1aVFPWjRabWM3c3Q4UkZfNFN6YXNHZHVKaW1zSVh1SXFIMlBuTnpVQm5oSUlZS29QT2YtYWI0QTd0THVKZDF3eENCMUotMjN5Unl1dmJldDV0YjY3VVdzLW5lQzFpNVVodmtxSFVYODJad2NzMUtVRmZZT09FYlBZdjlBcUlWUmQyVzZKX0wyUk9wV2l1WlhVQkpvWkJOQ1JwVmpUdUd2YkxrZVpuQ09DZ2tYcWVQbkhJM0pxbk1uQ3NGWDEtaTZ3aHFURnQydHpTVnZqVUZ2VndxNGxVdEplNnllMGdkMk9hYnVmM3B5dnBIVjdQRHktdVNpbnJzdmI5OUNYcGduS2FQcTdSbXVVM2U4RWJfSmdceDFceDE=
2022-08-16 18:30:35.915 DEBUG Imap(1)[10] Info: State changed from 'Sending' to 'Reading'.
2022-08-16 18:30:35.993 INFO Imap(1)[10] Response: R00002 NO AUTHENTICATE failed.
2022-08-16 18:30:35.993 DEBUG Imap(1)[10] Info: State changed from 'Reading' to 'Ready'.
2022-08-16 18:30:36.003 ERROR Imap(1)[10] Info: Rebex.Net.ImapException: AUTHENTICATE failed (NO).
at Rebex.Net.Imap.ftvcl(String p0, ImapResponse p1, Boolean p2)
at Rebex.Net.Imap.nbxxz(String p0)
at Rebex.Net.Imap.alsfl(String p0, String p1, ImapAuthentication p2, GssApiProvider p3)
at Rebex.Net.Imap.ccovk(String p0, String p1, ImapAuthentication p2)

1 Answer

0 votes
by (148k points)
edited by

For future readers: If you encounter any issue with authentication to Microsoft 365 (formerly Office 365), upgrade to a an up-to-date version of Rebex Secure Mail and try our Office 365 / OAuth 2.0 sample apps.

It looks like you are calling Imap.Login(string token, ImapAuthentication method) method, but your token is incorrectly formatted. Instead of binary \x1 characters (characters with ASCII code of 1), the token uses "\x1" strings. In practice, the following C# code would reproduce the issue:

// prepare (wrap) the authentication token for IMAP, POP3, or SMTP
string pattern = string.Format("user={0}{1}auth=Bearer {2}{1}{1}",
    _account.Username,
    "\\x1", // <-- this is wrong!
    _accessToken);
string token = Convert.ToBase64String(Encoding.ASCII.GetBytes(pattern));

// authenticate using the (wrongly) wrapped access token
client.Login(token, ImapAuthentication.OAuth20);

To fix the issue, use the proper \x1 character:

// prepare (wrap) the authentication token for IMAP, POP3, or SMTP
string pattern = string.Format("user={0}{1}auth=Bearer {2}{1}{1}",
    _account.Username,
    "\x1", // <-- this is correct
    _accessToken);
string token = Convert.ToBase64String(Encoding.ASCII.GetBytes(pattern));

// authenticate using the wrapped access token
client.Login(token, ImapAuthentication.OAuth20);

Alternatively, upgrade to Rebex Secure Mail R5.7 or later, which eliminates the need to manually encode the token, making it possible to replace the code above with a single line of code:

// authenticate using the token (and proper wrapping)
client.Login(_account.Username, _accessToken, ImapAuthentication.OAuth20);
Show 10 previous comments
by (120 points)
In my PowerShell script it worked, but in my VB it don't worked server return that error and I try to using token from PowerShell script by VB hardcode force it used PowerShell token but I got error as before

//token from PowerShell
dXNlcj1pbWFwdXNlcjAxQGtydW5nc3JpMzY1Lm9ubWljcm9zb2Z0LmNvbQFhdXRoPUJlYXJlciBleUowZVhBaU9pSktWMVFpTENKdWIyNWpaU0k2SWpCTVpHZ3lja0k1ZUc5bFdVdFVNRnBKWDA5VFIwbGxMWEV4VG1KV2RIQmFObWQ1UzJscVZUaERhakFpTENKaGJHY2lPaUpTVXpJMU5pSXNJbmcxZENJNklqSmFVWEJLTTFWd1ltcEJXVmhaUjJGWVJVcHNPR3hXTUZSUFNTSXNJbXRwWkNJNklqSmFVWEJ
LTTFWd1ltcEJXVmhaUjJGWVJVcHNPR3hXTUZSUFNTSjkuZXlKaGRXUWlPaUpvZEhSd2N6b3ZMMjkxZEd4dmIyc3ViMlptYVdObE16WTFMbU52YlNJc0ltbHpjeUk2SW1oMGRIQnpPaTh2YzNSekxuZHBibVJ2ZDNNdWJtVjBMelJqTURnME5UUmxMV015WmpBdE5ESXlOeTFpTldVMUxXUmhNbUU0WmpNMk1tTTRNaThpTENKcFlYUWlPakUyTmpFeU5UTTROVElzSW01aVppSTZNVFkyTVRJMU16ZzFNaXdpWlhod0lqb3hOall4TWpVM056VXlMQ0poYVc4aU9pSkZNbHBu
V1U1cGVTOHZUREprTWpNM01Xa3ZlbGxRVkdocFJEQnlRM2RCUFNJc0ltRndjRjlrYVhOd2JHRjVibUZ0WlNJNklrRmpZMlZ6Y3lCTllXbHNZbTk0SWl3aVlYQndhV1FpT2lJNFptUXpNRGMzTUMweU5EVm1MVFExWldFdE9UVTVOUzFsWkdVeFlqUTJNakF4WW1FaUxDSmhjSEJwWkdGamNpSTZJakVpTENKcFpIQWlPaUpvZEhSd2N6b3ZMM04wY3k1M2FXNWtiM2R6TG01bGRDODBZekE0TkRVMFpTMWpNbVl3TFRReU1qY3RZalZsTlMxa1lUSmhPR1l6TmpKak9ESXZJa
XdpYjJsa0lqb2lOR05sWkdabU9UUXRaRE0xWlMwME1qbGlMVGxoTVRBdE1HWmtOalpqWWpGbFltUXdJaXdpY21naU9pSXdMa0ZWYTBGVWExVkpWRkJFUTBvd1N6RTFaRzl4YW5wWmMyZG5TVUZCUVVGQlFWQkZVSHBuUVVGQlFVRkJRVUZDU2tGQlFTNGlMQ0p5YjJ4bGN5STZXeUpKVFVGUUxrRmpZMlZ6YzBGelFYQndJbDBzSW5OcFpDSTZJamxtT0dKbFpqUTNMV0pqWm1VdE5HRXdaQzA0WmpsbUxXSmlPREJoTmprd1ltVmpOeUlzSW5OMVlpSTZJalJqWldSbVpqaz
BMV1F6TldVdE5ESTVZaTA1WVRFd0xUQm1aRFkyWTJJeFpXSmtNQ0lzSW5ScFpDSTZJalJqTURnME5UUmxMV015WmpBdE5ESXlOeTFpTldVMUxXUmhNbUU0WmpNMk1tTTRNaUlzSW5WMGFTSTZJbEkxVVdsb1dFOWZNVlY1VkdKUFNUTkxSV05FUVVFaUxDSjJaWElpT2lJeExqQWlMQ0ozYVdSeklqcGJJakE1T1RkaE1XUXdMVEJrTVdRdE5HRmpZaTFpTkRBNExXUTFZMkUzTXpFeU1XVTVNQ0pkZlEuQnYwNFJ1TFNCUXBGSFdmcW9Fa3JVT2Rwdk9MRjdoMTB6aHNWNEx
aNFdtdDZmZDR0OXVxVndORW1SOW9hcmxBUEJPOUdxaXBnSE5Belg0bjlsNTBHVm5nWjdPT3N3SlRYMWs5X2VrLTFHdDRKZm8wQWNvUkN6clRfSkY0aWJBa3AzcFR4N3VJZEtPZ0hDT0VUbHlkbzFybVQxVE40TUVKZEZJbnhYaXN3V1p5eDNLSkJUWWRJcFVVb1BvYV9qU0xqZkF3R2xPM3l5c25tUFNQbVFEQkQzUkQ3WExHOTRsQU9jX0JtU0JOUElYMFFmai16SDhFWWVlR0czazVTbFpTSFlvUlVES3JQZnd5YWFjbEI2SUFXNTgxdExwR1FsSC1oeVlmTG5jOFBtQmZI
QTZQRG9paWtHVXZQM3JLUzBEd0UwZGw1Mk9LY09DUnVpQjE0eW14VDlBAQE=
by (148k points)
You wrote that you "just use service for signed-in users", but this latest token actually asserts app-only role:
    "roles":["IMAP.AccessAsApp"]

Are you attempting app-only authentication now? If that's the case, does our sample app work for you?
    https://github.com/rebexnet/RebexExtras/tree/master/Office365_OAuth2_IdentityClient/ImapOAuthAppOnlyConsole_IdentityClient

(To decode token data yourself, use a Base64 decoder such as https://www.base64decode.org/ - it has to be done twice, first with the "wrapped" token (in the form above), then copy&paste and decode the part that is still Base64-encoded - that's the actual token.)
by (148k points)
edited by
To access Office 365 using IMAP or POP3 with app-only (unattended) authentication, several additional steps are needed. Please follow our detailed step-by-step guide, and be aware that all the steps are important: https://blog.rebex.net/office365-imap-pop3-oauth-unattended
by (120 points)
Thanks you for you anwser and sorry for replying late. Please tell me how I can use this Function (Await cca.AcquireTokenForClient(scopes).ExecuteAsync()) without Await, Coz my vb program is a synchronous coding
by (148k points)
Replace this:
    AuthenticationResult result = await cca.AcquireTokenForClient(Scopes).ExecuteAsync();

With this:
    AuthenticationResult result = cca.AcquireTokenForClient(Scopes).ExecuteAsync().Result;
...