3

I'm trying to load data from Office365 email without need for user interaction. I've created Azure App and I have Client ID and Client secret. I also have user information (email + password).

I need to call Office365 API to download emails from mailbox. But I need application to download them in background without user interaction (redirecting to MS/Office365 login page) to get authenticated/logged into mailbox.

Is there any way how to do this only through Office API, without need of redirection?

Thanks for any info.

Mastenka
  • 315
  • 3
  • 19
  • 2
    Yes, you can do thru ADAL lib with UserCredential workflow, but you need to be more specific what have you tried and problem you got with your code – cuongle Jul 14 '16 at 10:08

1 Answers1

2

Yes, you are able to create a daemon service app using the Client Credential flow to authenticate the app.

Here is a code sample to retrieve the mails using Microsoft Graph SDK with this flow:

string clientId = "";
string clientsecret = "";
string tenant = "";
string resourceURL = "https://graph.microsoft.com";
string authority = "https://login.microsoftonline.com/" + tenant + "/oauth2/token";
string userMail = "user1@yourdomain.onmicrosoft.com";

var credential = new ClientCredential(clientId, clientsecret);
AuthenticationContext authContext =new AuthenticationContext(authority);
var authResult = await authContext.AcquireTokenAsync(resourceURL, credential);
var graphserviceClient = new GraphServiceClient(
new DelegateAuthenticationProvider(
   (requestMessage) =>
   {
       requestMessage.Headers.Authorization = new AuthenticationHeaderValue("bearer", authResult.AccessToken);

       return Task.FromResult(0);
   }));

var items = await graphserviceClient.Users[userMail].Messages.Request().OrderBy("receivedDateTime desc").GetAsync();

foreach (var item in items)
{
        Console.WriteLine(item.Subject);
}

And we need to register the app on the Azure AD portal and grant the app Mail.Read scope like figure below: enter image description here

Refer to here for more detail about calling Microsoft Graph in a service or daemon app

Community
  • 1
  • 1
Fei Xue
  • 14,369
  • 1
  • 19
  • 27
  • Thank you, you're right. With that code and clientId, clientSecret and tenantId data I was able to authenticate my Office365 App. However I'm not shure if I allow "Read mail in all mailboxes" permission for my App if this will mean that I'll be able to access anyone mails(which is huge security risk)? I would need something like: "Read those mailboxes: ...". Anyway thank you for your solution, you're awesome as hell :) – Mastenka Jul 15 '16 at 12:19
  • There is no need to limit the app to access specific mails because the app you **client credential** should be confident. You can just publish the service as you want in your app. I also explain it [here](http://stackoverflow.com/questions/38397981/restrict-office365-app-read-mail-in-all-mailboxes-permission-to-specific-mailb) – Fei Xue Jul 18 '16 at 03:22