英文:
Send emails from Azure Ad User - Like noreply
问题
这是我目前拥有的:
string scope = _configuration["AzureAd:Scope"];string[] scopes = { scope };var tenantId = _configuration["AzureAd:TenantId"];var clientId = _configuration["AzureAd:ClientId"];var clientSecret = _configuration["AzureAd:ClientSecret"];var options = new TokenCredentialOptions{AuthorityHost = AzureAuthorityHosts.AzurePublicCloud};var clientSecretCredential = new ClientSecretCredential(tenantId, clientId, clientSecret, options);var graphClient = new GraphServiceClient(clientSecretCredential, scopes);var requestBody = new SendMailPostRequestBody{Message = new Message{Subject = "重置密码",Body = new ItemBody{ContentType = BodyType.Html,Content = rendered},ToRecipients = new List<Recipient>{new Recipient { EmailAddress = new EmailAddress { Address = messageDto.Email } }},From = new Recipient { EmailAddress = new EmailAddress { Address = "noreply@myemailaddress" } }}};await graphClient.Users["ObjectId"].SendMail.PostAsync(requestBody);
这给我返回了一个 403 ODataError。我正在使用 /.default 作用域,并且在我的应用程序中启用了 Mail.Send 作用域,并为委托权限和应用程序权限都进行了同意。有人遇到过类似的情况吗?
英文:
I have an AzureAd application and a user called noreply so I can send automated emails from my account for like password resets etc with Microsoft Graph.
Here is what I have so far:
string scope = _configuration["AzureAd:Scope"];string[] scopes = { scope };var tenantId = _configuration["AzureAd:TenantId"];var clientId = _configuration["AzureAd:ClientId"];var clientSecret = _configuration["AzureAd:ClientSecret"];var options = new TokenCredentialOptions{AuthorityHost = AzureAuthorityHosts.AzurePublicCloud};var clientSecretCredential = new ClientSecretCredential(tenantId, clientId, clientSecret, options);var graphClient = new GraphServiceClient(clientSecretCredential, scopes);var requestBody = new SendMailPostRequestBody{Message = new Message{Subject = "Reset Password",Body = new ItemBody{ContentType = BodyType.Html,Content = rendered},ToRecipients = new List<Recipient>{new Recipient { EmailAddress = new EmailAddress { Address = messageDto.Email } }},From = new Recipient { EmailAddress = new EmailAddress { Address = "noreply@myemailaddress" } }}};await graphClient.Users["ObjectId"].SendMail.PostAsync(requestBody);
This is giving me a 403 ODataError. I am using the /.default scope and in my app I have the Mail.Send scope enabled and consented for both Delegated permission and application permissions.
Anyone had to do anything similar?
答案1
得分: 1
请注意,您的代码中使用了客户端凭据流程,仅适用于**Application**权限。
我注册了一个Azure AD应用程序,并通过授予同意方式添加了**Mail.Send**应用程序权限,如下所示:
当我在我的环境中运行下面的修改后的代码时,我成功地收到了以下响应:
using Azure.Identity;using Microsoft.Graph;using Microsoft.Graph.Models;var scopes = new[] { "https://graph.microsoft.com/.default" };var clientId = "55bc1f7b-3bc1-439e-bddd-4xxxxxxxxxx";var tenantId = "2773f7fd-d343-4afe-8230-exxxxxxxx";var clientSecret = "xxxxxxxxxxxx";var options = new ClientSecretCredentialOptions{AuthorityHost = AzureAuthorityHosts.AzurePublicCloud,};var clientSecretCredential = new ClientSecretCredential(tenantId, clientId, clientSecret, options);var graphClient = new GraphServiceClient(clientSecretCredential, scopes);var requestBody = new Microsoft.Graph.Users.Item.SendMail.SendMailPostRequestBody{Message = new Message{Subject = "Reset Password",Body = new ItemBody{ContentType = BodyType.Html,Content = "Please reset your password soon!",},ToRecipients = new List<Recipient>{new Recipient{EmailAddress = new EmailAddress{Address = "sri@xxxxxxxxx.onmicrosoft.com",},},},From = new Recipient { EmailAddress = new EmailAddress { Address = "admin@xxxxxxxx.onmicrosoft.com" } }},};await graphClient.Users["7488bc42-6a7c-4ba2-a4c3-xxxxxxxx"].SendMail.PostAsync(requestBody);Console.WriteLine("Mail sent successfully!");
响应:
当我检查邮箱时,邮件已成功发送,如下所示:
在您的情况下,请确保仅授予应用程序权限,并尝试按照我提到的方式修改您的代码。
英文:
> Note that, you are using client credentials flow in your code that
> only works with Application permissions.
I registered one Azure AD application and added Mail.Send Application permission by granting consent like this:
When I ran below modified code in my environment, I got response successfully like this:
using Azure.Identity;using Microsoft.Graph;using Microsoft.Graph.Models;var scopes = new[] { "https://graph.microsoft.com/.default" };var clientId = "55bc1f7b-3bc1-439e-bddd-4xxxxxxxxxx";var tenantId = "2773f7fd-d343-4afe-8230-exxxxxxxx";var clientSecret = "xxxxxxxxxxxx";var options = new ClientSecretCredentialOptions{AuthorityHost = AzureAuthorityHosts.AzurePublicCloud,};var clientSecretCredential = new ClientSecretCredential(tenantId, clientId, clientSecret, options);var graphClient = new GraphServiceClient(clientSecretCredential, scopes);var requestBody = new Microsoft.Graph.Users.Item.SendMail.SendMailPostRequestBody{Message = new Message{Subject = "Reset Password",Body = new ItemBody{ContentType = BodyType.Html,Content = "Please reset your password soon!",},ToRecipients = new List<Recipient>{new Recipient{EmailAddress = new EmailAddress{Address = "sri@xxxxxxxxx.onmicrosoft.com",},},},From = new Recipient { EmailAddress = new EmailAddress { Address = "admin@xxxxxxxx.onmicrosoft.com" } }},};await graphClient.Users["7488bc42-6a7c-4ba2-a4c3-xxxxxxxx"].SendMail.PostAsync(requestBody);Console.WriteLine("Mail sent successfully!");
Response:
When I checked the mailbox, mail sent successfully like below:
In your case, make sure to grant only Application permissions and try modifying your code as I mentioned.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论