堆栈内存溢出
  简体   繁体   English

在使用 Graph API 发送邮件时使用在租户中创建的用户的 userPrincipalName

[英]Using userPrincipalName of a user created in tenant while sending mails using Graph API

 原文  2020-10-17 01:18:54       c#/ azure-active-directory/ microsoft-graph-api/ microsoft-graph-mail

问题描述

I'm using Graph API https://graph.microsoft.com/v1.0/users/{id |我正在使用图形 API https://graph.microsoft.com/v1.0/users/{id | userPrincipalName}/sendMail to send email. userPrincipalName}/sendMail 发送电子邮件。 On setting userPrincipalName of a user that already exists in my tenant as sender, it works perfectly.在将我的租户中已存在的用户的 userPrincipalName 设置为发件人时,它可以完美运行。 After creating a user in my tenant and using that userPrincipalName as sender, I don't see any emails being sent.在我的租户中创建用户并使用该 userPrincipalName 作为发件人后,我没有看到任何电子邮件被发送。 Why is that?这是为什么? Am I missing something?我错过了什么吗?

1 个解决方案

解决方案1
 0  2020-10-17 04:44:28

Whenever you are using delegated permissions (ie when a user is logged in), even though your admin has consented to the Mail.Send.Shared , it does NOT grant access to all mailboxes in the tenant.每当您使用委派权限时(即当用户登录时),即使您的管理员已同意Mail.Send.Shared ,它也不会授予对租户中所有邮箱的访问权限。 These OAuth permissions do not override the permissions (and restrictions) in place for the user.这些 OAuth 权限不会覆盖为用户设置的权限(和限制)。

If the user is not already configured with permissions to be able to "Send As" the notifications@contoso.com user, then you'll see this error.如果用户尚未配置具有能够“发送为”notifications@contoso.com 用户的权限,则您将看到此错误。

To make it work, you'd need to actually grant "Send As" rights to all users that will be using your application.要使其正常工作,您实际上需要向将使用您的应用程序的所有用户授予“代理发送”权限。

This is a subtle thing, and granted it's a bit confusing.这是一件微妙的事情,当然它有点令人困惑。 In the Azure portal, the permissions have slightly different descriptions, depending on if you're looking at the Application Permissions or the Delegated Permissions .在 Azure 门户中,权限的描述略有不同,具体取决于您查看的是应用程序权限还是委派权限

  • Application: Send mail as any user
  • Delegated: Send mail on behalf of others

Another approach you could use here to avoid having to grant these rights to all users (which would allow them to send via Outlook, etc.) would be to have your backend app use the client credentials flow to get an app-only token.您可以在此处使用的另一种避免将这些权限授予所有用户(这将允许他们通过 Outlook 等发送)的方法是让您的后端应用程序使用客户端凭据流来获取仅限应用程序的令牌。 In that case, the app itself would have the permission to send as any user.在这种情况下,应用程序本身将有权以任何用户的身份发送。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用 MS-Graph API 搜索特定邮件时出现问题 - Problem searching for specific Mails using MS-Graph API B2C Graph API 更新用户、UserPrincipalName 作为电子邮件:URL 不支持加号 (+) 登录电子邮件? - B2C Graph API Update User, UserPrincipalName as an email: URL does not support plus (+) sign in email? 使用Mailkit发送邮件的问题(C#) - Issue with sending mails using Mailkit (c#) 使用MailChimp for .NET将邮件发送到密件抄送 - Using MailChimp for .NET sending mails to bcc 过一会儿,使用SmtpClient(C#)发送大量邮件 - Sending lots of mails using SmtpClient (C#) takes very long after a while 在没有用户凭据的情况下使用MS Graph API - Using MS Graph API without user credentials 外部用户尝试使用Graph API更新列表项时收到403错误 - External User gets 403 error while trying to update list item using Graph API 使用gmail API阅读唯一邮件 - Reading Unique mails using gmail API 使用 Microsoft Graph API 在帐户上使用 2FA 发送电子邮件 - Sending Emails with an Application using Microsoft Graph API with 2FA on the accounts Microsoft Graph API-以其他用户身份发送电子邮件 - Microsoft Graph API - Sending email as another user
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM