Modern Authentication is now enabled by default for all new Microsoft 365/Azure tenants because this protocol is more secure than the deprecated Basic Authentication.
Modern Authentication is based on Active Directory Authentication Library and OAuth 2.0. It uses time-limited tokens, and applications don’t store user credentials.
In addition, it is planned to completely prohibit the use of Basic Authentication for all Microsoft 365 clients.
In this article, we will focus on using Modern Authentication to connect via EWS, SMTP, IMAP, POP clients of Aspose.Email for .NET.

Prerequisite settings

To use Modern Authentication, make sure that it is enabled. However, for tenants created before August 1, 2017, modern authentication is turned off by default.
In the Microsoft 365 admin center, go Settings > Org Settings > Modern Authentication. In the Modern authentication flyout that appears, you can identify the protocols that no longer require Basic authentication.
For new Microsoft365 tenants in Azure, Basic Authentication is disabled by default for all applications. Therefore, the text will be displayed in this section.

Your organization has security defaults enabled, which means modern authentication to Exchange Online is required, and basic authentication connections are blocked.
You must turn off security defaults in the Azure portal before you can change any settings here.

You can enable Basic Auth support for tenant from the Azure portal, go Azure Active Directory > Properties > Manage Security defaults > Enable Security defaults > No.
For more information, see the Microsoft Documentation Article.

App registration with Azure Active Directory

Firstly, it is necessary to perform app registration with Azure Active Directory.
There are two types of permissions that can be used to access mailboxes with your app. Choose a specific type of permission, depending on the app you are creating:

  • Apps that use Delegated permissions have a signed-in user present. In other words, when you connect to the service, a dialog window appears for a username and a password. App can never have more privileges than a signed-in user.
  • Apps that use Application permissions run without a signed-in user present. For instance, these are apps that run as background services or daemons. Only an administrator can consent to application permissions.

In addition, refer to the Microsoft Documentation Article for more information.

The registration procedure depends on the type of permission selected. To register your app, refer to the Microsoft Documentation Article.

C# .NET API to access email servers

To create the EWS, Imap and Smtp clients, we will use Aspose.Email for .NET. It is an amazing library to implement email client apps using .NET. Using the library, you can easily connect to and access the email servers. You can install Aspose.Email for .NET via NuGet or download its DLL.

PM> Install-Package Aspose.Email

Use modern authentication with EwsClient

After registering the application, we can focus on writing the code, which will consist of the following parts:

  • Firstly, get the authorization token.
  • Then, use the token to authenticate.

Getting the authorization token

To get the token we’ll use Microsoft Authentication Library (MSAL) for .NET.

The following are the steps to get authorization token in C#.

  • Add the Microsoft.Identity.Client nuget package that contains the binaries of the MSAL.NET.
  • Create an AccessParameters class to store credentials.
  • Finally, create a method accepting access parameters and using MSAL.NET to get an access token.

The following code samples will depend on the type of auth chosen.

Get a token with delegated auth

Get a token with app auth

Using the token to authenticate

After that, when we have successfully obtained a token, let’s initialize the EwsClient.

Using the token with delegated auth

Using the token with app auth

Use Modern Authentication with IMAP, POP or SMTP Clients

IMAP, POP, SMTP access via application permissions isn’t supported. In other words, delegated authentication only supported.

The App registration with Azure Active Directory procedure is defined above.

Use the Microsoft 365 admin center to enable or disable IMAP, POP, SMTP AUTH on specific mailboxes

  • Open the Microsoft 365 admin center and go to Users > Active users.
  • Select the user, and in the flyout that appears, click Mail.
  • In the Email apps section, click Manage email apps.
  • Verify the IMAP, POP, Authenticated SMTP setting: unchecked = disabled, checked = enabled.
  • Finally, click Save changes.

Adding code to get an authentication token from a token server

Make sure to specify the full scopes, including Outlook resource URLs.

To get the token we’ll use Microsoft Authentication Library (MSAL) for .NET.

The following are the steps to get authorization token in C#.

  • Add the Microsoft.Identity.Client nuget package that contains the binaries of the MSAL.NET.
  • Create an AccessParameters class to store credentials.
  • Finally, create a method accepting access parameters and using MSAL.NET to get an access token.

Using the token to authenticate

After that, when we have successfully obtained a token, let’s initialize the ImapClient.

Similarly, the SmtpClient initialization will look as following.

Get a Free API License

You can use Aspose.Email for .NET without evaluation limitations using a free temporary license.

Conclusion

In this article you have learned how to use modern authentication with Aspose.Email API to connect to Microsoft365 mailboxes. Furthermore, you’ve seen that you can easily create email client applications that meet advanced security requirements. You can learn more about Aspose.Email using the documentation. In case you would have any questions, you can post to our forum.

See Also