ASP.NET MVC 5 Sending an Email with Federated Authentication Azure AD

Question

I've burnt hours trying to figure this out, I hope someone can help. Users authenticate to our ASP.NET site with Azure AD (Microsoft organizational account). Ideally I'd like to be able to connect with Exchange Web Service but I'm having trouble figuring out how to pass the credentials. From searching I see there is no way to get the password from User.Identity.

I'm having the same issues with Pop or IMAP.

This code is returning "The Autodiscover Service Couldn't be Located" If I explicitly tell it the the server name I get a 401 Unauthorized Error

ExchangeService service = new ExchangeService(ExchangeVersion.Exchange2013_SP1);
service.UseDefaultCredentials = true;
service.AutodiscoverUrl(User.Identity.Name, RedirectionUrlValidationCallback);

        private static bool RedirectionUrlValidationCallback(string redirectionUrl)
        {
            // The default for the validation callback is to reject the URL.
            bool result = false;

            Uri redirectionUri = new Uri(redirectionUrl);

            // Validate the contents of the redirection URL. In this simple validation
            // callback, the redirection URL is considered valid if it is using HTTPS
            // to encrypt the authentication credentials. 
            if (redirectionUri.Scheme == "https")
            {
                result = true;
            }
            return result;
        }

score 0 · Answer 1 · edited Feb 20 '15 at 16:51

Your application does not have access to user's credentials. That is the premise of federated auth. Azure AD authenticates the user and issues a SAML/JWT token, that your application validates and signs in the user (the underlying identity framework might be doing this work for you).

That said, your application can acquire a delegated token from Azure AD to access Office365 APIs on behalf of the signed in user and send email/write to calendar on their behalf. The following doc will guide you step-by-step (includes a visual studio sample): http://msdn.microsoft.com/en-us/library/office/dn605893(v=office.15).aspx

Updated link: https://msdn.microsoft.com/en-us/office/office365/howto/starter-projects-and-code-samples

The user experience will be something like: user clicks on sign-in button on your application. Your application determines that the user needs to sign-in at Azure AD and redirects the user's agent to Azure AD with a SSO+delegated token request. User will see a "consent" page saying something like: application wants to access your email on your behalf. User grants the consent and signs in. AAD redirects the user' agent back to your application with an id token (addressed to your app for SSO), and a authorization code that your application can redeem for an access token (addressed to Exchange Online) to send email.

Hope this helps.

https://msdn.microsoft.com/en-us/office/office365/howto/starter-projects-and-code-samples — Dushyant Gill, Feb 20 '15 at 00:30
great, thanks! I'll see if I'm able to edit the answer with the new link. — Bill Sambrone, Feb 20 '15 at 16:24

ASP.NET MVC 5 Sending an Email with Federated Authentication Azure AD

1 Answers1