2

Recently Microsoft announced that it is possible to send emails with attachments larger than 4MB.

With smaller attachments, we were able to do everything in a single request. Now we must create a draft, upload attachments and then send the file.

I have a working code that sends mail in a single request:

var confidentialClientApplication = ConfidentialClientApplicationBuilder
    .Create(clientId)
    .WithClientSecret(clientSecret)
    .WithTenantId(tenant)
    .Build();

var authenticationProvider = new ClientCredentialProvider(confidentialClientApplication);
var graphClient = new GraphServiceClient(authenticationProvider);

var email = new Message
{
    Body = new ItemBody
    {
      Content = i + " Works fine! " + DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss"),
      ContentType = BodyType.Html,
    },
    Subject = "Test" + (j == 0 ? "" : " " + j),
    ToRecipients = recipientList,
    Attachments = att
};

await graphClient
    .Users["test@test.onmicrosoft.com"]
    .SendMail(email, true)
    .Request()
    .WithMaxRetry(5)
    .PostAsync();

the above code works fine, but when I change the last line to:

Message draft = await graphClient
    .Users["test@test.onmicrosoft.com"]
    .MailFolders
    .Drafts
    .Messages
    .Request()
    .AddAsync(mail);

or to:

Message draft = await graphClient
    .Users["test@test.onmicrosoft.com"]
    .Messages
    .Request()
    .AddAsync(mail);

I get an ErrorAccessDenied error:

Access is denied. Check credentials and try again.

Why would sending email in a single request work but creating a draft fail? Do I need any special permissions?

Marc LaFleur
  • 31,987
  • 4
  • 37
  • 63
Misiu
  • 4,738
  • 21
  • 94
  • 198

1 Answers1

2

You don't specify which permission scopes you've selected, but this is most likely the issue.

The simplified /sendMail requires the Mail.Send permission. This is a fairly lightweight scope intended to provide an application a mechanism for sending emails without requiring access to the mailbox itself.

When creating a draft message, however, you need Mail.ReadWrite. This is because, unlike /sendMail, you need the ability to create, updated, and then send the message.

These are the steps and permissions required:

  1. POST /me/messages to create the Draft Message (Mail.ReadWrite).
  2. PATCH /me/messages/{id} to add/change content of the Draft (Mail.ReadWrite)
  3. POST /me/messages/{id}/attachments to add an Attachment to the Draft (Mail.ReadWrite).
  4. POST /me/messages/{id}/send to send the message (Mail.Send).

So for the scenario you're looking at, you'll want the following scopes:

  • User.Read (req. to authenticate)
  • Mail.ReadWrite (req. to build the draft)
  • Mail.Send (req. to send the message)
Marc LaFleur
  • 31,987
  • 4
  • 37
  • 63