3

For a lot of customers, we connect to the Office 365 Outlook IMAP server, and that works just fine. However, for one customer now it does not work. I can log into portal.office.com with the username and password, and go to Outlook there and see the mailbox, but I can't for the life of me get this to work in my code. This is my code:

var stream = new MemoryStream();
var logger = new ProtocolLogger(stream, false);

using (var client = new MailKit.Net.Imap.ImapClient(logger))
{
    try
    {
        client.Connect("outlook.office365.com", 993, true);
        client.AuthenticationMechanisms.Remove("XOAUTH2");
        client.Authenticate(@"SVC_CubitDLE@lyse.no", @".whb----%RS*,H^");
        var inbox = client.Inbox;
        inbox.Open(FolderAccess.ReadWrite);
        var uids = await inbox.SearchAsync(SearchQuery.NotSeen);
    } catch (Exception exc){
        exc.Dump();
        stream.Position = 0;
        var reader = new StreamReader(stream);
        reader.ReadToEnd().Dump();
    }
}

I tried with and without the line client.AuthenticationMechanisms.Remove("XOAUTH2");.

The exception thrown is AuthenticationException with message LOGIN failed.

The log emitted in the steam is:

S: * OK The Microsoft Exchange IMAP4 service is ready. [UABSADAAUAAyADYANABDAEEAMAAxADkAOAAuAEYAUgBBAFAAMgA2ADQALgBQAFIATwBEAC4ATwBVAFQATABPAE8ASwAuAEMATwBNAA==]
C: E00000000 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=XOAUTH2 SASL-IR UIDPLUS ID UNSELECT CHILDREN IDLE NAMESPACE LITERAL+
S: E00000000 OK CAPABILITY completed.
C: E00000001 AUTHENTICATE PLAIN AFNWQ19DdWJpAAAAAAAAAAAAAAAAAAAASF4=
S: E00000001 NO AUTHENTICATE failed.
C: E00000002 LOGIN SVC_CubitDLE@lyse.no ".whb----%RS*,H^"
S: E00000002 NO LOGIN failed.

Any idea to what I'm doing wrong here?

arnt
  • 8,949
  • 5
  • 24
  • 32
Øyvind Bråthen
  • 59,338
  • 27
  • 124
  • 151
  • It looks as if you've pasted an actual password, twice. Might want to change that straight away. – arnt Nov 28 '19 at 13:19
  • (FYI, `AUTHENTICATE PLAIN` contains the password base64-encoded, too.) – arnt Nov 28 '19 at 13:20
  • I've looked at the actual question now, and I think this is a matter for Microsoft's customer service. The IMAP parts look faultless. – arnt Nov 28 '19 at 13:26
  • I missed the base64 part, but the other passwords above is not the correct ones. Thanks for your comments. – Øyvind Bråthen Nov 28 '19 at 13:45
  • I'm a bit late to the party and I'm assuming that the username and password strings have been obfuscated now(?), so I can only ask: does the user name or password contain any unicode characters? The only thing that I can think of that might break `AUTHENTICATE PLAIN` is if MailKit's `SaslPrep` implementation is wrong somehow, but that would require the username or password to contain unicode characters which does not seem to be the case. – jstedfast Nov 28 '19 at 19:15
  • If you are able to do it, you might find answers by using a program like [wireshark](https://www.wireshark.org/) to sniff packets of a successful login using Outlook or Thunderbird or something and then comparing to the commands that MailKit is using. – jstedfast Nov 28 '19 at 19:19
  • Nope, absolutely no unicode chars in the password. – Øyvind Bråthen Nov 28 '19 at 23:16
  • Are all users in the same domain? Is this a special service account? It may have different security requirements set on it. – Max Nov 29 '19 at 17:50
  • FWIW, Office365 seems to have a "Allow less-secure apps" setting like GMail has that, if not set, will not allow a user to authenticate over IMAP/POP3/SMTP using anything other than OAuth2. – jstedfast Dec 04 '19 at 15:49
  • @ØyvindBråthen was this ever solved? – ogborstad Jun 23 '22 at 12:59

1 Answers1

0

It is very possible that IMAP is disabled for that user. I would check to see if that's enable if you have access to the AD.

Here's an article

Bishop Duperret
  • 1
  • 1