Unable to Send email using microsoft Graph API using delegated permission with Username and Password provider

0
votes

I am trying to send email using UserNamepassword provider with delegated permission but getting error as below AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000003-0000-0000-c000-000000000000'. Trace ID: 66ecbe3d-56d1-4850-8310-dd33cb8d3900 Correlation ID: b2f61146-44d3-4997-ab99-5370bbac6b04

When I tried with Application permission with send.mail, I am able to send email as any user. but as per the company restrictions i need to send email using delegated permission. How to achieve this as error is with respect to Multi factor authentication as MFA has been enabled on our account.

IPublicClientApplication publicclientapplication = PublicClientApplicationBuilder .Create(clientId) .WithTenantId(tenantId) .Build();

UsernamePasswordProvider authprovider = new UsernamePasswordProvider(publicclientapplication, scopes);

await graphServiceClient.Me .SendMail(email, false) .Request().WithUsernamePassword("Username", passwordstring(stringpassword)) .PostAsync();

Please help here with options.

1
azure-active-directorymicrosoft-graph-apimsalmicrosoft-graph-mail

1 Answers

0
votes

If the user has multi-factor authentication (MFA) enabled, then you can’t use username/password to obtain tokens, because ROPC flow does not support MFA, according to the documentation:

If users need to use multi-factor authentication (MFA) to log in to the application, they will be blocked instead.

The easiest way is to use the auth code flow, which supports users with MFA enabled to log in to the application. When using this flow, you need to log in to the user to obtain the authorization code, and then use the authorization code to redeem the access token.