Forum Discussion

SubhasisNBGhosh's avatar
SubhasisNBGhosh
Copper Contributor
Sep 30, 2024

Building an app to send email using Microsoft Graph API

               I am developing an application using C# that will be able to send email using Microsoft Graph API. My main intention is that using this application, different users from different companies (i.e. different email domains) will be able to send emails.

               I am providing details of what I have done till now.

               Suppose my company’s email domain is email address removed for privacy reasons.

  1. The Azure admin of my company has registered an application through Azure App registration under multi-tenant option.

 

  1. As this is a desktop application, we are using Redirect URI as default – https://login.microsoftonline.com/common/oauth2/nativeclient
  2. My company’s azure admin (email address removed for privacy reasons) is the owner of the application.
  3. Delegated permission for Microsoft Graph API User.Read and Mail.Send is added.

 

  1. In the code, I have used clientID from the Azure App registration page and tenantID as common

 

 

  1. Then I use AcquireTokenInteractive() to acquire token interactively from user.

 

 

 

 

  1. And then sending the mail –

 

 

So my question is, when someone from other domain tries to send email using this application, he/she is getting this window asking for approval for access token –

 

So, what happens when the user press request for approval? –

  1. Does it trigger an email to xyz company azure admin for approval?
  2. Or xyz azure admin need to approve the request for the requested user from their azure ad admin page?
  3. Is Azure Admin access is absolutely necessary for this?
  4. Lastly, can you please let me know what is the best way to handle this scenario i.e. what settings or coding to be done so that different user from different companies (i.e. different domain like xyz.co.in) can send email using my application (registered in azure AD by my organization email address removed for privacy reasons)
  • harybrok's avatar
    harybrok
    Copper Contributor


    When a user from another domain tries to send an email using your application registered in Azure AD, they will see a consent window asking for permission to access the requested resources. If the permissions require admin consent, it does not automatically trigger an email to their Azure admin; instead, the user may need to request admin approval if required.

    • SubhasisNBGhosh's avatar
      SubhasisNBGhosh
      Copper Contributor

      harybrok Thanks for youe response.

      As you can see there is a "Request Approval" button in the consent window.


      My question is what happens when user press that button? Does it trigger any email to the Azure Admin of that company or some type of notification in their Azure account?
      Or does the user need to inform manually to the admin for consent even after pressing the "Request Approval" button?

       

      • harybrok's avatar
        harybrok
        Copper Contributor

        No problem, if you need to ask any solution of the problem. Feel free to contact me.

Resources