我正在尝试找出如何限制应用程序可以访问的邮箱。
我已遵循本指南并使用仅应用程序身份验证:https://learn.microsoft.com/en-us/exchange/client-developer/exchange-web-services/how-to-authenticate-an-ews-application-by-using-oauth
根据文档,我必须设置“full_access_as_app”权限。 然而,信息文本指出: “允许应用程序在没有登录用户的情况下通过 Exchange Web 服务对所有邮箱拥有完全访问权限。”
我可以读取邮箱,但我想限制我的应用程序可以访问哪个邮箱。 谁能指出我正确的方向?
谢谢。
我的代码:
static async System.Threading.Tasks.Task Main(string[] args)
{
// Using Microsoft.Identity.Client 4.22.0
var cca = ConfidentialClientApplicationBuilder
.Create(ConfigurationManager.AppSettings["appId"])
.WithClientSecret(ConfigurationManager.AppSettings["clientSecret"])
.WithTenantId(ConfigurationManager.AppSettings["tenantId"])
.Build();
var ewsScopes = new string[] { "https://outlook.office365.com/.default" };
try
{
var authResult = await cca.AcquireTokenForClient(ewsScopes)
.ExecuteAsync();
// Configure the ExchangeService with the access token
var ewsClient = new ExchangeService
{
Url = new Uri("https://outlook.office365.com/EWS/Exchange.asmx"),
Credentials = new OAuthCredentials(authResult.AccessToken),
ImpersonatedUserId = new ImpersonatedUserId(ConnectingIdType.SmtpAddress, "<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="dabfb7bbb3b6bbbebea8bfa9a99abeb5b7bbb3b4f4b9b5b7" rel="noreferrer noopener nofollow">[email protected]</a>")
};
var mailbox = new Mailbox("<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="62070f030b0e0306061007111122060d0f030b0c4c010d0f" rel="noreferrer noopener nofollow">[email protected]</a>");
var folderId = new FolderId(WellKnownFolderName.Inbox, mailbox);
var inbox = Folder.Bind(ewsClient, folderId);
if (inbox != null)
{
FindItemsResults<Item> items = inbox.FindItems(new ItemView(100));
foreach (var item in items)
{
Console.WriteLine(item.Subject);
}
}
}
catch (MsalException ex)
{
Console.WriteLine($"Error acquiring access token: {ex}");
}
catch (Exception ex)
{
Console.WriteLine($"Error: {ex}");
}
if (System.Diagnostics.Debugger.IsAttached)
{
Console.WriteLine("Hit any key to exit...");
Console.ReadKey();
}
}
最佳答案
您可以关注Scoping application permissions to specific Exchange Online mailboxes .
虽然此文档位于 Microsoft Graph 下,但它也应该适用于 https://outlook.office365.com
模块,因为此设置用于应用程序注册和 O365 邮箱。
您需要创建一个应用程序访问策略来设置 -AccessRight RestrictAccess
.
然后测试新创建的应用程序访问策略,该策略限制对用户 <a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="8cf9ffe9febdccefe3e2f8e3ffe3a2efe3e1" rel="noreferrer noopener nofollow">[email protected]</a>
的访问.
Test-ApplicationAccessPolicy -Identity <a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="3d484e584f0c7d5e525349524e52135e5250" rel="noreferrer noopener nofollow">[email protected]</a> -AppId e7e4dbfc-046-4074-9b3b-2ae8f144f59b
关于c# - 如何限制 Office 365 应用程序的邮箱访问,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/67122224/