Unable to send email from local machine via Azure Communication Service and using logged-in user's credentials
I am trying to send email using Azure Communication Service and DefaultAzureCredential from my local machine but I am getting the following error:
Azure.Identity.AuthenticationFailedException: Azure CLI authentication failed due to an unknown error. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/azclicredential/troubleshoot
ERROR: AADSTS65002: Consent between first party application '04b07795-8ddb-461a-bbee-02f9e1bf7b46'
and first party resource '632ec9eb-fad7-4cbd-993a-e72973ba2acc' must be configured via preauthorization - applications owned and operated by Microsoft must get approval from the API owner before requesting tokens for that API.
Here's the code that is failing:
using Azure;
using Azure.Communication.Email;
using Azure.Identity;
var credentials = new DefaultAzureCredential(new DefaultAzureCredentialOptions() { TenantId = "my-tenant-id" });
client = new EmailClient(new Uri("https://mydomain.communication.azure.com/"), credentials);
var subject = "Welcome to Azure Communication Service Email APIs.";
var htmlContent = "<html><body><h1>Quick send email test</h1><br/><h4>This email message is sent from Azure Communication Service Email.</h4><p>This mail was sent using .NET SDK!!</p></body></html>";
var sender = "DoNotReply@mydomain.com";
var recipient = "user@mydomain.com";
var message = new EmailMessage(sender, recipient, new EmailContent(subject) { Html = htmlContent });
var operation = await client.SendAsync(WaitUntil.Started, message);
The same code works if I use a Service Principal. Here's the code that is working:
using Azure;
using Azure.Communication.Email;
using Azure.Identity;
var credentials = new ClientSecretCredential("tenant-id",
"client-id", "client-secret");;
client = new EmailClient(new Uri("https://mydomain.communication.azure.com/"), credentials);
var subject = "Welcome to Azure Communication Service Email APIs.";
var htmlContent = "<html><body><h1>Quick send email test</h1><br/><h4>This email message is sent from Azure Communication Service Email.</h4><p>This mail was sent using .NET SDK!!</p></body></html>";
var sender = "DoNotReply@mydomain.com";
var recipient = "user@mydomain.com";
var message = new EmailMessage(sender, recipient, new EmailContent(subject) { Html = htmlContent });
var operation = await client.SendAsync(WaitUntil.Started, message);
Accepted answer provided Azure Communication Services - How do I authenticate against Azure IAM suggests that I use a Service Principal and that works perfectly fine however I do not want to use a Service Principal.
Other answer provided in the same question mentions that the user should be in Contributor role and the logged-in user does have that role.
Is there a way to send email from local machine using the credentials of a logged in user and not a Service Principal?
Converting to answer:
Currently, the recommendation is to store the service principle information in Environment variables and not in the code. Use Azure Active Directory in Communication Services. I’m able to repro the issue, it's most likely being caused by a limitation in from our resource provider not supporting that scenario. I have relayed the feedback to our ACS product engineering team, as soon as we have more updates, I will share it here.
- ADF Out of memory exception
- Azure DevOps pipeline is throwing a "##[error]Project file(s) matching the specified pattern were not found". when publishing my app?
- Microsoft Entra ID: Receiving Old Token Version Despite Setting accessTokenAcceptedVersion to 2
- Rule Syntax for Azure user.memberof
- (unknown) Precondition failed when trying to create MS Graph Subscription
- Azure Function App Service Bus Trigger: Process 1 message at a time
- Azure HTTP Trigger - How to extract query parameter value from input binding- cosmosDB
- Python app deployment to Azure web app from pipeline not including requirement packages
- Force Azure Function using Service Bus Queues to only process one mesage at a time
- Azure Web Role with Transient Fault Handling Block exception: The path is too long after being fully qualified
- Azure Bicep - How to create diagnostic settings for NetworkInterface of private endpoint
- Is there a way to get static ip address for Azure Data Factory
- azure key vault - lag on secret changes
- How to create connection to create - queue item - HTTP Trigger - local - Azurite - Azure Queue Storage
- Getting error "404 The specified blob does not exist" when downlading blob using Uri
- How scopes are added to token in Azure Entra ID?
- Why does my Azure Cosmos DB SQL API Container Refuse Multiple Items With Same Partition Key Value?
- Postgres on Azure kubernetes volume permission error
- Azure: Subscribing to an external MQTT Broker
- azure.storage.blob._shared.authentication.AzureSigningError: Incorrect padding - Argo workflow
- Bash variable in JMESPath query expression
- Azure Devops pipeline failing due to AZ.Accounts Module update by MSFT
- Is it possible to use email name other than "DoNotReply" in Azure Email Communication Services?
- AADSTS65001: The user or administrator has not consented to use the application with ID '<application ID>
- Access Package Endpoint doesn't seem to be working
- install docker bash script doesn't work when used as Custom Data for Azure VM
- Docker image is not updating on Azure container registry via gitlab
- Terraform - How to find Azure Kubernetes AKS vnet ID for network peering
- Using Azure DataLakeServiceClient to download a file got forbidden response after few minutes success
- Verify that Bicep can return values from Azure Key vault