VB.NET/ASP.NET/ASP MVC - Send email using Gmail/G Suite OAuth 2.0 in background service (service account)¶

Installation¶

Before you can use the following codes, please download EASendMail SMTP Component and install it on your machine at first. Full sample proejcts are included in this installer.

Install from NuGet

You can also install the run-time assembly by NuGet. Run the following command in the NuGet Package Manager Console:

Install-Package EASendMail

Add reference¶

To use EASendMail SMTP Component in your project, the first step is Add reference of EASendMail to your project. Please create or open your project with Visual Studio, then go to menu -> Project -> Add Reference -> .NET -> Browse..., and select Installation Path\Lib\net[version]\EASendMail.dll from your disk, click Open -> OK, the reference of EASendMail will be added to your project, and you can start to use it to send email in your project.

.NET assembly¶

Because EASendMail has separate builds for .Net Framework, please refer to the following table and choose the correct dll.

Separate builds of run-time assembly for .NET Framework 2.0, 3.5, 4.0, 4.5, 4.6.1, 4.7.2, 4.8.1, .NET 6.0, .NET 7.0, .NET 8.0, .NET Standard 2.0 and .NET Compact Framework 2.0, 3.5.

Google Service Account¶

Normal OAuth requires user input user/password in Web Browser. Obviously, it is not suitable for background service. In this case, you should use google service account to access G Suite or Google Workspace email service without user interaction. Service account only works for G Suite or Google Workspace user, it doesn’t work for personal Gmail account.

Create project in Google Developers Console¶

To use “G Suite or Google Workspace Service Account OAuth” in your application, you should create a project in Google Cloud Console at first.

• Open Google Cloud console, create a new project by https://console.cloud.google.com/projectcreate.

  

• After the project is created, select it from projects list as current project.

  

Create service account in current project¶

• Click "Credentials" -> "Manage service accounts"

  

• Click "CREATE SERVICE ACCOUNT"

  

• Input a name for your service account, click "DONE"

After service account is created, you should enable "Domain-wide delegation" and create service key pair to access G Suite or Google Workspace user mailbox.

Create service key¶

• Go back to your service account -> Keys, click Add Key, you can select "p12" or "json" key type, both can work well, then you will get a file which contains private key, save the file to local disk.

  Now you have created service account with key pair successfully. You can use created private key in your codes to request "access token" impersonating a user in G Suite or Google Workspace.

• To access user data in G Suite, you must get authorization from G Suite or Google Workspace administrator. You should go back to your service account -> Details, copy your service account email address and client id.

Enable Gmail API¶

Enable Gmail API in "Library" -> Search "Gmail", then click "Gmail API" and enable it. If you use Gmail API protocol to send email, you should enable this API, if you use SMTP protocol, you don’t have to enable it.

Authorize service account by G Suite administrator¶

To use service account to access user mailbox in G Suite or Google Workspace, G Suite Administrator should authorize specified service account at first.

• The administrator should open admin.google.com, go to Admin Console, click "Security" > API Control;

  

• In the Domain wide delegation pane, select Manage Domain Wide Delegation.

• Click Add new.

• In the Client ID field, enter the service account’s Client ID

• Click Add new and enter your service account client ID.

• Enter the client ID of the service account or OAuth2 client ID of the app.

• In the OAuth scopes (comma-delimited) field, enter the list of scopes that your application should be granted access to. and input https://mail.google.com/, email, profile in One or More API Scopes, click "Authorize".

• Click Authorize.

After the administrator authorized service account, you can use it to access any users mailbox in G Suite or Google Workspace domain.

Learn more detail from: https://developers.google.com/identity/protocols/oauth2/service-account

Enable TLS Strong Encryption Algorithms in .NET 2.0 and .NET 4.0¶

Because HttpWebRequest is used to get access token from web service. If you’re using .NET framework (.NET 2.0 - 3.5 and .NET 4.x), you need to enable Strong Encryption Algorithms to request access token:

Put the following content to a file named NetStrongEncrypt.reg, right-click this file -> Merge -> Yes. You can also download it from https://www.emailarchitect.net/webapp/download/NetStrongEncrypt.zip.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

Access token lifetime¶

You don’t have to request access token every time. By default, access token expiration time is 3600 seconds, you can reuse the access token repeatedly before it is expired.

VB.NET/ASP.NET/ASP MVC - Send email using Gmail/G Suite OAuth 2.0 with service account - example¶

' You can install Google.Apis.Auth.OAuth2 by NuGet
' Install-Package Google.Apis.Auth
Imports System
Imports System.Collections.Generic
Imports System.Text
Imports System.Threading
Imports System.Threading.Tasks
Imports System.Security.Cryptography.X509Certificates
Imports System.Net
Imports System.IO
Imports Google.Apis.Auth.OAuth2
Imports EASendMail

Public Sub SendMail()
    Try
        ' service account email address
        Const serviceAccount As String = "xxxxxx@xxxxx.iam.gserviceaccount.com"

        ' import service account key p12 certificate.
        Dim certificate = New X509Certificate2("D:\MyData\myoauth-77dec4d192ec.p12", "notasecret", X509KeyStorageFlags.Exportable)

        ' G Suite user email address
        Dim gsuiteUser = "user@gsuitdomain.com"

        Dim serviceAccountCredentialInitializer = New ServiceAccountCredential.Initializer(serviceAccount) With {
            .User = gsuiteUser,
            .Scopes = {"https://mail.google.com/"}
        }.FromCertificate(certificate)

        ' if service account key is in json format, copy the private key from json file:
        ' "private_key": "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n"
        ' and import it like this:

        ' Dim privateKey As String = "-----BEGIN PRIVATE KEY-----" & vbLf & "MIIEv...revdd" & vbLf & "-----END PRIVATE KEY-----" & vbLf
        ' Dim serviceAccountCredentialInitializer = New ServiceAccountCredential.Initializer(serviceAccount) With {
        '    .User = gsuiteUser,
        '    .Scopes = {"https://mail.google.com/"}
        ' }.FromPrivateKey(privateKey)

        ' request access token
        Dim credential = New ServiceAccountCredential(serviceAccountCredentialInitializer)
        If Not credential.RequestAccessTokenAsync(CancellationToken.None).Result Then
            Throw New InvalidOperationException("Access token failed.")
        End If

        Dim server = New SmtpServer("smtp.gmail.com 587")
        server.ConnectType = SmtpConnectType.ConnectSSLAuto

        server.User = gsuiteUser
        server.Password = credential.Token.AccessToken

        server.AuthType = SmtpAuthType.XOAUTH2

        Dim mail = New SmtpMail("TryIt")
        mail.From = gsuiteUser
        mail.[To] = "support@emailarchitect.net"

        mail.Subject = "service account oauth test"
        mail.TextBody = "this is a test, don't reply"

        Dim smtp = New SmtpClient()
        smtp.SendMail(server, mail)

        Console.WriteLine("Message delivered!")

    Catch ep As Exception
        Console.WriteLine(ep.ToString())
    End Try
End Sub

EA Oauth Service for Gmail¶

If your code is too complex or out of maintenance, and you don’t want to change anything in your source codes, then you can have a try with EA Oauth Service for Gmail. It provides an easy way for the legacy email application that doesn’t support OAUTH 2.0 to send and retrieve email from Gmail without changing any codes. SMTP, POP, IMAP and SSL/TLS protocols are supported.

TLS 1.2 protocol¶

TLS is the successor of SSL, more and more SMTP servers require TLS 1.2 encryption now.

If your operating system is Windows XP/Vista/Windows 7/Windows 2003/2008/2008 R2/2012/2012 R2, you need to enable TLS 1.2 protocol in your operating system like this:

Enable TLS 1.2 on Windows XP/Vista/7/10/Windows 2008/2008 R2/2012

Related links¶

• Send email from Gmail using user interaction OAuth
• Send email from Hotmail/Outlook/Live using user interaction OAuth
• Send email from Office365 using user interaction OAuth
• Send email from Office365 in background service