Configure a smtp with ACS and Entra for a DotNet C# application

Question

I'm using Azure Communication Service as an SMTP and e-mailing provider. According to the doc, I have set up a Service Principal as a user (with Microsoft Entra)

I'm trying to send an e-mail with a .Net C# app. But I keep getting a "5.7.57 Client not authenticated to send mail. Error: 535 5.7.3 Authentication unsuccessful."

I configured the Entra app according to the documentation, giving it enough Role Access to my ACS app (Write, Read... even Contributor)

Here is my code below :

private static void TestACS()
{

string smtpAuthUsername = "MyACSResource|MyEntraAppID|MyTenantID";

string smtpAuthPassword = "MyEntraSecret";

string sender = "******@mydomain.fr";

string recipient = "******@mydomain.fr";

string subject = "Test with ACS";

string body = "Hello World !";

string smtpHostUrl = "smtp.azurecomm.net";

var client = new SmtpClient(smtpHostUrl)

{

Port = 587,

Credentials = new NetworkCredential(smtpAuthUsername, smtpAuthPassword),

EnableSsl = true

};

var message = new MailMessage(sender, recipient, subject, body);

try

{

client.Send(message);

Console.WriteLine("The email was successfully sent using Smtp.");

}

catch (Exception ex)

{

Console.WriteLine($"Smtp send failed with the exception: {ex.Message}.");

}

}

I've read on an other post that it might come from the user name length. (https://learn.microsoft.com/en-us/answers/questions/1459206/username-length-issue-with-smtp-in-azure-communica)

Maybe I should just give up and try SendGrid ? Anybody successful configuring this mess ?

Answer 1

Hi @Pauline Leclerc,
Welcome to the Microsoft Q&A Platform!
It seems like you're facing the issue regarding email sending failures using Azure Communication Service (ACS) SMTP. The error "5.7.57 Client not authenticated to send mail. Error: 535 5.7.3 Authentication unsuccessful" indicates an authentication failure, you can try the following steps:

1. Ensure the username is formatted as <ACSResourceName>|<ClientID>|<TenantID>.
2. Replace placeholders with your ACS resource name (not the full URL), Entra App Client ID, and Tenant ID.
3. Check the Entra App's client secret in the Azure Portal. If expired, generate a new one.
4. Ensure the secret is correctly copied without extra spaces or characters.
5. Use the SMTP host provided by ACS, typically '.communications.azure.com', replace 'smtp.azurecomm.net` with the correct host from your ACS resource settings.
6. Assign the "Azure Communication Services Email Sender" role to the Service Principal on the ACS resource, remove overly broad roles like Contributor, which might not grant email permissions.
7. In the Azure Portal, navigate to your ACS resource > Email domains, ensure mydomain.fr is added and verified. If not, follow the domain verification process.
8. Replace SmtpClient with MailKit's SmtpClient for better logging:

      using MailKit.Net.Smtp;
      using MailKit.Security;
           using MimeKit;
       
           var message = new MimeMessage();
           message.From.Add(new MailboxAddress("Sender", sender));
      message.To.Add(new MailboxAddress("Recipient", recipient));
           message.Subject = subject;
           message.Body = new TextPart("plain") { Text = body };
       
           using var client = new SmtpClient();
           client.Connect(smtpHostUrl, 587, SecureSocketOptions.StartTls);
           client.Authenticate(smtpAuthUsername, smtpAuthPassword);
           client.Send(message);
           client.Disconnect(true);
   

9. Check logs for detailed SMTP server responses.
10. Ensure outbound traffic on port 587 is allowed.
11. In Azure, enable diagnostics for ACS to capture auth attempts.
12. Use openssl s_client -connect <smtp-host>:587 -starttls smtp to manually test SMTP auth.

Hope the above provided information help in better understanding and help you resolve the issue, if you have any further concerns or queries, please feel free to reach out to us.

If the answer is helpful, please click Accept Answer and kindly upvote it so that other people who faces similar issue may get benefitted from it.