Wednesday, March 16, 2022

Sending Emails with Modern Authentication

Thanks to Matthew Olson, who did most of the work figuring how to implement this, I've added support for Modern Authentication to SFMail, a VFPX project providing a library to send emails from VFP applications.

Basic Authentication is simply providing a user name and password to connect to a mail server. More and more mail services have already or are soon moving away from Basic Authentication and implementing Modern Authentication, also known as OAuth2. Modern Authentication uses a two-step process to connect to a mail server: first obtaining a token (a string) from a web server, then using that token to connect to the mail server.

Gmail and Office 365 are two of the services moving away from Basic Authentication sometime in 2022. The SFMail repository has detailed documentation for working with Office 365. I started investigating Gmail, but according to, access to Gmail is considered to be a "Restricted scope" and requires undergoing an annual independent, third-party security assessment. That seems like a pain, so I'm not planning on doing much with Gmail yet. However, based on what (little) I know about OAuth2, I believe that SFMail will work with Gmail.


Unknown said...

Credit where credit is due. My coworker, Brandon Klimek, was a huge help in this, especially with the Azure settings and C# code. He saved me at least 2 weeks of research!

Ugur YILMAZ said...

Hello Doug;

I updated cdo mail code to SFmail on my one of the projects.
Working like a charm.

Thank you for SFmail and community collobration.

Raimundo Bonfim said...

ParabĂ©ns a todos colaboradores ​​Doug Hennig

Unknown said...

Hi, Doug.
I am getting this message...
Message not sent: An attempt was made to load an assembly from a network location which would have caused the assembly to be sandboxed in previous versions of the .NET Framework. This release of the .NET Framework does note enable CAS policy by default, so this load may be dangerous. If this load is not intended to sandbox the assembly, please enable the loadFromRemoteSources switch. See for more information.

I need help... How do I set the loadFromRemoteSources switch?

Thank you! Art Lieberman

Doug Hennig said...

See this comment in the instructions at

"Note: if your app runs from a network folder, you will likely need to distribute a config file that tells .NET to allow remote execution. Rename myapp.exe.config included in this repository to the name of your EXE; for example, for an EXE named Customers.exe, rename myapp.exe.config to Customers.exe.config and distribute it with the application."