Microsoft Report Server (SQL Server) allows connection to GMail through SMTP via user / password, but does not provide support for OAuth. Google has turned off "Less Secure App" access for non-Workspace clients, and at some point in the future will probably disable LSAs all together. While we are a Workspace client and have more time to figure this out, I'm looking for help / suggestions on how to continue using GMail to send our company reports once LSAs are no longer an option.
For instance, are there any downloadable mail server applications for Windows like hMailServer that support OAuth? Unfortunately hMailServer (which we currently use) does not have OAuth support.
Related
In Database Mail, I find this statement:
Database Mail is an enterprise solution for sending e-mail messages from the SQL Server Database Engine or Azure SQL Managed Instance. Your applications can send e-mail messages to users using Database Mail via an external SMTP server.
As I've been using Database Mail for over ten years, this is good to read.
However, apparently Database Mail uses the .NET SmtpClient class, which has not been kept up-to-date and even recommends "MailKit".
In Exchange Online / Deprecation of Basic Authentication, I find the following phrase:
SMTP AUTH will still be available when Basic authentication is permanently disabled on October 1, 2022.
So the obvious question is whether SQL Database Mail with SmtpClient uses "SMTP AUTH" and therefore can still connect to Exchange without an SMTP relay.
Or if a relay is needed, would the built-in Windows Server SMTP relay be able to "upgrade" the credential exchange when connecting off-site?
We have Database Mail configured using an outlook.com account, so there are definitely cases where Database Mail can send to a Microsoft-controlled email server using SMTP.
Bottom line, do we need to know anything other than that SMTP AUTH is still available?
I've been using Database Mail successfully for about ten years, but it seems that while mail protocols and security have moved forward, SQL Server Database Mail has not.
At a new company, I've spent a full work day already trying various credentials and parameters. The most recent release I have tested with is SQL Server 2019.
What I believe I need to know is how to configure SQL Server Database Mail to work with one of the following:
Office 365 or Exchange SMTP
Windows [Server] SMTP relay
In tests with GMAIL/SMTP, AT&T/SMTP and Earthlink/SMTP, all returned errors, and at least some of the error messages are clearly from the destination SMTP service and not the result of firewall or connectivity problems. For example:
The mail could not be sent to the recipients because of the mail server failure. (Sending Mail using Account 8 (2023-01-06T11:14:56). Exception Message: Cannot send mails to mail server. (Mailbox unavailable. The server response was: 5.5.1 Authentication Required - ELNK003_308 - https://postmaster-earthlink.vadesecure.com/outbound_error_codes/#_308). )
Unfortunately, error 308 is not actually documented within the linked Earthlink page.
Looking into some available posts, I find that Database Mail is said to use the SmtpClient class, which in turn is pretty much obsolete, with recommendations to use MailKit. That's fine, but SQL Server Database Mail has apparently NOT been updated to use MailKit.
Returning to what I think are my choices are from above:
If I am to configure SMTP to Office 365 (we already have an account) or Exchange (if we have Exchange also), then what SMTP configuration parameters do I need to use with Database Mail and within Office 365?
=OR=
If I am to use Windows Server SMTP relay, then how do I configure the SMTP relay's OUTPUT mail to satisfy to the "modern" security requirements of Office 365, GMAIL, Earthlink or AT&T?
(I've used the Windows Server SMTP relay in years past, but only to offload the messages from SQL Server, not to satisfy security requirements)
I am creating simple application where I need get and fetch data to DB. As I find out from Xamarin app is standard using of HTTP request to DB instead of directly connect to DB.
I create Azure SQL DB, I create application with connection to this DB. But I cant really find out how it now should works.
There is no many tutorials or they are not fully described.
I read this one https://learn.microsoft.com/en-us/azure/app-service-mobile/app-service-mobile-xamarin-forms-get-started#download-and-run-the-xamarinforms-solution
I find many references on this one but it seems out of date. Everybody recommended download the project from section
Run the Xamarin.Forms solution
On the settings blade for your Mobile App, click Quickstart (under Deployment) > Xamarin.Forms. Under step 3, click Create a new app if it's not already selected. Next click the Download button.
Under this tab I have only references to next tutorials but not any to Project Download. (screenshot below)
https://imgur.com/THCdUE1
Can you give me some advice if I do something wrong? Or link to updated tutorials? I am little desperate from this
Many Thanks
Azure SQL is not an HTTP/s service-- it runs proprietary SQL Server protocol on port 1433, just like on-premise versions of SQL Server.
If you are trying to connect directly to SQL Server from a Xamarin App, you are almost certainly making a mistake. Doing so would require providing credentials to your Xamarin app that can connect directly to your database, which opens your database up for a malicious user to do pretty much whatever they want to. The reason this kind of 2-tier application is dangerous is because the Xamarin app runs on an untrusted device (your user's mobile device), and a malicious user can intercept any data that your application has in memory, including your database credentials. They can then use those credentials to gain access to your database. Unless you were to use unique database credentials for each user (very impractical) and setup very stringent security roles in SQL Server, it'd be impossible to keep a malicious user from accessing the database for all of your other users (which is very, very bad). The other problem is that many networks block traffic on port 1433, or only allow access via an HTTPS proxy server, so your application would not function on many networks if it tried to connect directly to SQL.
This is the answer to your question, but please don't do this:
If you are certain that you have taken care of the security correctly, you should be able to install the System.Data.SqlClient nuget package and use that to communicate with SQL Server as you would with any .NET application. Here's a code example from Microsoft.
This is my opinion on what you should do instead:
The correct way for most Xamarin applications to communicate with Azure SQL database would be via an intermediary application server.
If your application access data specific to a user, should have per-user credentials in it (username and password that get exchanged for an authorization token when the user logs in is a common technique). The Xamarin app would then use HTTPS to make requests to your application server using those user credentials. The application server would validate the user credentials (authenticate that they are legitimate and authorize the data being requested based on who the user is) and make requests to Azure SQL.
If your application only access public data anonymously, then you can make unauthenticated requests to your application server which will blindly request that data from Azure SQL and return it to your client (though it would also return the same data to any attacker on the internet, so be sure if you use this approach you intend all data served to be public to the world).
In both cases, your application server would be the only piece that communicates with Azure SQL. For a .NET application this would typically be done via System.Data.SqlClient or perhaps indirectly through an ORM like Entity Framreworks. The advantage to this 3-tier approach is that the untrusted client tier does not have unrestricted access to your database tier. Only the middle application server tier has the credentials for SQL Server, and it is trusted and runs in a secure environment (a server you manage, not an end-user's mobile device). This means that an attacker cannot intercept the database credentials and misuse them. It also means that your application only requires HTTPS data access to function, so your application will work on almost any network.
This is probably not the answer you are looking for, since it involves authoring an entire application server that has to be hosted by you (Azure App Service would be my recommendation, if you are already using Azure SQL). It also requires you to implement an API on the server, and then write an API client for your Xamarin application. This is no small amount of work.
I have a report using SSRS 2008 R2, I want to subscribe to this report using the "email" option. I have configured the settings in the reporting services manager to use server as "smtp.gmail.com" and sender address as my gmail ID.
I also tried using the SMTP virtual server and relay it using smart host as "smtp.gmail.com". But I get the following error while sending email :
Failure sending mail: The transport failed to connect to the server.
I am using IIS 7 and Windows Server 2008. Following is the snippet of my rsreportserver.config file:
<SMTPServer>smtp.gmail.com</SMTPServer>
<SMTPServerPort>587
</SMTPServerPort>
<SMTPAccountName>
</SMTPAccountName>
<SMTPConnectionTimeout>
</SMTPConnectionTimeout>
<SMTPServerPickupDirectory>
</SMTPServerPickupDirectory>
<SMTPUseSSL>True
</SMTPUseSSL>
<SendUsing>2</SendUsing>
<SMTPAuthenticate></SMTPAuthenticate>
<From>myid#gmail.com</From>
Any help will be highly appreciated.
Thanks
I was having a problems getting SSRS 2017 to connect. I tried a dozen different suggestions and ended up with the following. I didn't need to setup the SMTP relay or SMTP service on the windows server.
Open Reporting Services Configuration Manager. Go to E-mail Settings >>>
Sender Address: [user]#gmail.com (or your G-Suite domain)
Current Delivery Method: Use SMTP server
SMTP Server: smtp.gmail.com
Authentication= "Username and password (basic)"
Username: [user]#gmail.com (or your G-Suite domain)
Password
Confirm Password
Use Secure Connection: Checked
Now go to the rsreportserver.config file. Mine was located at
C:\Program Files\Microsoft SQL Server Reporting Services\SSRS\ReportServer\rsreportserver.config
Find the <SMTPServerPort> and set to 587
Save rsreportserver.config
You'll also need to enable "Less secure app access" in the Security section of your Google Account settings otherwise will throw authentication errors.
Having struggled with this for the past few hours I thought it might be valuable to share another method for anyone else still unable to configure an SSRS instance to send subscription emails via gmail using their smtp relay service.
For this example, my company uses Gmail Servers to host our own domain and I assume that you have access to the Admin Console on Google Apps.
Step 1 - Configure Gmail
Log into Google Apps with an Administrator Account
Go into the admin console
Select Apps > Gmail > Advanced Settings
Find SMTP Relay Service
Add New
Allowed Senders - Set to "Only Addresses In My Domains"
Authentication - Set to "Only Accept Mail From Specified IP"
Add the Public IP Range of the Server SSRS is running on
Leave TLS Encryption Unchecked
Leave SMTP Authentication Unchecked
Save
You should then have settings that look like this:
Allowed senders: Only addresses in my domains
Only accept mail from the specified IP addresses: Yes
Allowed IP addresses: (Your Description)
Require SMTP Authentication: No
Require TLS encryption: No
Step 2 - Configure SSRS
Go to SSRS Configuration Manager > Email Settings
Enter Sender address as email#yourgmaildomain.co.uk
Use SMTP Server
SMTP Server = "smtp-relay.gmail.com"
Following these steps will allow you to send emails using SSRS subscriptions without needing to set up your own relay server. Hope this helps some other poor sole from spending hours trying to figure it out!
REF:
https://support.google.com/a/answer/2956491?vid=1-635782669150538047-3380580329
From what I have read, it sounds like you might have to setup a local SMTP relay server that you send the email through, b/c SSRS requires that "The Report Server service must have Send As permissions on the SMTP server" and does not appear to give any options for entering a password. I am assuming the SSRS subscription email setup only works using Windows authentication since it uses the SSRS Service, but the configuration documentation is vague. (http://technet.microsoft.com/en-us/library/ms345234(v=sql.105).aspx )
Here is a link that shows how to setup the SMTP relay server http://www.vsysad.com/2012/04/setup-and-configure-smtp-server-on-windows-server-2008-r2/
Here are the steps you'll need to do differently.
Item 19, choose Basic Authentication, enter your gmail account info, and make sure TLS encryption is checked.
Item 21, enter your server name as the Fully-qualiified domain name. Enter "smtp.google.com" as the "Smart host".
Then specify the SMTP server you just created above in your SSRS SMTP configuration.
You probably also need to enable POP3 on your gmail account if you have not already. https://support.google.com/mail/answer/13273?cbid=wl8yzeug2lob&src=cb&lev=topic
Users will be out in the field collecting data on windows client app in areas with poor internet connection. Days or even weeks at a time away from any network connection. The lucky ones will bring their laptop back to a regional office to sync the data they've collected when they login to the company network. Others will have to resort to plugging into a client/customer internet connection and/or Internet Cafe connection to perform the data sync.
The app stores the data on a local sql server 2008 R2 express database and the client will initiate a database sync to the SQL Server 2008 standard in HQ as and when connection is available.
User Authentication and role based security are requirements of the App. Which method should I be using: Forms Authentication or Windows Authentication ? (And I think I've come across a 3rd type called Custom Authentication ?)
Sorry, I'm really lost on the authentication stuff - first time doing it and not sure of the pros & cons of each type. Can anyone advise which I should be using for this scenario ?
UPDATE: I've actually got the synchronization working now using the SQL Server's external ip address in the connection string and SQL Authentication for the user logins. Would this be an accepted practice or am I violating any security principles?
I still have to get to the role based security piece - can role based security work with SQL Authentication?
Also, new wrinkle: turns out that some of the remote users once they have been issued their laptop from Head Office may never login to the organisation's Domain again so their Login's Trust relationship with the domain expires after a few months. Therefore, I guess Windows Authentication is not viable anyway...
How will you connect to the HQ db server?
Imo the safest solution would be to sync over WCF (sample with SqlCompact to Sql Server over WCF with N-tier here). You can then implement whatever authentication scheme you want depending on the kind of security (transport and/or message) you implement in WCF. See this and this for more info.