Friday, September 6, 2013

SendEmail from CurrentUser Caution in SharePoint 2010

This is a quick one I ran across, and yes: it was really annoying:

The SPUtility’s SendEmail method has several overloads. Check it out if you want to:

The most flexible overloads accept a StringDictionary. The dictionary allows us to specify any email headers we want to, most notably the ‘to’, ‘subject’, ‘cc’, and ‘from’ headers.

In the SendEmail overloads that are not taking a StringDictionary, notice there is no ‘from’ parameter. This is because the current Web Application’s outbound email address is automatically used as the ‘from’ address when using those methods.

When using on of the StringDictionary overloads, one would think leaving out the ‘from’ header would result in the same thing: the current Web Application’s outbound email address is used. This is NOT THE CASE.

What happens is that if the ‘from’ header is not in the StringDictionary or if it is null, the current user’s email address will be used as the FROM address in the email. If your email server has any type of security hardening this will result in the email being rejected since the app pool probably does not have the necessary rights to send an email on any old user’s behalf.

How to fix? Couldn’t be easier:

//email sendin code
StringDictionary headers = new StringDictionary();
headers.Add("to", toAddress);
if (!string.IsNullOrEmpty(fromAddress))
headers.Add("from", fromAddress);
headers.Add("from", GetFromEmailAddress(web));
headers.Add("subject", subject);
headers.Add("content-type", "text/html");

SPUtility.SendEmail(web, headers, body);

//get the FROM email address configured for the web app
internal static string GetFromEmailAddress(SPWeb web)
return web.Site.WebApplication.OutboundMailSenderAddress;

No comments:

Post a Comment

© I caught you a delicious bass.
Back to top