OWA: 'Posting a Login' From Outside Script?

I am just wondering if anyone here can help with a problem that we
have here.
>
We have a PHP based website/application that has a user login that is
connected to our AD setup. This works fine. Obviously their usernames
and passwords are common to their exchange mailbox ones.
>
What we would like to do is just have the one common login for our web
application. I can obviously get their username/password in login to
the site, encrypt and store them in a session - then using something
like Curl post them to the OWA login script.
>
I have had a look at the OWA login screen, and noticed it posts to "/
exchweb/bin/auth/owaauth.dll". I will be buggered if I can get this to
work. I have little experience with Exchange - is there some security
within OWA to stop this 'proxy' login working from outside it's site/
area (webmail.domain.tld)?
>
Just to recap what I am trying to do: 1) User logs in to PHP based
application 2) Username/password stored in session 3) User triggers a
script that uses Curl to proxy login to OWA from stored credentials.
>
Its difficult to find where the issue is - it could be PHP, or could
be that OWA won't let me do it!

I would approach this as follows:
1) Get the source of your 'normal' weblogin for owaauth.dll.
2) Change this a little, so it posts to YOUR testscript, not
owaauth.dll. (Change the action in the form)
3) your testscript now puts out all it knows about the posting, eg:
Everything in $_POST and $_GET and $_COOKIE, and $_SERVER.
>
Simply use:
echo "POST CONTAINS:<pre>";
print_r($_POST);
echo "</pre>";
>
etc for all abovementioned superglobals.
>
I do not remember excactly what it is you need, but I found out what to
use in this way some years ago.
Just test a little, and I expect you'll find the right posting/curl
solution.
Also, it is possible this only works in IE, and not in FF. I think IE
sends some authorisation information for the station it is running on.
Not 100% sure either, sorry. ;-)
So I advise you to test first on IE, and when you suceed, test it on FF
later.
>

I am just wondering if anyone here can help with a problem that we
have here.
>
We have a PHP based website/application that has a user login that is
connected to our AD setup. This works fine. Obviously their usernames
and passwords are common to their exchange mailbox ones.
>
What we would like to do is just have the one common login for our web
application. I can obviously get their username/password in login to
the site, encrypt and store them in a session - then using something
like Curl post them to the OWA login script.
>
I have had a look at the OWA login screen, and noticed it posts to "/
exchweb/bin/auth/owaauth.dll". I will be buggered if I can get this to
work. I have little experience with Exchange - is there some security
within OWA to stop this 'proxy' login working from outside it's site/
area (webmail.domain.tld)?
>
Just to recap what I am trying to do: 1) User logs in to PHP based
application 2) Username/password stored in session 3) User triggers a
script that uses Curl to proxy login to OWA from stored credentials.
>
Its difficult to find where the issue is - it could be PHP, or could
be that OWA won't let me do it!