Hello all.
Ever since the latest patch for IE 6 it is impossible to pass the
username and password to Exchange 2000 (or any site) in the url (i.e. http://username:pa******@exchangeserver.mydomain.com) ... so I've possibly
came up with a solution (which I'm sure is thought of and implemented
already) Please review my strategy and offer any suggestions / solutions:
- A user is logged into an asp.net / c# website with the same user name and
password for the domain / exchange server
- To prevent a duplicate login, I used to pass the username and password in
the url (as detailed above), this no longer works
- I would have a simple link with the user name and password in the url
that would automatically log the user in
- I was hoping that somehow, with a combination of a WebRequest /
NetworkCredenti al I could log the user in behind the scenes and redirect
them to the proper location to the OWA inbox for the particular user without
needing to log them in twice.
I'm having a struggle locating the proper information to achieve this goal.
Any and all input is appreciated.
Thanks in advance.
--
Jay Douglas
Fort Collins, CO 4 2155
I thought MS "reversed" that in a followup patch!
It broke too many things.
There is a registry hack to undo it to.
--
Joe Fallon
"Jay Douglas" <RE************ *************** ******@squarei. com> wrote in
message news:ec******** *****@TK2MSFTNG P11.phx.gbl... Hello all.
Ever since the latest patch for IE 6 it is impossible to pass the username and password to Exchange 2000 (or any site) in the url (i.e. http://username:pa******@exchangeserver.mydomain.com) ... so I've possibly came up with a solution (which I'm sure is thought of and implemented already) Please review my strategy and offer any suggestions / solutions:
- A user is logged into an asp.net / c# website with the same user name
and password for the domain / exchange server - To prevent a duplicate login, I used to pass the username and password
in the url (as detailed above), this no longer works - I would have a simple link with the user name and password in the url that would automatically log the user in - I was hoping that somehow, with a combination of a WebRequest / NetworkCredenti al I could log the user in behind the scenes and redirect them to the proper location to the OWA inbox for the particular user
without needing to log them in twice.
I'm having a struggle locating the proper information to achieve this
goal. Any and all input is appreciated.
Thanks in advance.
-- Jay Douglas Fort Collins, CO
No, it has not and will not be reversed.
There is a registry patch to turn the behavior off if you'd like.
--
Thanks,
Eric Lawrence
Program Manager
Assistance and Worldwide Services
This posting is provided "AS IS" with no warranties, and confers no rights.
"Joe Fallon" <jf******@nospa mtwcny.rr.com> wrote in message
news:eF******** ******@TK2MSFTN GP10.phx.gbl... I thought MS "reversed" that in a followup patch! It broke too many things.
There is a registry hack to undo it to. -- Joe Fallon "Jay Douglas" <RE************ *************** ******@squarei. com> wrote in message news:ec******** *****@TK2MSFTNG P11.phx.gbl... Hello all.
Ever since the latest patch for IE 6 it is impossible to pass the username and password to Exchange 2000 (or any site) in the url (i.e. http://username:pa******@exchangeserver.mydomain.com) ... so I've
possibly came up with a solution (which I'm sure is thought of and implemented already) Please review my strategy and offer any suggestions /
solutions: - A user is logged into an asp.net / c# website with the same user name and password for the domain / exchange server - To prevent a duplicate login, I used to pass the username and
password in the url (as detailed above), this no longer works - I would have a simple link with the user name and password in the url that would automatically log the user in - I was hoping that somehow, with a combination of a WebRequest / NetworkCredenti al I could log the user in behind the scenes and redirect them to the proper location to the OWA inbox for the particular user without needing to log them in twice.
I'm having a struggle locating the proper information to achieve this goal. Any and all input is appreciated.
Thanks in advance.
-- Jay Douglas Fort Collins, CO
> Ever since the latest patch for IE 6 it is impossible to pass the username and password to Exchange 2000 (or any site) in the url (i.e. http://username:pa******@exchangeserver.mydomain.com) ... so I've possibly came up with a solution (which I'm sure is thought of and implemented already) Please review my strategy and offer any suggestions / solutions:
Hopefully, the setup wasn't ~really~ broadcasting your unencrypted username
and password to the world at large without any protection?
- I was hoping that somehow, with a combination of a WebRequest / NetworkCredenti al I could log the user in behind the scenes and redirect them to the proper location to the OWA inbox for the particular user
without needing to log them in twice.
I don't think this will work. Arguably, if you wanted to get really fancy,
you could create a C# Proxy which passed all requests and responses between
the client and the server and added the authentication information to the
headers on every transaction-- but this would get insanely complicated and
would be very fragile.
If you'd like to reverse the effects of this security update, there's a
well-documented registry key to turn it off. However, I must caution you
that the approaches you've described are very much vulnerable to even the
most inept of hackers.
Thanks,
Eric Lawrence
Program Manager
Assistance and Worldwide Services
This posting is provided "AS IS" with no warranties, and confers no rights.
Eric, Thanks for your response.... Hopefully, the setup wasn't ~really~ broadcasting your unencrypted
username and password to the world at large without any protection?
Yes I was, as a temporary solution. The latest I.E. patch was almost a
blessing in disguise.. I'm now in a position where I can tell the customer
they need to budget for an additional component.
If you'd like to reverse the effects of this security update, there's a well-documented registry key to turn it off. However, I must caution you that the approaches you've described are very much vulnerable to even the most inept of hackers.
Changing the registry key is not an option. This functionality needs to be
accessed from a lot of PCs, some of which I have no control over the
registry.
I don't think this will work. Arguably, if you wanted to get really
fancy, you could create a C# Proxy which passed all requests and responses
between the client and the server and added the authentication information to the headers on every transaction-- but this would get insanely complicated and would be very fragile.
Is there a middle ground? I was hoping I could use C# to start the request,
pass the user information, and then pass the control over to the users
browser. I don't really want to write an application that acts as an
intermediary for all of this communication. It would be a bandwidth
nightmare, and like you said, flakey.
Possibly some more suggestions may help.
Thanks a ton.
--
Jay Douglas
Fort Collins, CO
"Eric Lawrence [MSFT]" <e_********@hot mail.com> wrote in message
news:Or******** ******@TK2MSFTN GP09.phx.gbl... Ever since the latest patch for IE 6 it is impossible to pass the username and password to Exchange 2000 (or any site) in the url (i.e. http://username:pa******@exchangeserver.mydomain.com) ... so I've
possibly came up with a solution (which I'm sure is thought of and implemented already) Please review my strategy and offer any suggestions /
solutions: Hopefully, the setup wasn't ~really~ broadcasting your unencrypted
username and password to the world at large without any protection?
- I was hoping that somehow, with a combination of a WebRequest / NetworkCredenti al I could log the user in behind the scenes and redirect them to the proper location to the OWA inbox for the particular user without needing to log them in twice.
I don't think this will work. Arguably, if you wanted to get really
fancy, you could create a C# Proxy which passed all requests and responses
between the client and the server and added the authentication information to the headers on every transaction-- but this would get insanely complicated and would be very fragile.
If you'd like to reverse the effects of this security update, there's a well-documented registry key to turn it off. However, I must caution you that the approaches you've described are very much vulnerable to even the most inept of hackers.
Thanks,
Eric Lawrence Program Manager Assistance and Worldwide Services
This posting is provided "AS IS" with no warranties, and confers no
rights. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Prathiraj |
last post by:
Hi All,
I'm trying to access a web page from C# code. Since I'm
behind a firewall/proxy, I creat a webproxy and
NetworkCredential to access the web page. It works fine.
In this way, I have to give the username and password for
creating the NetworkCredential object. Is there anyway
that I can get the NetworkCredential object from the
logged on user?
|
by: Jay Douglas |
last post by:
Hello all.
Ever since the latest patch for IE 6 it is impossible to pass the
username and password to Exchange 2000 (or any site) in the url (i.e.
http://username:password@exchangeserver.mydomain.com) ... so I've possibly
came up with a solution (which I'm sure is thought of and implemented
already) Please review my strategy and offer any suggestions / solutions:
- A user is logged into an asp.net / c# website with the same user name...
|
by: Eric Sheu |
last post by:
Greetings,
I have been searching the web like mad for a solution to my SMTP problem. I
am using Windows Server 2003 and ASP.NET 2.0 w/ C# to send out e-mails from a
web site I have created to the members of my organization. I think my problem
is incorrectly setting the settings on my server or an authentication
problem. Here is the code I have written to send a test message:
-----Code Begins: Sensitive Information Replaced by -----...
|
by: Naga |
last post by:
I am using the code below to login to a password requiring website
programatically. I keep getting back the logon page. I have read some posts
here and haven't found a working solution still. I don't need any proxy to
connect. After seeing some posts I eeven added a cookie container, still
doesn't work.I'd really appreciate a lot, if someone could tell me what
additional code is required to make this work
Thanks in advance,
Naga...
|
by: phil.jacobs |
last post by:
Hi there,
I am very stuck and have tried everything on this one!
I am trying to get to an https website and cannot work out how to
logon. When I log on manually, I have to enter username and password in
a dialog box.
I am trying to use Basic Authorisation to get in and everything I try
returns a 401 unauthoriased error. I am sure this should be simple :-(
| |
by: barrybevel |
last post by:
Hi,
I'm trying to login to the www.vodafone.ie website using
HttpWebRequest.
It works fine with IE/Firefox and the .NET Web Control too, just not
with my code.
I think it's a redirect 302 problem.
I'm using this code in a ASP.NET 2.0 application just in case that
matters,
maybe someone knows a better way to do this?
|
by: Ben |
last post by:
Hello, I'll bet this has been asked a million times but I can't seem to find
a thread that gives the clear example I need.
This PC has MySQL and IIS configured and running. The MySQL database is
"myDB" with a table "myUsers" with fields "Username" and "Password". I also
have the MySQL ODBC driver loaded with a DSN "dsnMySQL" setup.
First question is can someone direct me to a site or provide a sample code
for a login page that...
|
by: antonyliu2002 |
last post by:
I have a website (call it WinAuthWeb) that uses Integrated Windows
Authentication.
In my ASP.NET web application, I collect user name, password and
domain info and pass them to WinAuthWeb for authentication (formerly
known as NTLM).
I construct the user credentials like this:
theUserCredential = New NetworkCredential(username, userpassword,
|
by: WeCi2i |
last post by:
Okay, I have a problem that has been stumping me for weeks. I have tried many different solutions and this is pretty much my last resort. I have seen a lot of good answers give here so I figured I would give it a try.
First of all, I am using Visual Studio 2005 to write my program. I am using C# .NET as the language. I am running Windows XP Professional with all service packs and updates applied.
Now, I have been trying to write a...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |