By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,988 Members | 1,360 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,988 IT Pros & Developers. It's quick & easy.

Pass login details to Exchange Sever 2003?

P: n/a
Maybe someone could help me a little here.

On a project I am working on, we have some LDAP authentication to
Active Directory which allows users to login to our application - this
is fine. When accessing this application from off campus, they
routinely get this login window confused with the one they login to
Exchange Sever with for their email.

I am wondering if it is possible to setup some kind of button/link
that is displayed after they have logged in (to the web application -
not Exchange) that will redirect them to their email inbox without
having to login again.

I could setup a form that posts to the Exchange login script, with
their username and passwords in hidden fields, but I don't see this as
being secure - perhaps if the password was encrypted (encrypted as
what, though?) I would feel more at ease with this. (Not tried this,
perhaps it would even work?)

Basically, as we know their AD login credentials, all I need to know
is it possible to pass them to the Exchange Server so they can bypass
the login process for Exchange. All I want to do is try and avoid them
logging in twice - once to their email and once to our application.

I hope you follow me, any help would be greatly appreciated.
Dec 31 '07 #1
Share this Question
Share on Google+
2 Replies


P: n/a
On Mon, 31 Dec 2007 17:04:28 +0100, ad*************@gmail.com
<ad*************@gmail.comwrote:
Maybe someone could help me a little here.

On a project I am working on, we have some LDAP authentication to
Active Directory which allows users to login to our application - this
is fine. When accessing this application from off campus, they
routinely get this login window confused with the one they login to
Exchange Sever with for their email.

I am wondering if it is possible to setup some kind of button/link
that is displayed after they have logged in (to the web application -
not Exchange) that will redirect them to their email inbox without
having to login again.

I could setup a form that posts to the Exchange login script, with
their username and passwords in hidden fields, but I don't see this as
being secure - perhaps if the password was encrypted (encrypted as
what, though?) I would feel more at ease with this. (Not tried this,
perhaps it would even work?)

Basically, as we know their AD login credentials, all I need to know
is it possible to pass them to the Exchange Server so they can bypass
the login process for Exchange. All I want to do is try and avoid them
logging in twice - once to their email and once to our application.

I hope you follow me, any help would be greatly appreciated.
Not having worked directly with Exchange consider the following:
1. You know their login/password.
2. You let the link 'to Exchange' point to a 'portal'-page on your own
site/domain.
3. In that page you start a session with Exchange using perhaps the cURL
library.
3. You pass all cookie/get values directly through to the user, take extra
care to set it for the domain of the exchange server.
4. You redirect them to the page you were send to in your earlier request.

Not having worked with Exchange myself, you might want to examine wether
it works with cookies for authentication (in which case, if you are on a
different (sub)domain, your users would probably have to teach their
browser to accept any cookies you sent for that other domain), or wether
it works with a session-id in a GET value, in which case there would be no
problem passing that back to the user.
--
Rik Wasmus
Dec 31 '07 #2

P: n/a
Thanks for your comments Rik.

I will take a look at Curl, maybe we can force a proxy style post
login using Curl. Maybe this will be possible as we know their
username/password from the main login, it is just a matter of Exchange
Server performing any additional security checks.

I will have a play about and see what happens.
Jan 2 '08 #3

This discussion thread is closed

Replies have been disabled for this discussion.