473,386 Members | 1,758 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > owa: 'posting a login' from outside script?

Join Bytes to post your question to a community of 473,386 software developers and data experts.

OWA: 'Posting a Login' From Outside Script?

I am just wondering if anyone here can help with a problem that we
have here.

We have a PHP based website/application that has a user login that is
connected to our AD setup. This works fine. Obviously their usernames
and passwords are common to their exchange mailbox ones.

What we would like to do is just have the one common login for our web
application. I can obviously get their username/password in login to
the site, encrypt and store them in a session - then using something
like Curl post them to the OWA login script.

I have had a look at the OWA login screen, and noticed it posts to "/
exchweb/bin/auth/owaauth.dll". I will be buggered if I can get this to
work. I have little experience with Exchange - is there some security
within OWA to stop this 'proxy' login working from outside it's site/
area (webmail.domain.tld)?

Just to recap what I am trying to do: 1) User logs in to PHP based
application 2) Username/password stored in session 3) User triggers a
script that uses Curl to proxy login to OWA from stored credentials.

Its difficult to find where the issue is - it could be PHP, or could
be that OWA won't let me do it!
Jul 15 '08 #1
4 3643
ad*************@gmail.com schreef:
I am just wondering if anyone here can help with a problem that we
have here.

We have a PHP based website/application that has a user login that is
connected to our AD setup. This works fine. Obviously their usernames
and passwords are common to their exchange mailbox ones.

What we would like to do is just have the one common login for our web
application. I can obviously get their username/password in login to
the site, encrypt and store them in a session - then using something
like Curl post them to the OWA login script.

I have had a look at the OWA login screen, and noticed it posts to "/
exchweb/bin/auth/owaauth.dll". I will be buggered if I can get this to
work. I have little experience with Exchange - is there some security
within OWA to stop this 'proxy' login working from outside it's site/
area (webmail.domain.tld)?

Just to recap what I am trying to do: 1) User logs in to PHP based
application 2) Username/password stored in session 3) User triggers a
script that uses Curl to proxy login to OWA from stored credentials.

Its difficult to find where the issue is - it could be PHP, or could
be that OWA won't let me do it!
Hi,

Your problem is mainly finding out what Exchange expects.
I would approach this as follows:
1) Get the source of your 'normal' weblogin for owaauth.dll.
2) Change this a little, so it posts to YOUR testscript, not
owaauth.dll. (Change the action in the form)
3) your testscript now puts out all it knows about the posting, eg:
Everything in $_POST and $_GET and $_COOKIE, and $_SERVER.

Simply use:
echo "POST CONTAINS:<pre>";
print_r($_POST);
echo "</pre>";

etc for all abovementioned superglobals.

I do not remember excactly what it is you need, but I found out what to
use in this way some years ago.
Just test a little, and I expect you'll find the right posting/curl
solution.
Also, it is possible this only works in IE, and not in FF. I think IE
sends some authorisation information for the station it is running on.
Not 100% sure either, sorry. ;-)
So I advise you to test first on IE, and when you suceed, test it on FF
later.

Good luck.
Regards,
Erwin Moller
Jul 16 '08 #2
Your problem is mainly finding out what Exchange expects.
I would approach this as follows:
1) Get the source of your 'normal' weblogin for owaauth.dll.
2) Change this a little, so it posts to YOUR testscript, not
owaauth.dll. (Change the action in the form)
3) your testscript now puts out all it knows about the posting, eg:
Everything in $_POST and $_GET and $_COOKIE, and $_SERVER.

Simply use:
echo "POST CONTAINS:<pre>";
print_r($_POST);
echo "</pre>";

etc for all abovementioned superglobals.

I do not remember excactly what it is you need, but I found out what to
use in this way some years ago.
Just test a little, and I expect you'll find the right posting/curl
solution.
Also, it is possible this only works in IE, and not in FF. I think IE
sends some authorisation information for the station it is running on.
Not 100% sure either, sorry. ;-)
So I advise you to test first on IE, and when you suceed, test it on FF
later.
Thanks for your thoughts on this Erwin. I will have ago at what you
suggest and see what happens. I think a lot of this as you say will be
trial and error, it may not be the simplest thing to achieve.
Jul 16 '08 #3
Adam Waterfield posted:
: What we would like to do is just have the one common login for our
: web application. I can obviously get their username/password in
: login to the site, encrypt and store them in a session - then using
: something like Curl post them to the OWA login script.

You might consider using a "user group" for the common login, place
all the users into a "user group", provide the respective permissions
for that "user group" account to access the proper .dll's, and then
if you'd like an altogether COMMON area where group mail or reports
or such gets located, create that folder and assign the appropriate
permissions (user group) to that folder so that everyone can 'read'
the stuff located there. You can then use the group account on the
"common web" login folder to help with that.

--
Jim Carlock
Natural Cure For Pink-Eye (Conjunctivitis)
http://www.associatedcontent.com/art...nctivitis.html
Jul 17 '08 #4
On Tue, 15 Jul 2008 13:57:53 -0700 (PDT), ad*************@gmail.com wrote:
I am just wondering if anyone here can help with a problem that we
have here.

We have a PHP based website/application that has a user login that is
connected to our AD setup. This works fine. Obviously their usernames
and passwords are common to their exchange mailbox ones.

What we would like to do is just have the one common login for our web
application. I can obviously get their username/password in login to
the site, encrypt and store them in a session - then using something
like Curl post them to the OWA login script.

I have had a look at the OWA login screen, and noticed it posts to "/
exchweb/bin/auth/owaauth.dll". I will be buggered if I can get this to
work. I have little experience with Exchange - is there some security
within OWA to stop this 'proxy' login working from outside it's site/
area (webmail.domain.tld)?

Just to recap what I am trying to do: 1) User logs in to PHP based
application 2) Username/password stored in session 3) User triggers a
script that uses Curl to proxy login to OWA from stored credentials.

Its difficult to find where the issue is - it could be PHP, or could
be that OWA won't let me do it!
Wouldn't it be a lot easier just to plug into the LDAP functions of the
Exchange directory?

--
"... I've seen Sun monitors on fire off the side of the multimedia lab.
I've seen NTU lights glitter in the dark near the Mail Gate.
All these things will be lost in time, like the root partition last week.
Time to die...". -- Peter Gutmann in the scary.devil.monastery
Jul 21 '08 #5
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
perplexing error posting to php script
by: mark.richards | last post by:
At first I thought this error had to do with a timeout problem, but now I am almost certain it has direct bearing on the size of the data that I am posting. I am using a simple form: <?php...
PHP
9
HttpWebRequest and posting login data
by: buran | last post by:
Dear ASP.NET Programmers, How can I post data to an ASP.NET login page and pass authentication? The login page uses forms authentication, users must supply usernames and password and have to...
ASP.NET
0
posting login credentials and __VIEWSTATE using HttpWebRequest fails
by: msnews.microsoft.com | last post by:
I have been raking my brains on why this does not work. I get back the same login screen again instead of the home page redirection which should occur after a successful login: 'create a cookie...
ASP.NET
2
Posting login data with HttpWebRequest
by: adwooley2 | last post by:
Hello. Have been losing plenty of hair over problem whereby I can't make it off the login page. Trying to pass login info to a login page and then move on to another page within the site so that...
Visual Basic .NET
6
Login/VBA script to login to Access 2000
by: cyndithomas via AccessMonster.com | last post by:
I new to Visual Basic and am struck on a issue. Have created a Login in Screen for Remote User to access and input data. Want the Remote to be able to login & access the Input Form, and Manager...
Microsoft Access / VBA
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!