By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
435,596 Members | 3,653 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 435,596 IT Pros & Developers. It's quick & easy.

OWA: 'Posting a Login' From Outside Script?

P: n/a
I am just wondering if anyone here can help with a problem that we
have here.

We have a PHP based website/application that has a user login that is
connected to our AD setup. This works fine. Obviously their usernames
and passwords are common to their exchange mailbox ones.

What we would like to do is just have the one common login for our web
application. I can obviously get their username/password in login to
the site, encrypt and store them in a session - then using something
like Curl post them to the OWA login script.

I have had a look at the OWA login screen, and noticed it posts to "/
exchweb/bin/auth/owaauth.dll". I will be buggered if I can get this to
work. I have little experience with Exchange - is there some security
within OWA to stop this 'proxy' login working from outside it's site/
area (webmail.domain.tld)?

Just to recap what I am trying to do: 1) User logs in to PHP based
application 2) Username/password stored in session 3) User triggers a
script that uses Curl to proxy login to OWA from stored credentials.

Its difficult to find where the issue is - it could be PHP, or could
be that OWA won't let me do it!
Jul 15 '08 #1
Share this Question
Share on Google+
4 Replies


P: n/a
ad*************@gmail.com schreef:
I am just wondering if anyone here can help with a problem that we
have here.

We have a PHP based website/application that has a user login that is
connected to our AD setup. This works fine. Obviously their usernames
and passwords are common to their exchange mailbox ones.

What we would like to do is just have the one common login for our web
application. I can obviously get their username/password in login to
the site, encrypt and store them in a session - then using something
like Curl post them to the OWA login script.

I have had a look at the OWA login screen, and noticed it posts to "/
exchweb/bin/auth/owaauth.dll". I will be buggered if I can get this to
work. I have little experience with Exchange - is there some security
within OWA to stop this 'proxy' login working from outside it's site/
area (webmail.domain.tld)?

Just to recap what I am trying to do: 1) User logs in to PHP based
application 2) Username/password stored in session 3) User triggers a
script that uses Curl to proxy login to OWA from stored credentials.

Its difficult to find where the issue is - it could be PHP, or could
be that OWA won't let me do it!
Hi,

Your problem is mainly finding out what Exchange expects.
I would approach this as follows:
1) Get the source of your 'normal' weblogin for owaauth.dll.
2) Change this a little, so it posts to YOUR testscript, not
owaauth.dll. (Change the action in the form)
3) your testscript now puts out all it knows about the posting, eg:
Everything in $_POST and $_GET and $_COOKIE, and $_SERVER.

Simply use:
echo "POST CONTAINS:<pre>";
print_r($_POST);
echo "</pre>";

etc for all abovementioned superglobals.

I do not remember excactly what it is you need, but I found out what to
use in this way some years ago.
Just test a little, and I expect you'll find the right posting/curl
solution.
Also, it is possible this only works in IE, and not in FF. I think IE
sends some authorisation information for the station it is running on.
Not 100% sure either, sorry. ;-)
So I advise you to test first on IE, and when you suceed, test it on FF
later.

Good luck.
Regards,
Erwin Moller
Jul 16 '08 #2

P: n/a
Your problem is mainly finding out what Exchange expects.
I would approach this as follows:
1) Get the source of your 'normal' weblogin for owaauth.dll.
2) Change this a little, so it posts to YOUR testscript, not
owaauth.dll. (Change the action in the form)
3) your testscript now puts out all it knows about the posting, eg:
Everything in $_POST and $_GET and $_COOKIE, and $_SERVER.

Simply use:
echo "POST CONTAINS:<pre>";
print_r($_POST);
echo "</pre>";

etc for all abovementioned superglobals.

I do not remember excactly what it is you need, but I found out what to
use in this way some years ago.
Just test a little, and I expect you'll find the right posting/curl
solution.
Also, it is possible this only works in IE, and not in FF. I think IE
sends some authorisation information for the station it is running on.
Not 100% sure either, sorry. ;-)
So I advise you to test first on IE, and when you suceed, test it on FF
later.
Thanks for your thoughts on this Erwin. I will have ago at what you
suggest and see what happens. I think a lot of this as you say will be
trial and error, it may not be the simplest thing to achieve.
Jul 16 '08 #3

P: n/a
Adam Waterfield posted:
: What we would like to do is just have the one common login for our
: web application. I can obviously get their username/password in
: login to the site, encrypt and store them in a session - then using
: something like Curl post them to the OWA login script.

You might consider using a "user group" for the common login, place
all the users into a "user group", provide the respective permissions
for that "user group" account to access the proper .dll's, and then
if you'd like an altogether COMMON area where group mail or reports
or such gets located, create that folder and assign the appropriate
permissions (user group) to that folder so that everyone can 'read'
the stuff located there. You can then use the group account on the
"common web" login folder to help with that.

--
Jim Carlock
Natural Cure For Pink-Eye (Conjunctivitis)
http://www.associatedcontent.com/art...nctivitis.html
Jul 17 '08 #4

P: n/a
On Tue, 15 Jul 2008 13:57:53 -0700 (PDT), ad*************@gmail.com wrote:
I am just wondering if anyone here can help with a problem that we
have here.

We have a PHP based website/application that has a user login that is
connected to our AD setup. This works fine. Obviously their usernames
and passwords are common to their exchange mailbox ones.

What we would like to do is just have the one common login for our web
application. I can obviously get their username/password in login to
the site, encrypt and store them in a session - then using something
like Curl post them to the OWA login script.

I have had a look at the OWA login screen, and noticed it posts to "/
exchweb/bin/auth/owaauth.dll". I will be buggered if I can get this to
work. I have little experience with Exchange - is there some security
within OWA to stop this 'proxy' login working from outside it's site/
area (webmail.domain.tld)?

Just to recap what I am trying to do: 1) User logs in to PHP based
application 2) Username/password stored in session 3) User triggers a
script that uses Curl to proxy login to OWA from stored credentials.

Its difficult to find where the issue is - it could be PHP, or could
be that OWA won't let me do it!
Wouldn't it be a lot easier just to plug into the LDAP functions of the
Exchange directory?

--
"... I've seen Sun monitors on fire off the side of the multimedia lab.
I've seen NTU lights glitter in the dark near the Mail Gate.
All these things will be lost in time, like the root partition last week.
Time to die...". -- Peter Gutmann in the scary.devil.monastery
Jul 21 '08 #5

This discussion thread is closed

Replies have been disabled for this discussion.