OWA: 'Posting a Login' From Outside Script?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I am just wondering if anyone here can help with a problem that we
have here.

We have a PHP based website/application that has a user login that is
connected to our AD setup. This works fine. Obviously their usernames
and passwords are common to their exchange mailbox ones.

What we would like to do is just have the one common login for our web
application. I can obviously get their username/password in login to
the site, encrypt and store them in a session - then using something
like Curl post them to the OWA login script.

I have had a look at the OWA login screen, and noticed it posts to "/
exchweb/bin/auth/owaauth.dll". I will be buggered if I can get this to
work. I have little experience with Exchange - is there some security
within OWA to stop this 'proxy' login working from outside it's site/
area (webmail.domain.tld)?

Just to recap what I am trying to do: 1) User logs in to PHP based
application 2) Username/password stored in session 3) User triggers a
script that uses Curl to proxy login to OWA from stored credentials.

Its difficult to find where the issue is - it could be PHP, or could
be that OWA won't let me do it!

Re: OWA: 'Posting a Login' From Outside Script?

adam.waterfield@gmail.com schreef:
Quoted text here. Click to load it


Your problem is mainly finding out what Exchange expects.
I would approach this as follows:
1) Get the source of your 'normal' weblogin for owaauth.dll.
2) Change this a little, so it posts to YOUR testscript, not
owaauth.dll. (Change the action in the form)
3) your testscript now puts out all it knows about the posting, eg:
Everything in $_POST and $_GET and $_COOKIE, and $_SERVER.

Simply use:
echo "POST CONTAINS:<pre>";
echo "</pre>";

etc for all abovementioned superglobals.

I do not remember excactly what it is you need, but I found out what to
use in this way some years ago.
Just test a little, and I expect you'll find the right posting/curl
Also, it is possible this only works in IE, and not in FF. I think IE
sends some authorisation information for the station it is running on.
Not 100% sure either, sorry. ;-)
So I advise you to test first on IE, and when you suceed, test it on FF

Good luck.
Erwin Moller

Re: OWA: 'Posting a Login' From Outside Script?

On Tue, 15 Jul 2008 13:57:53 -0700 (PDT), adam.waterfield@gmail.com wrote:
Quoted text here. Click to load it

Wouldn't it be a lot easier just to plug into the LDAP functions of the
Exchange directory?

"... I've seen Sun monitors on fire off the side of the multimedia lab.
 I've seen NTU lights glitter in the dark near the Mail Gate.
 All these things will be lost in time, like the root partition last week.
 Time to die...". -- Peter Gutmann in the scary.devil.monastery

Site Timeline