Re: Pass login details to Exchange Sever 2003?

On Mon, 31 Dec 2007 17:04:28 +0100, adam.waterfield@xxxxxxxxx <adam.waterfield@xxxxxxxxx> wrote:

Maybe someone could help me a little here.

On a project I am working on, we have some LDAP authentication to
Active Directory which allows users to login to our application - this
is fine. When accessing this application from off campus, they
routinely get this login window confused with the one they login to
Exchange Sever with for their email.

I am wondering if it is possible to setup some kind of button/link
that is displayed after they have logged in (to the web application -
not Exchange) that will redirect them to their email inbox without
having to login again.

I could setup a form that posts to the Exchange login script, with
their username and passwords in hidden fields, but I don't see this as
being secure - perhaps if the password was encrypted (encrypted as
what, though?) I would feel more at ease with this. (Not tried this,
perhaps it would even work?)

Basically, as we know their AD login credentials, all I need to know
is it possible to pass them to the Exchange Server so they can bypass
the login process for Exchange. All I want to do is try and avoid them
logging in twice - once to their email and once to our application.

I hope you follow me, any help would be greatly appreciated.

Not having worked directly with Exchange consider the following:
1. You know their login/password.
2. You let the link 'to Exchange' point to a 'portal'-page on your own site/domain.
3. In that page you start a session with Exchange using perhaps the cURL library.
3. You pass all cookie/get values directly through to the user, take extra care to set it for the domain of the exchange server.
4. You redirect them to the page you were send to in your earlier request.

Not having worked with Exchange myself, you might want to examine wether it works with cookies for authentication (in which case, if you are on a different (sub)domain, your users would probably have to teach their browser to accept any cookies you sent for that other domain), or wether it works with a session-id in a GET value, in which case there would be no problem passing that back to the user.
--
Rik Wasmus
.

Quantcast