| Author |
Message |
Mathias Erlandsson
Guest
|
 Posted:
Tue Jan 18, 2005 2:39 pm Post subject:
Use owa cookie for authentication |
|
|
I'm developing a plugin for owa that the user needs to authenticate against.
There is no problem when I use NTLM in owa, but when I switch to Forms based
authenticaion, my problem begins.
How do I use the cookie owa creates to authenticate the user against my
applikation? Is this the right approach or should I design it another way?
Thanks
Mathias Erlandsson
|
|
| Back to top |
|
 |
Lee Derbyshire [MVP]
Guest
|
| Posted:
Tue Jan 18, 2005 3:10 pm Post subject:
Re: Use owa cookie for authentication |
|
|
"Mathias Erlandsson" <MathiasErlandsson@discussions.microsoft.com> wrote in
message news:C0B6A529-77E6-40B7-9370-1DFF0E3882FB@microsoft.com...
| Quote: | I'm developing a plugin for owa that the user needs to authenticate
against.
There is no problem when I use NTLM in owa, but when I switch to Forms
based
authenticaion, my problem begins.
How do I use the cookie owa creates to authenticate the user against my
applikation? Is this the right approach or should I design it another way?
Thanks
Mathias Erlandsson
|
WHen you use FBA, you should get an extra two response headers returned that
you would not normally get. They are called 'sessionid' and 'cadata'. You
need to get the values of these, and then set request headers named
'sessionid' and 'cadata' and assign the values to them when you make the
request.
Lee.
--
___________________________________
Outlook Web Access for PDA and WAP:
www.leederbyshire.com
___________________________________ |
|
| Back to top |
|
|
Mathias Erlandsson
Guest
|
| Posted:
Tue Jan 18, 2005 4:23 pm Post subject:
Re: Use owa cookie for authentication |
|
|
Thanks for the reply.
I have managed to get theese cookies, but I'm not sure on how to use them.
The plugin is a c# asp .net application that needs to authenticate the user
against Active Directory. Don't I have to decode the cadata cookie to get the
username and password so I can authenticate against the domain?
/Mathias
"Lee Derbyshire [MVP]" wrote:
| Quote: | "Mathias Erlandsson" <MathiasErlandsson@discussions.microsoft.com> wrote in
message news:C0B6A529-77E6-40B7-9370-1DFF0E3882FB@microsoft.com...
I'm developing a plugin for owa that the user needs to authenticate
against.
There is no problem when I use NTLM in owa, but when I switch to Forms
based
authenticaion, my problem begins.
How do I use the cookie owa creates to authenticate the user against my
applikation? Is this the right approach or should I design it another way?
Thanks
Mathias Erlandsson
WHen you use FBA, you should get an extra two response headers returned that
you would not normally get. They are called 'sessionid' and 'cadata'. You
need to get the values of these, and then set request headers named
'sessionid' and 'cadata' and assign the values to them when you make the
request.
Lee.
--
___________________________________
Outlook Web Access for PDA and WAP:
www.leederbyshire.com
___________________________________
|
|
|
| Back to top |
|
|
Lee Derbyshire [MVP]
Guest
|
| Posted:
Tue Jan 18, 2005 4:51 pm Post subject:
Re: Use owa cookie for authentication |
|
|
"Mathias Erlandsson" <MathiasErlandsson@discussions.microsoft.com> wrote in
message news:6E21BCB7-EA41-44A7-9146-2ED0E7309918@microsoft.com...
| Quote: | Thanks for the reply.
I have managed to get theese cookies, but I'm not sure on how to use them.
The plugin is a c# asp .net application that needs to authenticate the
user
against Active Directory. Don't I have to decode the cadata cookie to get
the
username and password so I can authenticate against the domain?
/Mathias
|
I don't know about C# (I only use VBScript), but I assume you have a
component that makes your requests for you. You should have supplied a
username and password in your first POST to owaauth.dll. The sessionid and
cadata that were returned now 'go with' that username and password for the
entire session, so you continue to assign the existing creds to the
component, and then add the sessionid and cadata request headers (no, you
don't have to do any decoding) to get subsequent requests into /Exchange .
Lee.
--
___________________________________
Outlook Web Access for PDA and WAP:
www.leederbyshire.com
___________________________________ |
|
| Back to top |
|
|
Mathias Erlandsson
Guest
|
| Posted:
Tue Jan 18, 2005 5:27 pm Post subject:
Re: Use owa cookie for authentication |
|
|
I'm not quite sure yet on how to do this.
I will try to explain how my program works.
The user loggs into owa as usual and gets his mailbox. What I have done is
to insert an iframe into the left side of owa(I modified vw_navbar.js to do
this) that calls my application. When the application runs in the iframe, it
doesn't have a valid authentication, so I have to get it from the cookies
that owa has created.
The application must connect to the user in Acitve Directory and read som
properties and then connect to the Exchangeserver and read som more
properties.
The problem is that I have to get my application authenticated so I get the
right permissions. How can I use a cookie to authenticate my application?
/Mathias
"Lee Derbyshire [MVP]" wrote:
| Quote: | "Mathias Erlandsson" <MathiasErlandsson@discussions.microsoft.com> wrote in
message news:6E21BCB7-EA41-44A7-9146-2ED0E7309918@microsoft.com...
Thanks for the reply.
I have managed to get theese cookies, but I'm not sure on how to use them.
The plugin is a c# asp .net application that needs to authenticate the
user
against Active Directory. Don't I have to decode the cadata cookie to get
the
username and password so I can authenticate against the domain?
/Mathias
I don't know about C# (I only use VBScript), but I assume you have a
component that makes your requests for you. You should have supplied a
username and password in your first POST to owaauth.dll. The sessionid and
cadata that were returned now 'go with' that username and password for the
entire session, so you continue to assign the existing creds to the
component, and then add the sessionid and cadata request headers (no, you
don't have to do any decoding) to get subsequent requests into /Exchange .
Lee.
--
___________________________________
Outlook Web Access for PDA and WAP:
www.leederbyshire.com
___________________________________
|
|
|
| Back to top |
|
|
Lee Derbyshire [MVP]
Guest
|
| Posted:
Tue Jan 18, 2005 5:42 pm Post subject:
Re: Use owa cookie for authentication |
|
|
"Mathias Erlandsson" <MathiasErlandsson@discussions.microsoft.com> wrote in
message news:96FCEF46-7FE8-4D92-8970-27598CC1C603@microsoft.com...
| Quote: | I'm not quite sure yet on how to do this.
I will try to explain how my program works.
The user loggs into owa as usual and gets his mailbox. What I have done is
to insert an iframe into the left side of owa(I modified vw_navbar.js to
do
this) that calls my application. When the application runs in the iframe,
it
doesn't have a valid authentication, so I have to get it from the cookies
that owa has created.
The application must connect to the user in Acitve Directory and read som
properties and then connect to the Exchangeserver and read som more
properties.
The problem is that I have to get my application authenticated so I get
the
right permissions. How can I use a cookie to authenticate my application?
|
When you made the first POST to "https://" & strServer &
"/exchweb/bin/auth/owaauth.dll" did you send some thing like this:
"destination=http%3A%2F%2F" & strServer & "%2Fexchange" & _
"&flags=0" & _
"&username=" & strUserName & _
"&password=" & strPassword & _
"&SubmitCreds=Log+On" & _
"&forcedownlevel=0" & _
"&trusted=0"
I don't think you will get a sessionid and cadata without supplying a valid
username and password. These are the username and password that you must
continue to use. |
|
| Back to top |
|
|
Mathias Erlandsson
Guest
|
| Posted:
Tue Jan 18, 2005 5:57 pm Post subject:
Re: Use owa cookie for authentication |
|
|
Yes, but the username and password are entered in owa:s logon-page. I have no
access to these values from my application since it is called after the user
has logged on. So I either need to decrypt the cookie to get the username and
password or use this cokkie somehow to authenticate the user in my
application.
I am not calling owaauth.dll from my application since I don't want the to
have to login twice.
/Mathias
"Lee Derbyshire [MVP]" wrote:
| Quote: | "Mathias Erlandsson" <MathiasErlandsson@discussions.microsoft.com> wrote in
message news:96FCEF46-7FE8-4D92-8970-27598CC1C603@microsoft.com...
I'm not quite sure yet on how to do this.
I will try to explain how my program works.
The user loggs into owa as usual and gets his mailbox. What I have done is
to insert an iframe into the left side of owa(I modified vw_navbar.js to
do
this) that calls my application. When the application runs in the iframe,
it
doesn't have a valid authentication, so I have to get it from the cookies
that owa has created.
The application must connect to the user in Acitve Directory and read som
properties and then connect to the Exchangeserver and read som more
properties.
The problem is that I have to get my application authenticated so I get
the
right permissions. How can I use a cookie to authenticate my application?
When you made the first POST to "https://" & strServer &
"/exchweb/bin/auth/owaauth.dll" did you send some thing like this:
"destination=http%3A%2F%2F" & strServer & "%2Fexchange" & _
"&flags=0" & _
"&username=" & strUserName & _
"&password=" & strPassword & _
"&SubmitCreds=Log+On" & _
"&forcedownlevel=0" & _
"&trusted=0"
I don't think you will get a sessionid and cadata without supplying a valid
username and password. These are the username and password that you must
continue to use.
|
|
|
| Back to top |
|
|
Lee Derbyshire [MVP]
Guest
|
| Posted:
Tue Jan 18, 2005 6:38 pm Post subject:
Re: Use owa cookie for authentication |
|
|
"Mathias Erlandsson" <MathiasErlandsson@discussions.microsoft.com> wrote in
message news:50082452-62EE-43BA-8469-91CB249DE5AE@microsoft.com...
| Quote: | Yes, but the username and password are entered in owa:s logon-page. I have
no
access to these values from my application since it is called after the
user
has logged on. So I either need to decrypt the cookie to get the username
and
password or use this cokkie somehow to authenticate the user in my
application.
I am not calling owaauth.dll from my application since I don't want the to
have to login twice.
|
I don't think the un and pw are returned in the cookies. Are the
ServerVariables AUTH_USER and AUTH_PASSWORD available to you? |
|
| Back to top |
|
|
Mathias Erlandsson
Guest
|
| Posted:
Tue Jan 18, 2005 7:05 pm Post subject:
Re: Use owa cookie for authentication |
|
|
Thanks for your patience!
No, they are empty.
What I need is a signle sign on solution with forms based owa as the portal,
If I could use the cookies owa generates.
It seems that it is a Base64 hash stored in the cadata cookie. Perhaps I can
use this to authenticate my application?
/Mathias
"Lee Derbyshire [MVP]" wrote:
| Quote: | "Mathias Erlandsson" <MathiasErlandsson@discussions.microsoft.com> wrote in
message news:50082452-62EE-43BA-8469-91CB249DE5AE@microsoft.com...
Yes, but the username and password are entered in owa:s logon-page. I have
no
access to these values from my application since it is called after the
user
has logged on. So I either need to decrypt the cookie to get the username
and
password or use this cokkie somehow to authenticate the user in my
application.
I am not calling owaauth.dll from my application since I don't want the to
have to login twice.
I don't think the un and pw are returned in the cookies. Are the
ServerVariables AUTH_USER and AUTH_PASSWORD available to you?
|
|
|
| Back to top |
|
|
Lee Derbyshire [MVP]
Guest
|
| Posted:
Tue Jan 18, 2005 7:31 pm Post subject:
Re: Use owa cookie for authentication |
|
|
"Mathias Erlandsson" <MathiasErlandsson@discussions.microsoft.com>
wrote in message
news:12BD9DEB-B475-4793-B3E0-87B9D68C2C53@microsoft.com...
| Quote: | Thanks for your patience!
No, they are empty.
What I need is a signle sign on solution with forms based owa as the
portal,
If I could use the cookies owa generates.
It seems that it is a Base64 hash stored in the cadata cookie.
Perhaps I can
use this to authenticate my application?
/Mathias
|
There are a few online Base64 decoders, like this:
http://www.opinionatedgeek.com/dotnet/tools/Base64Decode/
You could type your cadata in there to see if it contains credentials,
but I would be surprised if it did. It would be useful, though.
If it does contain credentials, then all you need is a Base64 decoding
algorithm. There are plenty of those out there, too. I probably have
one somewhere.
Lee.
--
_______________________________________
Outlook Web Access For PDA , OWA For WAP:
www.leederbyshire.com
email a@t leederbyshire d.0.t c.0.m
_______________________________________ |
|
| Back to top |
|
|
Mathias Erlandsson
Guest
|
| Posted:
Tue Jan 18, 2005 7:45 pm Post subject:
Re: Use owa cookie for authentication |
|
|
Thanks, but I have already tried that. I think the data stored in cadata is
an enrypted hash vakue.
The question is if one can use this value to perform an authentication in
another application?
/Mathias
"Lee Derbyshire [MVP]" wrote:
| Quote: | "Mathias Erlandsson" <MathiasErlandsson@discussions.microsoft.com
wrote in message
news:12BD9DEB-B475-4793-B3E0-87B9D68C2C53@microsoft.com...
Thanks for your patience!
No, they are empty.
What I need is a signle sign on solution with forms based owa as the
portal,
If I could use the cookies owa generates.
It seems that it is a Base64 hash stored in the cadata cookie.
Perhaps I can
use this to authenticate my application?
/Mathias
There are a few online Base64 decoders, like this:
http://www.opinionatedgeek.com/dotnet/tools/Base64Decode/
You could type your cadata in there to see if it contains credentials,
but I would be surprised if it did. It would be useful, though.
If it does contain credentials, then all you need is a Base64 decoding
algorithm. There are plenty of those out there, too. I probably have
one somewhere.
Lee.
--
_______________________________________
Outlook Web Access For PDA , OWA For WAP:
www.leederbyshire.com
email a@t leederbyshire d.0.t c.0.m
_______________________________________
|
|
|
| Back to top |
|
|
Lee Derbyshire [MVP]
Guest
|
| Posted:
Tue Jan 18, 2005 7:59 pm Post subject:
Re: Use owa cookie for authentication |
|
|
"Mathias Erlandsson" <MathiasErlandsson@discussions.microsoft.com>
wrote in message
news:22386A72-4D38-4ACA-8558-1A6234F9AC6A@microsoft.com...
| Quote: | Thanks, but I have already tried that. I think the data stored in
cadata is
an enrypted hash vakue.
The question is if one can use this value to perform an
authentication in
another application?
/Mathias
|
I don't know; that is beyond me, I'm afraid. The only person to
publicly document their experiences with FBA anywhere is Henning:
http://www.infinitec.de/exchange/howtos/webdavwithfba.aspx
This doc. might be of some use to you, but I expect you have already
found it.
Lee.
--
_______________________________________
Outlook Web Access For PDA , OWA For WAP:
www.leederbyshire.com
email a@t leederbyshire d.0.t c.0.m
_______________________________________ |
|
| Back to top |
|
|
Mathias Erlandsson
Guest
|
| Posted:
Tue Jan 18, 2005 8:37 pm Post subject:
Re: Use owa cookie for authentication |
|
|
Yes, I've already seen it.
But thanks for trying to help me. I will try to find a solution.
/Mathias
"Lee Derbyshire [MVP]" wrote:
| Quote: | "Mathias Erlandsson" <MathiasErlandsson@discussions.microsoft.com
wrote in message
news:22386A72-4D38-4ACA-8558-1A6234F9AC6A@microsoft.com...
Thanks, but I have already tried that. I think the data stored in
cadata is
an enrypted hash vakue.
The question is if one can use this value to perform an
authentication in
another application?
/Mathias
I don't know; that is beyond me, I'm afraid. The only person to
publicly document their experiences with FBA anywhere is Henning:
http://www.infinitec.de/exchange/howtos/webdavwithfba.aspx
This doc. might be of some use to you, but I expect you have already
found it.
Lee.
--
_______________________________________
Outlook Web Access For PDA , OWA For WAP:
www.leederbyshire.com
email a@t leederbyshire d.0.t c.0.m
_______________________________________
|
|
|
| Back to top |
|
|
Lee Derbyshire [MVP]
Guest
|
| Posted:
Tue Jan 18, 2005 9:14 pm Post subject:
Re: Use owa cookie for authentication |
|
|
"Mathias Erlandsson" <MathiasErlandsson@discussions.microsoft.com>
wrote in message
news:D60FD9B8-4ADD-44C1-9F8E-D5B44113D04E@microsoft.com...
| Quote: | Yes, I've already seen it.
But thanks for trying to help me. I will try to find a solution.
/Mathias
|
Okay. Sorry I couldn't solve it for you, and I'm sorry I spoiled your
thread, but I don't think you'll find the creds in the cookie.
Sending them back like that doesn't seem a very secure thing to do,
but I could be wrong.
Try posting again, and see if anyone else has a better answer. |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in