| Author |
Message |
Edbrown
Guest
|
 Posted:
Fri Sep 23, 2005 12:58 am Post subject:
Webdav authentication |
|
|
I am looking for 2 ways to pass user and password to authenticate a webdav
request. First using Windows Integrated Authentication and second to pass
an input user and password . Both ways need to be secure methods. Source
code samples would be nice as I am very unfamiliar with security and
authentication.
Thanks,
Ed
|
|
| Back to top |
|
 |
Edbrown
Guest
|
| Posted:
Fri Sep 23, 2005 12:58 am Post subject:
Re: Webdav authentication |
|
|
Hi Henning,
Thanks you have always been so helpful.... again I'm quite inexperience
when it comes to security . I will be sending the webdav requests using
java. I'm not sure if this is secure or not....... is there anyway I could
use single sign-on from a web client.....to our webserver....to exchange ?
Here is a snippet of code:
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.NTCredentials;
import org.apache.commons.httpclient.methods.GetMethod;
HttpClient oClient = new HttpClient();
NTCredentials oCredentials = new NTCredentials(sUserName,
sPassword, sIpAddress, sDomain);
oClient.getState().setCredentials(null, sServer, oCredentials);
String sOrganizerUrl = "http://" + sServer + "/exchange/" +
sOrganizer;
GetMethod oGetMethod = new GetMethod(sOrganizerUrl);
oGetMethod.setDoAuthentication( true );
try
{
iStatus = oClient.executeMethod(oGetMethod);
switch (iStatus)
{
case 401:
log.error("resolveMailServerInfo(() ERROR:
Authentication failed.");
return false;
case 404:
log.error("resolveMailServerInfo(() ERROR: Exchange user
path doesn't exist.");
return false;
default:
log.error("resolveMailServerInfo(() ERROR: Exchange
server error code: " + iStatus);
case 200: //OK
bSucceeded = true;
}
}
catch(IOException ioe)
{
log.error("resolveMailServerInfo(() EXCEPTION: ", ioe);
oGetMethod.releaseConnection();
r
"Henning Krause [MVP - Exchange]" wrote:
| Quote: | Hello,
you can accomplish that with a couple of different ways, depending on the
infrastructure and the programming language you are using:
- If you have a valid certificate for your Exchange server or if it is fine
to use a home-made certificate, you could send the password using basic
authentication and encrypt the traffic with SSL. If you are using Exchange
2003, you can also stick to Formbased authentication.
- If your request class supports it (for example .NET HttpWebRequest class)
you can use integrated authentication. IMHO the most secure.
- You can use NTLM for the authentication, specifiying explicit credentials.
Again, the HttpWebRequest class supports this...
Greetings,
Henning Krause
MVP - Exchange
http://www.infinitec.de
"Edbrown" <Edbrown@discussions.microsoft.com> wrote in message
news:67AB0233-199A-403B-802A-928109D5F8D3@microsoft.com...
I am looking for 2 ways to pass user and password to authenticate a
webdav
request. First using Windows Integrated Authentication and second to
pass
an input user and password . Both ways need to be secure methods.
Source
code samples would be nice as I am very unfamiliar with security and
authentication.
Thanks,
Ed
|
|
|
| Back to top |
|
|
Henning Krause [MVP - Exc
Guest
|
| Posted:
Fri Sep 23, 2005 12:58 am Post subject:
Re: Webdav authentication |
|
|
Hello,
you can accomplish that with a couple of different ways, depending on the
infrastructure and the programming language you are using:
- If you have a valid certificate for your Exchange server or if it is fine
to use a home-made certificate, you could send the password using basic
authentication and encrypt the traffic with SSL. If you are using Exchange
2003, you can also stick to Formbased authentication.
- If your request class supports it (for example .NET HttpWebRequest class)
you can use integrated authentication. IMHO the most secure.
- You can use NTLM for the authentication, specifiying explicit credentials.
Again, the HttpWebRequest class supports this...
Greetings,
Henning Krause
MVP - Exchange
http://www.infinitec.de
"Edbrown" <Edbrown@discussions.microsoft.com> wrote in message
news:67AB0233-199A-403B-802A-928109D5F8D3@microsoft.com...
| Quote: | I am looking for 2 ways to pass user and password to authenticate a
webdav
request. First using Windows Integrated Authentication and second to
pass
an input user and password . Both ways need to be secure methods.
Source
code samples would be nice as I am very unfamiliar with security and
authentication.
Thanks,
Ed
|
|
|
| Back to top |
|
|
Henning Krause [MVP - Exc
Guest
|
| Posted:
Fri Sep 23, 2005 8:58 am Post subject:
Re: Webdav authentication |
|
|
Hello,
I have not much experience with Java...
The .NET class has a CredentialCache class which has a DefaultCredential
member containing the credential for the currently logged on user. Perhaps
Java does have something similar.
You should probably search the internet for these java-specific question, or
browse the documentation of the HttpClient class for the SSL thing.
Greetings,
Henning Krause
MVP - Exchange
http://www.infinitec.de
"Edbrown" <Edbrown@discussions.microsoft.com> wrote in message
news:5A2D3F01-EAF4-4E90-A7FC-4BFCCD704C77@microsoft.com...
| Quote: | Hi Henning,
Thanks you have always been so helpful.... again I'm quite inexperience
when it comes to security . I will be sending the webdav requests using
java. I'm not sure if this is secure or not....... is there anyway I
could
use single sign-on from a web client.....to our webserver....to exchange
?
Here is a snippet of code:
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.NTCredentials;
import org.apache.commons.httpclient.methods.GetMethod;
HttpClient oClient = new HttpClient();
NTCredentials oCredentials = new NTCredentials(sUserName,
sPassword, sIpAddress, sDomain);
oClient.getState().setCredentials(null, sServer, oCredentials);
String sOrganizerUrl = "http://" + sServer + "/exchange/" +
sOrganizer;
GetMethod oGetMethod = new GetMethod(sOrganizerUrl);
oGetMethod.setDoAuthentication( true );
try
{
iStatus = oClient.executeMethod(oGetMethod);
switch (iStatus)
{
case 401:
log.error("resolveMailServerInfo(() ERROR:
Authentication failed.");
return false;
case 404:
log.error("resolveMailServerInfo(() ERROR: Exchange
user
path doesn't exist.");
return false;
default:
log.error("resolveMailServerInfo(() ERROR: Exchange
server error code: " + iStatus);
case 200: //OK
bSucceeded = true;
}
}
catch(IOException ioe)
{
log.error("resolveMailServerInfo(() EXCEPTION: ", ioe);
oGetMethod.releaseConnection();
r
"Henning Krause [MVP - Exchange]" wrote:
Hello,
you can accomplish that with a couple of different ways, depending on the
infrastructure and the programming language you are using:
- If you have a valid certificate for your Exchange server or if it is
fine
to use a home-made certificate, you could send the password using basic
authentication and encrypt the traffic with SSL. If you are using
Exchange
2003, you can also stick to Formbased authentication.
- If your request class supports it (for example .NET HttpWebRequest
class)
you can use integrated authentication. IMHO the most secure.
- You can use NTLM for the authentication, specifiying explicit
credentials.
Again, the HttpWebRequest class supports this...
Greetings,
Henning Krause
MVP - Exchange
http://www.infinitec.de
"Edbrown" <Edbrown@discussions.microsoft.com> wrote in message
news:67AB0233-199A-403B-802A-928109D5F8D3@microsoft.com...
I am looking for 2 ways to pass user and password to authenticate a
webdav
request. First using Windows Integrated Authentication and second to
pass
an input user and password . Both ways need to be secure methods.
Source
code samples would be nice as I am very unfamiliar with security and
authentication.
Thanks,
Ed
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in