|
September '10 | |||||
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
| 1 | 2 | 3 | 4 | |||
| 5 | 6 | 7 | 8 | 9 | 10 | 11 |
| 12 | 13 | 14 | 15 | 16 | 17 | 18 |
| 19 | 20 | 21 | 22 | 23 | 24 | 25 |
| 26 | 27 | 28 | 29 | 30 | ||
Friday, March 13. 2009
Outlook Web Access (Exchange) with PHP and cURL
I needed a way to authenticate users from our library from a server outside our network, and therefore also not connected to Active Directory. At first I was thinking LDAP would be the best way...then I did my research and learned enough about LDAP to realize just how much information it gives out - WAY too much for it to be very secure. Even if I used SSL, created an account specifically for this access, set that account to read only...all it would take would be one person to hack our server and grab that information and all our organization's data is out there. Although it's about as much of a chance as getting hit by lightning in the middle of the desert in a sand storm, I wouldn't want to be responsible.
The only server with any sort of external web presence that is also touching the internet is our Exchange server's web access portal. I thought, "Ah HA! I can use cURL, or streams, or fsockopen or something to fake a login to this page to verify authentication!" After searching a bit (I'm terrible every time I attempt to write something using cURL to authenticate), I came across a few things.
I only needed to authenticate our building, so thankfully we had our own subdomain (not sure of the proper terminology) in the AD... If your domain was example.com (DC=example,DC=com), just getting OUR office (assume "Office1") was as easy as defining office1.example.com (DC=office1,DC=example,DC=com) after the @ symbol in the user's username (typically unnecessary information with OWA, but adding it explicitly was important here). It (seemingly) worked perfectly.
If you plan on doing something similar, just make sure that you cache (and encrypt) username/password information locally, hitting the OWA page continuously would probably make your System (or Email) Administrators a little unhappy with you.
The only server with any sort of external web presence that is also touching the internet is our Exchange server's web access portal. I thought, "Ah HA! I can use cURL, or streams, or fsockopen or something to fake a login to this page to verify authentication!" After searching a bit (I'm terrible every time I attempt to write something using cURL to authenticate), I came across a few things.
- Exchange Server 2007 uses SOAP to provide a web service...AWESOME! We currently use 2003 though, but we will be upgrading later this year, so this may be helpful later on. [Link]
- I found this PHP script that I tested, which successfully contacted our OWA server and authenticated.
- I also found a PHP class on Google Code from Tyler Hall - it's not any particular project repository, just miscellaneous code he's hosting. It looks like it's slightly more feature rich, allowing info from address books and a user's inbox, for example.
I only needed to authenticate our building, so thankfully we had our own subdomain (not sure of the proper terminology) in the AD... If your domain was example.com (DC=example,DC=com), just getting OUR office (assume "Office1") was as easy as defining office1.example.com (DC=office1,DC=example,DC=com) after the @ symbol in the user's username (typically unnecessary information with OWA, but adding it explicitly was important here). It (seemingly) worked perfectly.
If you plan on doing something similar, just make sure that you cache (and encrypt) username/password information locally, hitting the OWA page continuously would probably make your System (or Email) Administrators a little unhappy with you.
Trackbacks
Trackback specific URI for this entry
No Trackbacks
Comments
Display comments as
(Linear | Threaded)
i have used the link to logon.
But is there a way cith curl to do a search and get XML info back.
For the calendar for example?
But is there a way cith curl to do a search and get XML info back.
For the calendar for example?
johan, unfortunately I'm not much of a whiz at cURL at all, which was why I had to find someone else's code to help me out with it. I believe the code from Tyler Hall (list item #3) has some comments in it to help with getting information from the calendar. I haven't tried any of it though. I unfortunately wouldn't know how to get it to work. As for getting XML data back, it's doubtful. There is no API, this is basically web-scraping the HTML to decipher what is available. Exchange 2007 supposedly has an API but I don't yet know if it's finalized, nor will I even have a chance to mess around with it until late 4th quarter this year when ours is scheduled to be installed. Since I'd imagine you're using Exchange 2003, I don't think you'll have access to any API or XML data return; at least not without a third party tool installed on the exchange server itself (of which I cannot recommend any particular product, I'm simply making an assumption that one might exist somewhere).
You can het XML from the server.
I have an perl script that does the job, but i can't het it to work unther PHP.
You run an dav search, but i am unable to make it work.
Any point will be great
I have an perl script that does the job, but i can't het it to work unther PHP.
You run an dav search, but i am unable to make it work.
Any point will be great
johan:
Unfortunately I'm not very familiar with Exchange. I do not have access to our server except via the Outlook Web Access page(s). I did not know about WebDAV. With our organization's security policies, I'd imagine our WebDAV is locked down, but I can't verify that at the moment. I did find, thanks to Google, some further code - but I don't think it can be run via PHP (unless PHP is installed on a Windows' server, but at that point, I'd have to ask why even use PHP?).
http://www.msexchange.org/articles/Access-Exchange-2000-2003-Mailbox-WebDAV.html
Hopefully that will help you. I'm sorry I can't really help any further.
Unfortunately I'm not very familiar with Exchange. I do not have access to our server except via the Outlook Web Access page(s). I did not know about WebDAV. With our organization's security policies, I'd imagine our WebDAV is locked down, but I can't verify that at the moment. I did find, thanks to Google, some further code - but I don't think it can be run via PHP (unless PHP is installed on a Windows' server, but at that point, I'd have to ask why even use PHP?).
http://www.msexchange.org/articles/Access-Exchange-2000-2003-Mailbox-WebDAV.html
Hopefully that will help you. I'm sorry I can't really help any further.
Dear All,
I am going to make an iPhone application for email, calendar displaying and after little bit of study I found the it will be done by the OWA but I didn't get any API. then I found the above topic which is done by the PHP. I am very much familiar with PHP and cURL. Now my questions are :::::
1) Is there any configuration required into the OWA server to get access by this kind of script?
2) To develop the iPhone application I am using objective C and this process will be little bit lengthy( see. iphone-> our server where is the cURL script is written-> OWA Server)... Is there any other alternative way to do this?
3) Where I get the all the links for getting Inbox, sent Items, Draft, Calendar etc?
4) How to get all the information in XML format?
Please help me....... or you can email me to
subha[*a]excoflare.com
*a = @
Thanks in advance
Subha
I am going to make an iPhone application for email, calendar displaying and after little bit of study I found the it will be done by the OWA but I didn't get any API. then I found the above topic which is done by the PHP. I am very much familiar with PHP and cURL. Now my questions are :::::
1) Is there any configuration required into the OWA server to get access by this kind of script?
2) To develop the iPhone application I am using objective C and this process will be little bit lengthy( see. iphone-> our server where is the cURL script is written-> OWA Server)... Is there any other alternative way to do this?
3) Where I get the all the links for getting Inbox, sent Items, Draft, Calendar etc?
4) How to get all the information in XML format?
Please help me....... or you can email me to
subha[*a]excoflare.com
*a = @
Thanks in advance
Subha
Hello Subha,
Unfortunately you would be better off using an Objective-C based approach if your entire application is being built in Objective-C to begin with. Contacting two separate servers to interact with one external exchange server increases chances for failure. With that in mind, hopefully the following link will be of some use to you:
http://mac.softpedia.com/get/Developer-Tools/OWAParser.shtml
Also, if you do plan on going the route of scraping HTML using cURL, do keep in mind that each version of Outlook Web Access works differently. You would have to update your code for each version of Exchange.
You may also want to research ActiveSync technology by Microsoft. If you're able to get licensing support for it, it should theoretically make your life easier.
Unfortunately you would be better off using an Objective-C based approach if your entire application is being built in Objective-C to begin with. Contacting two separate servers to interact with one external exchange server increases chances for failure. With that in mind, hopefully the following link will be of some use to you:
http://mac.softpedia.com/get/Developer-Tools/OWAParser.shtml
Also, if you do plan on going the route of scraping HTML using cURL, do keep in mind that each version of Outlook Web Access works differently. You would have to update your code for each version of Exchange.
You may also want to research ActiveSync technology by Microsoft. If you're able to get licensing support for it, it should theoretically make your life easier.