Outlook Web Access (Exchange) with PHP and cURL
Friday, March 13. 2009
I needed a way to authenticate users from our library from a server outside our network, and therefore also not connected to Active Directory. At first I was thinking LDAP would be the best way...then I did my research and learned enough about LDAP to realize just how much information it gives out - WAY too much for it to be very secure. Even if I used SSL, created an account specifically for this access, set that account to read only...all it would take would be one person to hack our server and grab that information and all our organization's data is out there. Although it's about as much of a chance as getting hit by lightning in the middle of the desert in a sand storm, I wouldn't want to be responsible.
The only server with any sort of external web presence that is also touching the internet is our Exchange server's web access portal. I thought, "Ah HA! I can use cURL, or streams, or fsockopen or something to fake a login to this page to verify authentication!" After searching a bit (I'm terrible every time I attempt to write something using cURL to authenticate), I came across a few things.
I only needed to authenticate our building, so thankfully we had our own subdomain (not sure of the proper terminology) in the AD... If your domain was example.com (DC=example,DC=com), just getting OUR office (assume "Office1") was as easy as defining office1.example.com (DC=office1,DC=example,DC=com) after the @ symbol in the user's username (typically unnecessary information with OWA, but adding it explicitly was important here). It (seemingly) worked perfectly.
If you plan on doing something similar, just make sure that you cache (and encrypt) username/password information locally, hitting the OWA page continuously would probably make your System (or Email) Administrators a little unhappy with you.
The only server with any sort of external web presence that is also touching the internet is our Exchange server's web access portal. I thought, "Ah HA! I can use cURL, or streams, or fsockopen or something to fake a login to this page to verify authentication!" After searching a bit (I'm terrible every time I attempt to write something using cURL to authenticate), I came across a few things.
- Exchange Server 2007 uses SOAP to provide a web service...AWESOME! We currently use 2003 though, but we will be upgrading later this year, so this may be helpful later on. [Link]
- I found this PHP script that I tested, which successfully contacted our OWA server and authenticated.
- I also found a PHP class on Google Code from Tyler Hall - it's not any particular project repository, just miscellaneous code he's hosting. It looks like it's slightly more feature rich, allowing info from address books and a user's inbox, for example.
I only needed to authenticate our building, so thankfully we had our own subdomain (not sure of the proper terminology) in the AD... If your domain was example.com (DC=example,DC=com), just getting OUR office (assume "Office1") was as easy as defining office1.example.com (DC=office1,DC=example,DC=com) after the @ symbol in the user's username (typically unnecessary information with OWA, but adding it explicitly was important here). It (seemingly) worked perfectly.
If you plan on doing something similar, just make sure that you cache (and encrypt) username/password information locally, hitting the OWA page continuously would probably make your System (or Email) Administrators a little unhappy with you.
Trackbacks
Trackback specific URI for this entry
No Trackbacks
Comments
But is there a way cith curl to do a search and get XML info back.
For the calendar for example?
I have an perl script that does the job, but i can't het it to work unther PHP.
You run an dav search, but i am unable to make it work.
Any point will be great
Unfortunately I'm not very familiar with Exchange. I do not have access to our server except via the Outlook Web Access page(s). I did not know about WebDAV. With our organization's security policies, I'd imagine our WebDAV is locked down, but I can't verify that at the moment. I did find, thanks to Google, some further code - but I don't think it can be run via PHP (unless PHP is installed on a Windows' server, but at that point, I'd have to ask why even use PHP?).
http://www.msexchange.org/articles/Access-Exchange-2000-2003-Mailbox-WebDAV.html
Hopefully that will help you. I'm sorry I can't really help any further.
I am going to make an iPhone application for email, calendar displaying and after little bit of study I found the it will be done by the OWA but I didn't get any API. then I found the above topic which is done by the PHP. I am very much familiar with PHP and cURL. Now my questions are :::::
1) Is there any configuration required into the OWA server to get access by this kind of script?
2) To develop the iPhone application I am using objective C and this process will be little bit lengthy( see. iphone-> our server where is the cURL script is written-> OWA Server)... Is there any other alternative way to do this?
3) Where I get the all the links for getting Inbox, sent Items, Draft, Calendar etc?
4) How to get all the information in XML format?
Please help me....... or you can email me to
subha[*a]excoflare.com
*a = @
Thanks in advance
Subha
Unfortunately you would be better off using an Objective-C based approach if your entire application is being built in Objective-C to begin with. Contacting two separate servers to interact with one external exchange server increases chances for failure. With that in mind, hopefully the following link will be of some use to you:
http://mac.softpedia.com/get/Developer-Tools/OWAParser.shtml
Also, if you do plan on going the route of scraping HTML using cURL, do keep in mind that each version of Outlook Web Access works differently. You would have to update your code for each version of Exchange.
You may also want to research ActiveSync technology by Microsoft. If you're able to get licensing support for it, it should theoretically make your life easier.
Its really a good link that you have provide me. But I am not able to run this or use this. Could you please give me some idea where I will get the documentation of this.
Thanks
Subha
Unfortunately I'm not overly familiar with Microsoft documentation or protocols. Honestly, I got lucky in finding the script linked to in bullet point #2. Otherwise I wouldn't have been able to accomplish my own task.
I cannot offer much help on this matter any further. Sorry! I wish you luck!
"I found this PHP script that I tested, which successfully contacted our OWA server and authenticated."
This link is not working.
Could you post a link to the code please, I am trying to do something similar.
Thanks.
Please be aware that these scripts no longer work on OWA versions newer than 2003.