Friday, March 13. 2009
Outlook Web Access (Exchange) with PHP and cURL
I needed a way to authenticate users from our library from a server outside our network, and therefore also not connected to Active Directory. At first I was thinking LDAP would be the best way...then I did my research and learned enough about LDAP to realize just how much information it gives out - WAY too much for it to be very secure. Even if I used SSL, created an account specifically for this access, set that account to read only...all it would take would be one person to hack our server and grab that information and all our organization's data is out there. Although it's about as much of a chance as getting hit by lightning in the middle of the desert in a sand storm, I wouldn't want to be responsible.
The only server with any sort of external web presence that is also touching the internet is our Exchange server's web access portal. I thought, "Ah HA! I can use cURL, or streams, or fsockopen or something to fake a login to this page to verify authentication!" After searching a bit (I'm terrible every time I attempt to write something using cURL to authenticate), I came across a few things.
I only needed to authenticate our building, so thankfully we had our own subdomain (not sure of the proper terminology) in the AD... If your domain was example.com (DC=example,DC=com), just getting OUR office (assume "Office1") was as easy as defining office1.example.com (DC=office1,DC=example,DC=com) after the @ symbol in the user's username (typically unnecessary information with OWA, but adding it explicitly was important here). It (seemingly) worked perfectly.
If you plan on doing something similar, just make sure that you cache (and encrypt) username/password information locally, hitting the OWA page continuously would probably make your System (or Email) Administrators a little unhappy with you.
The only server with any sort of external web presence that is also touching the internet is our Exchange server's web access portal. I thought, "Ah HA! I can use cURL, or streams, or fsockopen or something to fake a login to this page to verify authentication!" After searching a bit (I'm terrible every time I attempt to write something using cURL to authenticate), I came across a few things.
- Exchange Server 2007 uses SOAP to provide a web service...AWESOME! We currently use 2003 though, but we will be upgrading later this year, so this may be helpful later on. [Link]
- I found this PHP script that I tested, which successfully contacted our OWA server and authenticated.
- I also found a PHP class on Google Code from Tyler Hall - it's not any particular project repository, just miscellaneous code he's hosting. It looks like it's slightly more feature rich, allowing info from address books and a user's inbox, for example.
I only needed to authenticate our building, so thankfully we had our own subdomain (not sure of the proper terminology) in the AD... If your domain was example.com (DC=example,DC=com), just getting OUR office (assume "Office1") was as easy as defining office1.example.com (DC=office1,DC=example,DC=com) after the @ symbol in the user's username (typically unnecessary information with OWA, but adding it explicitly was important here). It (seemingly) worked perfectly.
If you plan on doing something similar, just make sure that you cache (and encrypt) username/password information locally, hitting the OWA page continuously would probably make your System (or Email) Administrators a little unhappy with you.
Trackbacks
Trackback specific URI for this entry
No Trackbacks
Comments
Display comments as
(Linear | Threaded)
i have used the link to logon.
But is there a way cith curl to do a search and get XML info back.
For the calendar for example?
But is there a way cith curl to do a search and get XML info back.
For the calendar for example?
johan, unfortunately I'm not much of a whiz at cURL at all, which was why I had to find someone else's code to help me out with it. I believe the code from Tyler Hall (list item #3) has some comments in it to help with getting information from the calendar. I haven't tried any of it though. I unfortunately wouldn't know how to get it to work. As for getting XML data back, it's doubtful. There is no API, this is basically web-scraping the HTML to decipher what is available. Exchange 2007 supposedly has an API but I don't yet know if it's finalized, nor will I even have a chance to mess around with it until late 4th quarter this year when ours is scheduled to be installed. Since I'd imagine you're using Exchange 2003, I don't think you'll have access to any API or XML data return; at least not without a third party tool installed on the exchange server itself (of which I cannot recommend any particular product, I'm simply making an assumption that one might exist somewhere).
You can het XML from the server.
I have an perl script that does the job, but i can't het it to work unther PHP.
You run an dav search, but i am unable to make it work.
Any point will be great
I have an perl script that does the job, but i can't het it to work unther PHP.
You run an dav search, but i am unable to make it work.
Any point will be great
johan:
Unfortunately I'm not very familiar with Exchange. I do not have access to our server except via the Outlook Web Access page(s). I did not know about WebDAV. With our organization's security policies, I'd imagine our WebDAV is locked down, but I can't verify that at the moment. I did find, thanks to Google, some further code - but I don't think it can be run via PHP (unless PHP is installed on a Windows' server, but at that point, I'd have to ask why even use PHP?).
http://www.msexchange.org/articles/Access-Exchange-2000-2003-Mailbox-WebDAV.html
Hopefully that will help you. I'm sorry I can't really help any further.
Unfortunately I'm not very familiar with Exchange. I do not have access to our server except via the Outlook Web Access page(s). I did not know about WebDAV. With our organization's security policies, I'd imagine our WebDAV is locked down, but I can't verify that at the moment. I did find, thanks to Google, some further code - but I don't think it can be run via PHP (unless PHP is installed on a Windows' server, but at that point, I'd have to ask why even use PHP?).
http://www.msexchange.org/articles/Access-Exchange-2000-2003-Mailbox-WebDAV.html
Hopefully that will help you. I'm sorry I can't really help any further.