I'm trying to create a simple html form that will pass the ID and PW entered to a MS Exchange server - that uses the pop-up "secure" window rather than the webmail version.
I have the form to a point where to action is good - but its not passing the data. My guess is the label's are wrong?
Code:
<FORM action="http://webmail.domain.com/exchweb/bin/owauth.dll" method="POST" name="logonForm" autocomplete="off">
<INPUT type="text" id="username" name="username" style="width:100%" size="25" maxlength="256">
<br /><br />
<INPUT type="password" autocomplete="off" style="width:100%" id="password" name="password" size="25" maxlength="256" onfocus="g_fDoFocus=false;">
<br /><br />
<INPUT type="submit" value="<%=L_LoginButton_Text %>" id="SubmitCreds" name="SubmitCreds">
</FORM>
I'm not worried about the layout yet - just getting it working.
....I dont have control to change it from the pop-up to web-based.
(hope that makes sense.)
And ideas?that really isn't possible as OWA uses windows challenage and response to do it. Also it is authorized to check Active Directory to authenticate users.
Not unless you know how to use .net atleast. it is possible in .net with registering the Win32 call
LogonUser
but then that requires you to know about how to use .net authentication and authorization and also how to actually authenticate against an Active Directory using the API call.but, couldnt i just take the logon.asp that comes premade with the package and skin it? i wonder if their is an option checked to allow either logon via a webpage or that secure realm box?sure if you want your user name and passwords of uo be sent over the network in plain text.
You could skin it but good look on the time to do so...Im modifying logon.asp with new Form Based authentication.
I have put our domain name in logon.asp (to make UPN authentication). The users would put just their AD account name.
<script Language=javascript>
<!--
function logonForm_onsubmit()
{
var DName = "@mydomain.com";
if (logonForm.username.value.indexOf("\\") !=-1)
{
return false;
}
logonForm.username.value = logonForm.username.value + DName;
return true;
}
//-->
</script>
The problem is, since the email address is different from UPN. I dont want users to get confused, so looking to hide the UPN, AFTEr users enter their account name and hit 'logon' button.
Is there way a to hide or put font color=white so users can't see the 'mydomain.com' that I put in .asp?
Thanks,what is a UPN??? I know its a TV station but other than that I have never heard any reference to it.
You mean UNC???? its unique naming convention...... It means that the path is unique by encoding the name of the machine it is unique because 2 machines can not exist in the same domain "Namespacing".
how about appending the naming of the domain in the processing page to a local variable rather than user defined data as it will mostlikely be edited.
also you can use LDAP to authenticate against AD, why not attempt that method?
You are creating a nightmare of security concerns if you ask me....
Use NTLM's challenage and Response over SSL or Kerbose. NTLM alone is a once only ticket system, encrypted over SSL or Kerbose, would best suit security needs.Thank you afterburn for ur response.
UPN is a Universal Principal Name. In AD each user account has a UPN. A UPN takes the form <!-- e --><a href="mailto:[email protected]">[email protected]</a><!-- e --> (user is account name).
How do I append the domain name in the processing page to a local variable?if you have access to .net here is the easiest way to do what you are looking to do.
<!-- m --><a class="postlink" href="http://www.codeproject.com/csharp/arbauthentication.asp">http://www.codeproject.com/csharp/arbauthentication.asp</a><!-- m -->
otherwise on the processing page that is handing out the authentication
Dim strUserName
strUserName = Request.form("UserName") & "@myDomain.com"thnx afterburn.
Im not html scripting guy, but trying to tweak microsoft logon.asp page, which is using logonform.username.value
logonForm.username.value = logonForm.username.value + DName
DName is @mydomain.com
(I have copied and pasted that in above msg)
If I use Dim strUserName, it would be:
logonForm.username.value = logonForm.username.value + strUserName (what difference it wud make between strUserName and DName?
When we hit 'logon' button, its appending @mydomain.com and displaying on page. Can I not just add <font color="white"> somewhere in the code after hitting 'logon' button?i don't think its that easy. you are attempting to pass in variables to handle the FQDN for the LDAP server.
I am not sure i can help you. but you can download the microsoft exchange SDK's
I have the form to a point where to action is good - but its not passing the data. My guess is the label's are wrong?
Code:
<FORM action="http://webmail.domain.com/exchweb/bin/owauth.dll" method="POST" name="logonForm" autocomplete="off">
<INPUT type="text" id="username" name="username" style="width:100%" size="25" maxlength="256">
<br /><br />
<INPUT type="password" autocomplete="off" style="width:100%" id="password" name="password" size="25" maxlength="256" onfocus="g_fDoFocus=false;">
<br /><br />
<INPUT type="submit" value="<%=L_LoginButton_Text %>" id="SubmitCreds" name="SubmitCreds">
</FORM>
I'm not worried about the layout yet - just getting it working.
....I dont have control to change it from the pop-up to web-based.
(hope that makes sense.)
And ideas?that really isn't possible as OWA uses windows challenage and response to do it. Also it is authorized to check Active Directory to authenticate users.
Not unless you know how to use .net atleast. it is possible in .net with registering the Win32 call
LogonUser
but then that requires you to know about how to use .net authentication and authorization and also how to actually authenticate against an Active Directory using the API call.but, couldnt i just take the logon.asp that comes premade with the package and skin it? i wonder if their is an option checked to allow either logon via a webpage or that secure realm box?sure if you want your user name and passwords of uo be sent over the network in plain text.
You could skin it but good look on the time to do so...Im modifying logon.asp with new Form Based authentication.
I have put our domain name in logon.asp (to make UPN authentication). The users would put just their AD account name.
<script Language=javascript>
<!--
function logonForm_onsubmit()
{
var DName = "@mydomain.com";
if (logonForm.username.value.indexOf("\\") !=-1)
{
return false;
}
logonForm.username.value = logonForm.username.value + DName;
return true;
}
//-->
</script>
The problem is, since the email address is different from UPN. I dont want users to get confused, so looking to hide the UPN, AFTEr users enter their account name and hit 'logon' button.
Is there way a to hide or put font color=white so users can't see the 'mydomain.com' that I put in .asp?
Thanks,what is a UPN??? I know its a TV station but other than that I have never heard any reference to it.
You mean UNC???? its unique naming convention...... It means that the path is unique by encoding the name of the machine it is unique because 2 machines can not exist in the same domain "Namespacing".
how about appending the naming of the domain in the processing page to a local variable rather than user defined data as it will mostlikely be edited.
also you can use LDAP to authenticate against AD, why not attempt that method?
You are creating a nightmare of security concerns if you ask me....
Use NTLM's challenage and Response over SSL or Kerbose. NTLM alone is a once only ticket system, encrypted over SSL or Kerbose, would best suit security needs.Thank you afterburn for ur response.
UPN is a Universal Principal Name. In AD each user account has a UPN. A UPN takes the form <!-- e --><a href="mailto:[email protected]">[email protected]</a><!-- e --> (user is account name).
How do I append the domain name in the processing page to a local variable?if you have access to .net here is the easiest way to do what you are looking to do.
<!-- m --><a class="postlink" href="http://www.codeproject.com/csharp/arbauthentication.asp">http://www.codeproject.com/csharp/arbauthentication.asp</a><!-- m -->
otherwise on the processing page that is handing out the authentication
Dim strUserName
strUserName = Request.form("UserName") & "@myDomain.com"thnx afterburn.
Im not html scripting guy, but trying to tweak microsoft logon.asp page, which is using logonform.username.value
logonForm.username.value = logonForm.username.value + DName
DName is @mydomain.com
(I have copied and pasted that in above msg)
If I use Dim strUserName, it would be:
logonForm.username.value = logonForm.username.value + strUserName (what difference it wud make between strUserName and DName?
When we hit 'logon' button, its appending @mydomain.com and displaying on page. Can I not just add <font color="white"> somewhere in the code after hitting 'logon' button?i don't think its that easy. you are attempting to pass in variables to handle the FQDN for the LDAP server.
I am not sure i can help you. but you can download the microsoft exchange SDK's