search

vikasdhar / exchangeit

Automatically exported from code.google.com/p/exchangeit
0 stars 0 forks source link

forms auth with ISA Server OWA publishing #10

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Use exchangeit against an OWA (2003) Server published through ISA Server
2. Try to get email (refresh)

What is the expected output? What do you see instead?

Expect email to be downloaded, but get the following error instead:
- Caught unhandled Runtime Exception: Error - got back status code 440

What version of the product are you using? On what operating system?
0.6.0, Andrond 1.0 TC4-RC30 (on T-Mobile G1)

Please provide any additional information below.
Default OWA publishing rule in ISA server presents a login form like the
following:

ISA Server Forms Auth with Exchange 2003
https://owa.myDomain.com/CookieAuth.dll?GetLogon?url=%2Fexchange%2F&reason=0

<FORM action="/CookieAuth.dll?Logon" method="POST" name="logonForm">
        <INPUT type="hidden" name="destination" value="Z2FexchangeZ2F">
        <INPUT type="hidden" name="flags" value="0">
        <INPUT type="text" id="username" name="username" style="width:100%"
size="25" maxlength="256">
        <INPUT type="password" autocomplete="off" style="width:100%"
id="password" name="password" size="25" maxlength="256">
        <INPUT type="submit" value="Log On" id="SubmitCreds"
name="SubmitCreds">
        <INPUT id="rdoPublic" checked type="radio" name="trusted" value="0"
onclick="flags.value &= 11">
        <INPUT id="rdoTrusted" name="trusted" type="radio" value="4"
onclick="flags.value |= 4">
</FORM>

I see this form and URL is very different than the forms code listed at:
http://code.google.com/p/exchangeit/source/diff?spec=svn17&r=17&format=side&path
=/trunk/src/com/byarger/exchangeit/WebDavBase.java

I'm guessing that code works against direct connection to Exchange Server
OWA without ISA server? It would be great to have an option to use ISA
server forms vs Straight Exchange server forms (or even auto-detect?).

Original issue reported on code.google.com by tom.hogarty@gmail.com on 18 Nov 2008 at 12:54

GoogleCodeExporter commented 9 years ago 
I'll see if I can come up with something based on your very detailed info 
there.  
Perhaps I can move the forms based stuff to do some kind of autodetect pulling 
the 
necessary values out of the form.

Original comment by byar...@gmail.com on 21 Nov 2008 at 8:40

GoogleCodeExporter commented 9 years ago 
Here's one that I hacked together, works enough to show the inbox. It will 
break the 
forms auth for non-ISA users though. Just a proof of concept for my testing.

Notice that the destination url uses Z2F in place of %2F. It's an ISA forms 
auth 
thing, weird. I hard-coded it for '/exchange', but probably should have a 
translation function to work with the provided url? 

I'm also experiencing the same problem as issue #9 (after clicking on email 
subject 
in inbox, message is blank white except for "To: " no recipient or contents are 
displayed for a message). Is this only an issue with forms auth people? Seems 
to 
occur for all messages in my inbox. See attached screenshot for example.

// file: WebDavBase.java
    private static int formsBasedAuth2003(HttpClient client, String url,
            String username, String password) throws 
ClientProtocolException,
            IOException {
        // get the base of the URL

        HttpPost fbaAuth = new HttpPost(
                getBaseUrl(url)
                        + "/CookieAuth.dll?Logon");
        List<NameValuePair> nvps = new ArrayList<NameValuePair>();
        // nvps.add(new BasicNameValuePair("destination", url));
        nvps.add(new BasicNameValuePair("destination", "Z2FexchangeZ2F"));
        nvps.add(new BasicNameValuePair("username", username));
        nvps.add(new BasicNameValuePair("password", password));
        // nvps.add(new BasicNameValuePair("flags", "11"));
        nvps.add(new BasicNameValuePair("flags", "0"));
        nvps.add(new BasicNameValuePair("SubmitCreds", "Log On"));
        nvps.add(new BasicNameValuePair("trusted", "0"));
        nvps.add(new BasicNameValuePair("forcedownlevel", "0"));

        fbaAuth.setEntity(new UrlEncodedFormEntity(nvps, HTTP.UTF_8));

        HttpResponse response = client.execute(fbaAuth);

        return response.getStatusLine().getStatusCode();
    }

This is a cool app you've got here, thanks for all the work you've put into it! 
I 
was very pleased when my little hack allowed me to see my inbox :). Wish 
Microsoft 
didn't have so many different authentication options :P.

Original comment by tom.hogarty@gmail.com on 21 Nov 2008 at 10:47

Attachments:

GoogleCodeExporter commented 9 years ago 
The davmail project just added ISA forms auth support, and has auto-detect of 
auth 
type and mailbox name. http://sourceforge.net/projects/davmail/

The license for davmail is GPL 2. I believe if we combine GPL and Apache 
licensed 
code, the result must be GPL licensed? Just wondering since exchangeit is 
currently 
Apache 2 licensed. Would be nice to use the davmail code since it provides some 
amazing functionality including the above and self-signed cert use, message 
delete, 
message send, global address list lookups, etc. Not sure how hard it would be 
to use 
with android, but hopefully straightforward.

Packages that I would like to use: davmail, davmail.http, davmail.exchange, ...?

Original comment by tom.hogarty@gmail.com on 11 Dec 2008 at 3:53

GoogleCodeExporter commented 9 years ago 
Hi Tom,

As I own the DavMail code, I can relicence the parts you are interested in, as 
long
as you keep a reference to the original author :-)

BTW, you may be able to implement Exchange 2007 support *without* form based
authentication: webdav services are under /exchange with basic http 
authentication,
/owa contains form protected web mail

Original comment by mgues...@gmail.com on 19 Feb 2009 at 11:26