?
Solved

Adding Username and Password to URL for login purposes...

Posted on 2006-10-26
11
Medium Priority
?
4,899 Views
Last Modified: 2008-03-04
Hello,

Is it possible to send a URL (link) to a user that includes their username and password to allow them to log into the Exchange OWA system without having to manually enter their credentials?

Something like: https://exchange.mycompany.com/exchange/?user=john&password=public

0
Comment
Question by:iain_stephen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
11 Comments
 
LVL 24

Accepted Solution

by:
flyguybob earned 1050 total points
ID: 17814992
...my guess is that you have a politically powerful person (executive, salesperson, etc). asking this because entering a username and password is annoying them
Due to security, my understanding is nope.  This would also defeat the purpose of having security as the URL information goes over cleartext until the SSL session is established.
You can't do https://username:password@exchange.mycompany.com/exchange either, that I know of.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17815061
Wasn't the username:password functionality disabled in Internet Explorer a while ago?

Simon.
0
 
LVL 24

Expert Comment

by:flyguybob
ID: 17815235
...just trying to be careful with my wording as the member agreement for E-E is clear on hacks...It still works for certain URL types, such as FTP, but MS04-004 removed this "feature" from the http:// and https:// as it was determined to be a security risk.  To the best of my knowledge, there is no URL workaround available.

KB834489 is pretty clear on it (http://support.microsoft.com/kb/834489)
MS04-004 - http://www.microsoft.com/technet/security/bulletin/MS04-004.mspx
The associated KB for MS04-004 is KB832894, which has a link to the above.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 104

Expert Comment

by:Sembee
ID: 17815257
I thought so.
It was being used in phishing attacks to hide the real URL.

Simon.
0
 

Author Comment

by:iain_stephen
ID: 17815988
Hi Guys - well you hit the nail right on the head, actually...  I have a few board members who simply cannot be bothered with remembering their passwords - and as such they insist that it is a problem with the system...

My plan was to use Indigo Rose Autoplay Studio to construct a specific application that would launch OWA in a self-contained browser window (I have done this before for other tasks - such as kiosks) but have the URL contain their login credentials...  This would be invisible once the executable was published as there is no address bar in the browser window of the application...

Is there any other way to have OWA authenticate a user using scripting?

Iain
0
 

Author Comment

by:iain_stephen
ID: 17816074
Ok - I found this - I get an ActiveX warning when I run it but it will work I think...

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>AutoLogon</title>
</head>
<body onload="document.logonForm.submit();">
<FORM action="https://exchange.mycompany.com/exchweb/bin/auth/owaauth.dll" method="POST" name="logonForm">
     <INPUT type="hidden" name="destination" value="https://exchange.mycompany.com/exchange" />
     <INPUT type="hidden" id="username" name="username" value="john">
     <INPUT type="hidden" id="password" name="password" value="public">
</FORM>
</body>
</html>
0
 
LVL 24

Expert Comment

by:flyguybob
ID: 17820200
I would recommend against that, even if it is going to be a link on their desktop.  However, politics and convenience almost always trump security and common sense.
0
 

Author Comment

by:iain_stephen
ID: 17822087
I understand your concern - and appreciate your understanding.
0
 

Author Comment

by:iain_stephen
ID: 18027633
I am awarding the points because of the astute reply regarding the politics behind the question.
0
 
LVL 24

Expert Comment

by:flyguybob
ID: 18081255
I forgot to say Thanks.

Thanks for understanding and thanks for the points!
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question