?
Solved

User/ Calendar and Password strings or switch parameters to open a OWA calendar as alternate user.

Posted on 2012-09-11
9
Medium Priority
?
457 Views
Last Modified: 2012-09-18
Experts,
I want to post a Shared Calendar that has been published to a intranet site using something like  https://exchange.company.com/owa/User@company.com/?cmd=contents&module=calendar

 I have two issues, One is I want to pass a user who only has reviewer rights in the domain. Second, I need to pass the password via the same parameter. We have Outlook 2010. Exchange 2010 , Web Publishing Enabled and Configured. This is a work around to get rid of the subscribe button that creates havoc.

Thanks
0
Comment
Question by:pohlcats
  • 7
  • 2
9 Comments
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 38391124
When you say 'pass a user' do you mean supply a different username in the User@company.com part of the URL in your original post?  Or do you mean that you want to access always the same calendar, but somehow impersonate different users by putting usernames and passwords somewhere in the querystring part of the URL?
0
 

Author Comment

by:pohlcats
ID: 38391919
Open the Calendar but impersonate a different user who only has reviewer rights. The idea is to make the calendar available as a Intranet Link. The account and password would be a guest account with nothing but reviewer rights to that calendar only .
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 38392071
Okay, I should be able to come up with something tomorrow.  I live in the UK, so I'm at home now, and don't have the time available.  I have to keep my three year old son entertained.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 38394531
Here we are.  Another day.  Anyway, there's no built-in way to do what you want.  It will require some modification to the logon.aspx page.  Since you say you are only going to be doing this with a single account, I'd suggest not putting them in the URL, but having them hard-coded in the page, invoked by a special parameter in the querystring, like this:

https://exchange.company.com/owa/User@company.com/?cmd=contents&module=calendar&review=Y

We can (hopefully) get the logon.aspx page to spot up the &review=Y part, and then prepopulate the credential fields, and submit the form.  The problem with having the actual username and password in the URL is that you will see them in the browser's address bar all the time the session is active, and that seems a bit insecure to me.

Is this something you want to try?
0
 

Author Comment

by:pohlcats
ID: 38395678
I am not to worried about the user name or account password since I want to pass a user with only enough permissions to review the calendar. ( not the actual owner of the mailbox).

I certainly want to try this since I can not find a way to get the subscribe removed from a published web page (which is why I am trying this method). Most users do have outlook accounts and can open the calendar directly but some of our users are external customers who have access to our intranet web site which is where we publish some of our training/ conferences etc.  

If you have time!..
Thank you!..
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 38395816
Okay, I'll come up with something and get back to you.
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 38398535
Here's something to try.  Open your logon.aspx file in notepad (make a backup copy first), and insert the code below just before the </body> tag near the bottom.  Then, you should be able to add

&un=whatever&pw=whatever

to your URL, and have it log in automatically (not just for the shared calendar, btw).


<script language="javascript">
var sHref = unescape(window.location.href);
var sUHref = sHref.toUpperCase()
var sUn, sPw, sReason;
if(sUHref.indexOf("UN=") != -1)
{
  objRegEx = new RegExp("[\\?&]un=([^&]*)");
  sUn = objRegEx.exec(sHref);
  if(sUn != null)
  {
    sUn = sUn[1];
    document.all.username.value = sUn;
  }
}
if(sUHref.indexOf("PW=") != -1)
{
  objRegEx = new RegExp("[\\?&]pw=([^&]*)");
  sPw = objRegEx.exec(sHref);
  if(sPw != null)
  {
    sPw = sPw[1];
    document.all.password.value = sPw;
  }
}
if(sUHref.indexOf("REASON=") != -1)
{
  objRegEx = new RegExp("[\\?&]reason=([^&]*)");
  sReason = objRegEx.exec(sHref);
  if(sUser != null)
    sReason = sReason[1];
}
if(sUn != null && sPw != null && sReason == null)
  document.all.logonForm.submit();
</script>
0
 
LVL 31

Accepted Solution

by:
LeeDerbyshire earned 2000 total points
ID: 38398995
Okay, I have some better code that will use a redirect to hide the username and password from the address bar:

<script language="javascript">

var sUn, sPw;
sUn = getCookie("sUn");
sPw = getCookie("sPw");
if(sUn == null)
{
  var sHref = unescape(window.location.href);
  var sUHref = sHref.toUpperCase()
  if(sUHref.indexOf("UN=") != -1)
  {
    objRegEx = new RegExp("[\\?&]un=([^&]*)");
    sUn = objRegEx.exec(sHref);
    if(sUn != null)
    {
      sUn = sUn[1];
      document.cookie = "sUn=" + sUn;
    }
    if(sUHref.indexOf("PW=") != -1)
    {
      objRegEx = new RegExp("[\\?&]pw=([^&]*)");
      sPw = objRegEx.exec(sHref);
      if(sPw != null)
      {
        sPw = sPw[1];
        document.cookie = "sPw=" + sPw;
      }
    }
    window.location.reload();
  }
}
else
{
  document.cookie = "sUn=";
  document.cookie = "sPw=";
  if(sUn != null)
  {
    document.all.username.value = sUn;
    if(sPw != null)
    {
      document.all.password.value = sPw;
      var sDest = document.all.destination.value;
      sDest = sDest.replace("&un=" + sUn, "");
      sDest = sDest.replace("&pw=" + sPw, "");
      document.all.destination.value = sDest;
      document.all.logonForm.submit();
    }
  }
}

function getCookie(sName)
{
  var sCookie = document.cookie;
  var nStart = sCookie.indexOf(" " + sName + "=");
  if(nStart == -1)
    nStart = sCookie.indexOf(sName + "=");
  if(nStart == -1)
    sCookie = null;
  else
  {
    nStart = sCookie.indexOf("=", nStart) + 1;
    var nEnd = sCookie.indexOf(";", nStart);
    if(nEnd == -1)
      nEnd = sCookie.length;
    sCookie = unescape(sCookie.substring(nStart, nEnd));
  }
  return sCookie;
}

</script>
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 38411754
I hope you only read this today.  I realised this morning that the first version of this last block of code would always redirect you to /owa, and lose the calendar parameters that you supplied.  So I had to edit the post earlier today.  If you don;t care about the credentials being visible, the block of code in the previous post will work.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
Mailbox Corruption is a nightmare every Exchange DBA wishes he never has. Recovering from it can be super-hectic if not entirely futile. And though techniques like the New-MailboxRepairRequest cmdlet have been designed to help with fixing minor corr…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…
Suggested Courses
Course of the Month14 days, 9 hours left to enroll

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question