Make sign in form for an email in a website , asp.net
i have an outlook web mail login page which have a username and a password fields, to allow you to enter to your inbox, which was supplied by my web site hosting company.
i need a way to put these fields in my main website (powered by asp.net mvc) and then redirect the user to his email inbox using the entered credentials?
how is this possible (in a secure way of course)?
i tried the following html code which was copied from the original site:
<html>
<body>
<form autocomplete="off" name="logonForm" method="POST" action="https://mail.moda.gov.sa/OWA/owaauth.dll">
<input type="hidden" value="https://mail.moda.gov.sa/OWA/" name="destination">
<input type="hidden" value="4" name="flags">
<input type="hidden" value="0" name="forcedownlevel">
<table cellspacing="0" cellpadding="0" align="center" id="tblMain">
<tbody><tr>
<td colspan="3">
<table cellspacing="0" cellpadding="0" class="tblLgn">
<tbody><tr>
<td class="lgnTL"><img alt="" src="/owa/8.2.247.2/themes/base/lgntopl.gif"></td>
<td class="lgnTM"></td>
<td class="lgnTR"><img alt="" src="/owa/8.2.247.2/themes/base/lgntopr.gif"></td>
</tr>
</tbody></table>
</td>
</tr>
<tr>
<td id="mdLft"> </td>
<td id="mdMid">
<table class="mid" id="tblMid">
<tbody><tr>
<td class="expl" id="expltxt">
</td>
</tr>
<tr><td><hr></td></tr>
<tr>
<td>
<table class="nonMSIE">
<colgroup><col>
<col class="w100">
</colgroup><tbody><tr id="trSec">
<td colspan="2">
Security
‎(
<a onclick="clkExp('lnkShwSec')" id="lnkShwSec" href="#">
show explanation
</a>
<a style="display:none" onclick="clkExp('lnkHdSec')" id="lnkHdSec" href="#">
hide explanation
</a>
)‎
</td>
</tr>
<tr>
<td><input type="radio" checked="" onclick="clkSec()" class="rdo" value="0" name="trusted" id="rdoPblc"></td>
<td><label for="rdoPblc">This is a public or shared computer</label></td>
</tr>
<tr style="display:none" class="expl" id="trPubExp">
<td></td>
<td>Select this option if you use Outlook Web Access on a public computer. Be sure to log off when you have finished using Outlook Web Access and 开发者_高级运维close all windows to end your session.</td>
</tr>
<tr>
<td><input type="radio" onclick="clkSec()" class="rdo" value="4" name="trusted" id="rdoPrvt"></td>
<td><label for="rdoPrvt">This is a private computer</label></td>
</tr>
<tr style="display:none" class="expl" id="trPrvtExp">
<td></td>
<td>Select this option if you are the only person who uses this computer. Your server will allow a longer period of inactivity before logging you off.</td>
</tr>
<tr style="" class="wrng" id="trPrvtWrn">
<td></td>
<td>Warning: By selecting this option, you confirm that this computer complies with your organization's security policy.</td>
</tr>
</tbody></table>
</td>
</tr>
<tr><td><hr></td></tr>
<tr>
<td>
<table class="nonMSIE">
<colgroup><col>
<col class="w100">
</colgroup><tbody><tr>
<td><input type="checkbox" checked="" disabled="" onclick="clkBsc();" class="rdo" id="chkBsc"></td>
<td nowrap=""><label for="chkBsc">Use Outlook Web Access Light</label></td>
</tr>
<tr class="disBsc" id="trBscExp">
<td></td>
<td>The Light client provides fewer features and is sometimes faster. Use the Light client if you are on a slow connection or using a computer with unusually strict browser security settings. If you are using a browser other than Internet Explorer 6 or later, you can only use the Light client.</td>
</tr>
</tbody></table>
</td>
</tr>
<tr><td><hr></td></tr>
<tr>
<td>
<table class="nonMSIE">
<colgroup><col class="nowrap">
<col class="w100">
<col>
</colgroup><tbody><tr>
<td nowrap=""><label for="username">User name:</label></td>
<td class="txtpad"><input type="text" class="txt" name="username" id="username"></td>
</tr>
<tr>
<td nowrap=""><label for="password">Password:</label></td>
<td class="txtpad"><input type="password" onfocus="g_fFcs=0" class="txt" name="password" id="password"></td>
</tr>
<tr>
<td align="right" class="txtpad" colspan="2">
<input type="submit" onclick="clkLgn()" value="Log On" class="btn">
<input type="hidden" value="1" name="isUtf8">
</td>
</tr>
</tbody></table>
</td>
</tr>
<tr><td><hr></td></tr>
<tr class="wrng" id="trInvCrd">
<td>The user name or password that you entered is not valid. Try entering it again.</td>
</tr>
</tbody></table>
<table style="display:none" class="mid" id="tblMid2">
<tbody><tr><td><hr></td></tr>
<tr>
<td><br>Please enable cookies for this web site.<br><br>Cookies are currently disabled by your browser. Outlook Web Access requires that cookies be enabled. <br><br>If you are using Microsoft Internet Explorer 6 or later, open Internet Options from the Tools menu. Click the Privacy tab, and then click Sites. Type the address for Outlook Web Access into the field, click Allow, and then click OK to save your changes.<br><br><br></td>
</tr>
<tr><td><hr></td></tr>
<tr>
<td align="right" class="txtpad">
<input type="button" onclick="clkRtry()" value="Retry" style="float: right" class="btn">
</td>
</tr>
</tbody></table>
<table class="mid tblConn">
<tbody><tr>
<td align="right" class="tdConnImg" rowspan="2"><img alt="" src="/owa/8.2.247.2/themes/base/lgnexlogo.gif" style="vertical-align:top"></td>
<td class="tdConn">Connected to Microsoft Exchange</td>
</tr>
<tr>
<td class="tdCopy">© 2007 Microsoft Corporation. All rights reserved. </td>
</tr>
</tbody></table>
</td>
<td id="mdRt"> </td>
</tr>
<tr>
<td colspan="3">
<table cellspacing="0" cellpadding="0" class="tblLgn">
<tbody><tr>
<td class="lgnBL"><img alt="" src="/owa/8.2.247.2/themes/base/lgnbotl.gif"></td>
<td class="lgnBM"></td>
<td class="lgnBR"><img alt="" src="/owa/8.2.247.2/themes/base/lgnbotr.gif"></td>
</tr>
</tbody></table>
</td>
</tr>
</tbody></table>
</form>
</body>
</html>
Does this work?
<form action="https://mail.moda.gov.sa/OWA/auth/owaauth.dll" method="POST" name="logonForm" autocomplete="off">
<input name="destination" value="https://mail.moda.gov.sa/OWA/" type="hidden">
<input name="flags" value="0" type="hidden">
<input name="forcedownlevel" value="0" type="hidden">
<input id="rdoPblc" name="trusted" value="0" class="rdo" checked="checked" type="radio">
<label for="rdoPblc">This is a public or shared computer</label><br />
<input id="rdoPrvt" name="trusted" value="4" class="rdo" type="radio">
<label for="rdoPrvt">This is a private computer</label><br /><br />
<input id="chkBsc" class="rdo" checked="checked" type="checkbox"></td>
<label for="chkBsc">Use Outlook Web Access Light</label><br /><br />
<label for="username">User name:</label>
<input id="username" name="username" class="txt" type="text"><br />
<label for="password">Password:</label>
<input id="password" name="password" class="txt" type="password"><br />
<input class="btn" value="Log On" type="submit">
<input name="isUtf8" value="1" type="hidden">
</form>
As long as your website is trustworthy, it should be secure.
You could try to reverse-engineer the html-form that is used to login to your inbox. If you create the exact same form on your website, it might work. However, it isn't guaranteed to work, the website might check the referer or use some other checksum to see where the HTTP POST was originated from.
[edit after more information was given] Two remarks:
1) maybe this post can help you: Sending an OWA logon form from Java
2) try using Fiddler and compare the two requests (the official one and yours). See if there are any arguments missing. Did you copy all javascript etc..
A simple way might be to have an iFrame on your site that links to the inbox login page, but then I guess you've already considered this.
I'm guessing here, but perhaps you have a site, which users log on to. However, you host their e-mail on another site, but you don't want them to have to login twice to access their e-mail.
Michiel makes a very good point in saying that the website might check to see where the HTTP Post comes from. If they do check then you'll have to speak to them. Maybe they can add you to an approved URL list.
加载中,请稍侯......
精彩评论