Ureader.com  
Microsoft software help and Community
   home   |   control panel login   |   archive   |  
 
Exchange
2000.active.directory
2000.admin
2000.announcements
2000.app.conversion
2000.applications
2000.clients
2000.clustering
2000.connectivity
2000.development
2000.documentation
2000.general
2000.information.store
2000.interop
2000.kms
2000.misc
2000.protocols
2000.realtime.collabo.
2000.setup
2000.transport
2000.win2000
admin
application.conversion
applications
clients
clustering
connectivity
design
development
misc
mobility
setup
tools
  
 
date: Sat, 08 Dec 2007 14:27:10 GMT,    group: microsoft.public.exchange.development        back       


An API for Password Validation?    
Hello, all.  I have what I think should be a simple requirement, but I 
don't know Exchange Server well enough to know where to start.  Any 
pointers to examples or resources would be welcomed.  TIA.

I want to use Exchange for a single login authority in my organization.  

We have several web applications hosted at various centers, so I need an 
over-the-internet option (HTTP or FTP or some similar protocol) to query 
Exchange.  

I would envision some way that I could present username and password pairs 
to the Exchange server and receive back an indication of thumbs-up or 
thumbs-down.  

I don't need more detailed profile information beyond just a password match 
right now, but if it is available in an API of some sort it might be useful 
one day.

Thanks,
Ray
date: Sat, 08 Dec 2007 14:27:10 GMT   author:   Ray Paseur

Re: An API for Password Validation?    
I would use the LDAP interface to perform the authentication.
Simple, standard, and easy to use.

Kelly



Ray Paseur wrote:
> Hello, all.  I have what I think should be a simple requirement, but I 
> don't know Exchange Server well enough to know where to start.  Any 
> pointers to examples or resources would be welcomed.  TIA.
> 
> I want to use Exchange for a single login authority in my organization.  
> 
> We have several web applications hosted at various centers, so I need an 
> over-the-internet option (HTTP or FTP or some similar protocol) to query 
> Exchange.  
> 
> I would envision some way that I could present username and password pairs 
> to the Exchange server and receive back an indication of thumbs-up or 
> thumbs-down.  
> 
> I don't need more detailed profile information beyond just a password match 
> right now, but if it is available in an API of some sort it might be useful 
> one day.
> 
> Thanks,
> Ray
date: Mon, 10 Dec 2007 08:15:10 -0600   author:   kelly goff

Re: An API for Password Validation?    
Ray Paseur  wrote in
news:2Rx6j.4556$hO7.3404@newsfe13.lga: 
> I don't need more detailed profile information beyond just a password
> match right now, but if it is available in an API of some sort it
> might be useful one day.

 This is not actually as easy as it might seem, because the protocols 
aren't documented, and while LogonUser() will check in the local network, 
it won't work over the internet. 

 Google for "ntlm authentication", that's the protocol that web browsers 
use to verify you when the standard 'enter username/password' dialog comes 
and it's your NT account that it wants -- you could probably rip the 
relevant bits out of Firefox, for instance.

 Another alternative would be to provide a webservice in-LAN which does 
the check with logonuser or suchlike, and send username/password to that 
service -- you just need to be careful about sending passwords over the 
wire unencrypted, of course.

 -- dan
date: Mon, 10 Dec 2007 07:58:34 -0800   author:   Dan Mitchell

Re: An API for Password Validation?    
Dan Mitchell  wrote in
news:Xns9A025B4FCAC5djmitchellayahoocom@207.46.248.16: 
>  This is not actually as easy as it might seem, because the protocols 
> aren't documented, and while LogonUser() will check in the local
> network, it won't work over the internet. 

 Whoops, ignore previous message -- as someone else pointed out, LDAP will 
let you authenticate username/password, as long as that's enabled on your 
server.

 -- dan
date: Mon, 10 Dec 2007 08:11:31 -0800   author:   Dan Mitchell

Re: An API for Password Validation?    
<snip> LDAP </snip>

The perfect solution, except that I'm using PHP and some of my web hosts 
don't have the LDAP extensions installed.  Is there a way to talk directly 
to LDAP with an HTTP[S] request?

Thanks to all,
Ray
date: Mon, 10 Dec 2007 16:55:10 GMT   author:   Ray Paseur

Re: An API for Password Validation?    
We have written a web service in PHP to perform the LDAP authentication 
  for just that reason.

Kelly

Ray Paseur wrote:
> <snip> LDAP </snip>
> 
> The perfect solution, except that I'm using PHP and some of my web hosts 
> don't have the LDAP extensions installed.  Is there a way to talk directly 
> to LDAP with an HTTP[S] request?
> 
> Thanks to all,
> Ray
date: Tue, 11 Dec 2007 07:50:39 -0600   author:   kelly goff

Re: An API for Password Validation?    
Ray Paseur  wrote in
news:Obe7j.8918$Fa7.1644@newsfe17.lga: 
> The perfect solution, except that I'm using PHP and some of my web
> hosts don't have the LDAP extensions installed.  Is there a way to
> talk directly to LDAP with an HTTP[S] request?

 As someone else said, no -- HTTP is not LDAP. If your LDAP server 
provides an HTTP interface, that would be convenient, but it's not 
guaranteed. There's a number of solutions:

 1. as mentioned, write a webservice to do the LDAP call and call that 
service from HTTP.

 2. possibly you could set up a password-protected section of a website, 
try and get a page from that site passing in username and password to 
check, and if you get 403 access denied back, the username/pw is wrong. 
You'd have to set that page up to only be available to people who can log 
in using [any valid network account], and I don't know how easy that would 
be to do, it'd depend on the server in question. IIS, probably not too 
bad; others, possibly much more awkward.

 -- dan
date: Wed, 12 Dec 2007 09:32:41 -0800   author:   Dan Mitchell

Re: An API for Password Validation?    
Thanks to all for your suggestions.  Best, ~Ray

Dan Mitchell  wrote in
news:Xns9A046B4524111djmitchellayahoocom@207.46.248.16: 

> Ray Paseur  wrote in
> news:Obe7j.8918$Fa7.1644@newsfe17.lga: 
>> The perfect solution, except that I'm using PHP and some of my web
>> hosts don't have the LDAP extensions installed.  Is there a way to
>> talk directly to LDAP with an HTTP[S] request?
> 
>  As someone else said, no -- HTTP is not LDAP. If your LDAP server 
> provides an HTTP interface, that would be convenient, but it's not 
> guaranteed. There's a number of solutions:
> 
>  1. as mentioned, write a webservice to do the LDAP call and call that
> service from HTTP.
> 
>  2. possibly you could set up a password-protected section of a
>  website, 
> try and get a page from that site passing in username and password to 
> check, and if you get 403 access denied back, the username/pw is
> wrong. You'd have to set that page up to only be available to people
> who can log in using [any valid network account], and I don't know how
> easy that would be to do, it'd depend on the server in question. IIS,
> probably not too bad; others, possibly much more awkward.
> 
>  -- dan
>
date: Thu, 13 Dec 2007 01:06:21 GMT   author:   Ray Paseur

Google
 
Web ureader.com


    COPYRIGHT 2007, YARDI TECHNOLOGY LIMITED, ALL RIGHT RESERVE  |   contact us