I'm attempting to develop a chrome extension which will allow a user to use Outlook Web Anywhere more effectively. During development, I noticed that there doesn't appear to be any way to share login information between OWA (which uses form based authentication) and Exchange Web Services (which I'm using for the bulk of the extension), because EWS uses only simple authentication and OWA uses a cookie based form authentication.
Should I attempt to provide users a relatively insecure method of storing their username/password on the local disk (maybe encrypted with some kind of generated key) or provide them no real way to keep their session alive between browser sessions?
If anyone's at all familiar with development of either OWA or EWS, maybe they can provide some insight to the situation that I'm not aware of. I don't want to have to force users to have a certain login scheme on their exchange servers, so any server-side settings changes are out of the question. Is there another way to share the authentication information that I'm not aware of?