How do I do this ASP WebDAV FBA Authentication example in PHP?

Question

Hi, I need to have PHP authenticate to an exchange server. Once able to succesfully connect to it, I'll need to write webdav requests in the PHP so I can extract data from the exchange server and use it in a web application.

It would be somewhat simple except that the 2003 Exchange server has Forms Based Authentication (FBA) turned on. With FBA turned on I believe I'm suppose to do what the below (see link) blog article says. My problem is that I need help converting his instructions for ASP into PHP.

http://blogs.msdn.com/webdav_101/archive/2008/12/12/webdav-fba-authentication-sample-explained.aspx

Does anybody understand the details of what he's describing on this article? Any insight would help.

More specific info if needed: I'm confused as to how to configure the POST request (I mean, when you normally POST data to a form, don't you usually load the page your posting to? In his instructions he says to POST it to /exchweb/bin/auth/owaauth.dll . How does this work?)

I'm also confused as to how to do the 3rd step listed: 3) WebReq.KeepAlive and AllowAutoRedirect should be set to True on the request.

On top of that, I could really use some help detailing how to take the post data and put it in a cookie in PHP.

Thanks in advance for any help provided!

Answer 1

I believe the best way to do this is via curl. (http://ca.php.net/curl)

On the page linked, the first example is a good class to use (I've used it to auto-login into other websites)

It should have KeepAlive (header) and Redirect on by default (curl_setopt($process, CURLOPT_FOLLOWLOCATION, 1); )

You'll need to ensure the webservice can create/modify cookie.txt then try:

$cc = new cURL();
$cc->post('http://www.yourexchange.com','destination=https%3A%2F%2F' . $strServerName . '%2Fexchange%2F' . $strUserName . '%2F&username=' . $strDomain . '%5C' . $strUserName . '&password=' . $strPassword . '&SubmitCreds=Log+On&forcedownlevel=0&trusted=0');

The above is a quick translation from the info on the page you linked to, you may need to use urlencode() on your variables if there are special characters. Once the above successfully works you can use

$page=$cc->get('http://www.yourexchange.com/?whatever=youneed');

The $page will contain the string result from the get (it sends the cookie stored in the text file on this request) then you can use regular expression to get what you need.

This should get you very close to what you need.

Answer 2

Hi, Thank you so much for your help so far. I'm getting stuck on the cookie point though. I set up the first cURL example from (http://ca.php.net/curl). I've played around with other cURL examples and I think I understand it more or less. I keep getting the following error though: (part1)  – Chain (9 mins ago)

---

Warning: fopen(cookies.txt) [function.fopen]: failed to open stream: No such file or directory in /anesweb/sfghdevelopment/zcurl/curlclass.php on line 34 cURL Error The cookie file could not be opened. Make sure this directory has the correct permissions (part 2)  – Chain (7 mins ago)

---

I know how to start a cookie with php's "setcookie", but I'm confused when I look at the "cookie" function in the cURL class.

It's trying to open cookie.txt I believe. I created a cookie.txt with setcookie ahead of time. I'm not setting a path or time or anything, just a simple cookie named cookie.txt. I can't tell why I keep getting the Warning. I also created a file called cookie.txt in the same directory as the php files. That didn't work either.

When you say "ensure the webservice can create/modify cookie.txt", I could use more detail there. Am I suppose to create a file on the server called cookie.txt. Cookies live in clients browsers as far as I know. I'm confused as to why it's a .txt file. Is it in fact not a cookie at this point. fopen is suppose to open a file on a server right? Lastly, when you say webservice, I'm not sure what you mean. I have apache running on my own server: should I somehow change the settings or permissions on a directory to allow fopen to work with a theoretical file called cookie.txt in said directory?

Thanks again for the help! Sincerely, werkerbee (It would appear that I'm also confused about how to ask followup question here as well :)

Answer 3

Hmm, a friend just helped me realize that php on the server is acting like the client and that perhaps the server's own cookie.txt file is what I need to be referencing.

Is that how it's suppose to work.

Thanks again for any help provided! werkerbee

Answer 4

It looks like the text file is actually named "cookies.txt". You can create a blank text file with this name and upload it to the same directory. In your ftp client you should be able to set permissions, I believe 777 is the permission code you'll need. If you can't just enter the permission code try checking all boxes to give all permissions.

re: last post,

that is correct, where the script runs it is basically a client and the cookie file is a simple way of storing the cookie for easy re-use.

Answer 5

Chain,

Yes, this is referring to a file called cookies.txt (note: "cookies" with an "s") in the same folder as your code file curlclass.php.

cURL uses this to store and send cookies on subsequent requests. You are correct in your assumption that the web server running the PHP script is acting as the client; basically, it is logging into the Exchange server by simulating a POST to the login form, and then saving the cookie and sending it with each request, just as a browser would.

Create the file cookies.txt and set the permissions so that the user that is running your Apache instance can write to the file.