[thelist] send HTTP authentication from PHP page?
noah
noah at tookish.net
Wed Oct 6 15:18:47 CDT 2004
Theodore Serbinski wrote (06/10/2004 3:24 PM):
> When users are logged into our intranet, I want them to be able to goto
> our webmail address and be logged in automatically. Right now, when you
> click on our webmail link, MS Exchange asks for the username/password
> combo. I wanted to make this connection seamless in PHP which would
> already take their logged in username/password and send this to MS
> Exchange so they could see their mail without logging in again.
>
> Looks like this won't work though, unless of course I'm implementing it
> wrong. Thanks!
It's frustrating that Microsoft, rather than fixing the security problem
that made this sort of URL potentially dangerous, just disabled it
altogether. It's something that I've run into a number of times.
For example, if you have a password protected area of your site accessed
via session-based authentication, there is no way of transparently
linking to password-protected PDFs. You either have to put the PDFs in
an unprotected directory, or you have to make the user re-enter his or
her username and password. The latter appraoch is even more of a hassle
when you consider that if you're dynamically adding and managing users
you have to manage their username/password info in the authentication
file as well as in the database.
Cheers,
--
Noah St.Amand
tookish digital communication
phone: 613.549.5394
mobile: 416.452.7840
sms: sms at tookish.net
email: noah at tookish.net
web: http://www.tookish.net/
More information about the thelist
mailing list