我有一个Outlook网页邮件登录页面,其中包含用户名和密码字段,以便您输入我的网站托管公司提供的收件箱。
我需要一种方法将这些字段放入我的主网站(由asp.net mvc提供支持),然后使用输入的凭据将用户重定向到他的电子邮件收件箱?
这怎么可能(当然是以安全的方式)?
我尝试了以下从原始网站复制的html代码:
<html>
<body>
<form autocomplete="off" name="logonForm" method="POST" action="https://mail.moda.gov.sa/OWA/owaauth.dll">
<input type="hidden" value="https://mail.moda.gov.sa/OWA/" name="destination">
<input type="hidden" value="4" name="flags">
<input type="hidden" value="0" name="forcedownlevel">
<table cellspacing="0" cellpadding="0" align="center" id="tblMain">
<tbody><tr>
<td colspan="3">
<table cellspacing="0" cellpadding="0" class="tblLgn">
<tbody><tr>
<td class="lgnTL"><img alt="" src="/owa/8.2.247.2/themes/base/lgntopl.gif"></td>
<td class="lgnTM"></td>
<td class="lgnTR"><img alt="" src="/owa/8.2.247.2/themes/base/lgntopr.gif"></td>
</tr>
</tbody></table>
</td>
</tr>
<tr>
<td id="mdLft"> </td>
<td id="mdMid">
<table class="mid" id="tblMid">
<tbody><tr>
<td class="expl" id="expltxt">
</td>
</tr>
<tr><td><hr></td></tr>
<tr>
<td>
<table class="nonMSIE">
<colgroup><col>
<col class="w100">
</colgroup><tbody><tr id="trSec">
<td colspan="2">
Security
‎(
<a onclick="clkExp('lnkShwSec')" id="lnkShwSec" href="#">
show explanation
</a>
<a style="display:none" onclick="clkExp('lnkHdSec')" id="lnkHdSec" href="#">
hide explanation
</a>
)‎
</td>
</tr>
<tr>
<td><input type="radio" checked="" onclick="clkSec()" class="rdo" value="0" name="trusted" id="rdoPblc"></td>
<td><label for="rdoPblc">This is a public or shared computer</label></td>
</tr>
<tr style="display:none" class="expl" id="trPubExp">
<td></td>
<td>Select this option if you use Outlook Web Access on a public computer. Be sure to log off when you have finished using Outlook Web Access and close all windows to end your session.</td>
</tr>
<tr>
<td><input type="radio" onclick="clkSec()" class="rdo" value="4" name="trusted" id="rdoPrvt"></td>
<td><label for="rdoPrvt">This is a private computer</label></td>
</tr>
<tr style="display:none" class="expl" id="trPrvtExp">
<td></td>
<td>Select this option if you are the only person who uses this computer. Your server will allow a longer period of inactivity before logging you off.</td>
</tr>
<tr style="" class="wrng" id="trPrvtWrn">
<td></td>
<td>Warning: By selecting this option, you confirm that this computer complies with your organization's security policy.</td>
</tr>
</tbody></table>
</td>
</tr>
<tr><td><hr></td></tr>
<tr>
<td>
<table class="nonMSIE">
<colgroup><col>
<col class="w100">
</colgroup><tbody><tr>
<td><input type="checkbox" checked="" disabled="" onclick="clkBsc();" class="rdo" id="chkBsc"></td>
<td nowrap=""><label for="chkBsc">Use Outlook Web Access Light</label></td>
</tr>
<tr class="disBsc" id="trBscExp">
<td></td>
<td>The Light client provides fewer features and is sometimes faster. Use the Light client if you are on a slow connection or using a computer with unusually strict browser security settings. If you are using a browser other than Internet Explorer 6 or later, you can only use the Light client.</td>
</tr>
</tbody></table>
</td>
</tr>
<tr><td><hr></td></tr>
<tr>
<td>
<table class="nonMSIE">
<colgroup><col class="nowrap">
<col class="w100">
<col>
</colgroup><tbody><tr>
<td nowrap=""><label for="username">User name:</label></td>
<td class="txtpad"><input type="text" class="txt" name="username" id="username"></td>
</tr>
<tr>
<td nowrap=""><label for="password">Password:</label></td>
<td class="txtpad"><input type="password" onfocus="g_fFcs=0" class="txt" name="password" id="password"></td>
</tr>
<tr>
<td align="right" class="txtpad" colspan="2">
<input type="submit" onclick="clkLgn()" value="Log On" class="btn">
<input type="hidden" value="1" name="isUtf8">
</td>
</tr>
</tbody></table>
</td>
</tr>
<tr><td><hr></td></tr>
<tr class="wrng" id="trInvCrd">
<td>The user name or password that you entered is not valid. Try entering it again.</td>
</tr>
</tbody></table>
<table style="display:none" class="mid" id="tblMid2">
<tbody><tr><td><hr></td></tr>
<tr>
<td><br>Please enable cookies for this web site.<br><br>Cookies are currently disabled by your browser. Outlook Web Access requires that cookies be enabled. <br><br>If you are using Microsoft Internet Explorer 6 or later, open Internet Options from the Tools menu. Click the Privacy tab, and then click Sites. Type the address for Outlook Web Access into the field, click Allow, and then click OK to save your changes.<br><br><br></td>
</tr>
<tr><td><hr></td></tr>
<tr>
<td align="right" class="txtpad">
<input type="button" onclick="clkRtry()" value="Retry" style="float: right" class="btn">
</td>
</tr>
</tbody></table>
<table class="mid tblConn">
<tbody><tr>
<td align="right" class="tdConnImg" rowspan="2"><img alt="" src="/owa/8.2.247.2/themes/base/lgnexlogo.gif" style="vertical-align:top"></td>
<td class="tdConn">Connected to Microsoft Exchange</td>
</tr>
<tr>
<td class="tdCopy">© 2007 Microsoft Corporation. All rights reserved. </td>
</tr>
</tbody></table>
</td>
<td id="mdRt"> </td>
</tr>
<tr>
<td colspan="3">
<table cellspacing="0" cellpadding="0" class="tblLgn">
<tbody><tr>
<td class="lgnBL"><img alt="" src="/owa/8.2.247.2/themes/base/lgnbotl.gif"></td>
<td class="lgnBM"></td>
<td class="lgnBR"><img alt="" src="/owa/8.2.247.2/themes/base/lgnbotr.gif"></td>
</tr>
</tbody></table>
</td>
</tr>
</tbody></table>
</form>
</body>
</html>
答案 0 :(得分:4)
这有用吗?
<form action="https://mail.moda.gov.sa/OWA/auth/owaauth.dll" method="POST" name="logonForm" autocomplete="off">
<input name="destination" value="https://mail.moda.gov.sa/OWA/" type="hidden">
<input name="flags" value="0" type="hidden">
<input name="forcedownlevel" value="0" type="hidden">
<input id="rdoPblc" name="trusted" value="0" class="rdo" checked="checked" type="radio">
<label for="rdoPblc">This is a public or shared computer</label><br />
<input id="rdoPrvt" name="trusted" value="4" class="rdo" type="radio">
<label for="rdoPrvt">This is a private computer</label><br /><br />
<input id="chkBsc" class="rdo" checked="checked" type="checkbox"></td>
<label for="chkBsc">Use Outlook Web Access Light</label><br /><br />
<label for="username">User name:</label>
<input id="username" name="username" class="txt" type="text"><br />
<label for="password">Password:</label>
<input id="password" name="password" class="txt" type="password"><br />
<input class="btn" value="Log On" type="submit">
<input name="isUtf8" value="1" type="hidden">
</form>
只要您的网站值得信赖,它就应该是安全的。
答案 1 :(得分:2)
您可以尝试对用于登录收件箱的html表单进行反向工程。如果您在网站上创建完全相同的表单,它可能会起作用。 但是,它不能保证工作,网站可能会检查引用者或使用其他一些校验和来查看HTTP POST的来源。
[在提供更多信息后编辑] 两句话:
1)也许这篇文章可以帮助你:Sending an OWA logon form from Java
2)尝试使用Fiddler并比较两个请求(官方和你的)。查看是否缺少任何参数。你复制了所有的javascript等..
答案 2 :(得分:0)
一种简单的方法可能是在您的网站上安装一个链接到收件箱登录页面的iFrame,但我想您已经考虑过了。
我猜这里,但也许你有一个用户登录的网站。但是,您在其他站点上托管他们的电子邮件,但您不希望他们必须登录两次才能访问他们的电子邮件。
Michiel非常清楚地说网站可能会检查HTTP Post的来源。如果他们检查那么你将不得不与他们交谈。也许他们可以将您添加到已批准的URL列表中。