WebDAV connection using Forms Based Authentication Fails (Response asking for Basic Authntication?)

WebDAV connection using Forms Based Authentication Fails (Response asking for Basic Authntication?)

Post by macc » Sat, 18 Apr 2009 18:47:34


Hi,

Please can somebody help? I'm trying to a authenticate on exchange
2003 using WebDAV (through cURL/PHP). I have enabled Forms-based
Authentication on the Exchange server and can log in successfully
using OWA, so I don't think it's an certificate issue. However, when
trying to authenticate using FBA through webdav I get the following
response:

HTTP/1.1 401 Unauthorized
Content-Length: 83
Content-Type: text/html
Server: Microsoft-IIS/6.0
WWW-Authenticate: Basic realm="<IP removed>"
X-Powered-By: ASP.NET
Date: Fri, 17 Apr 2009 09:11:05 GMT

<html><head><title>Error</title></head><body>Error: Access is
Denied.</
body></html>

I seems as though the server is not accepting the posted form
credentials posted to /exchweb/bin/auth/owaauth.dll and is still
asking me for Basic Authentication.

I can get it working through Basic authentication but this is not
adequate for my needs. Any ideas would be appreciated.

Thanks,

Paul
 
 
 

WebDAV connection using Forms Based Authentication Fails (Response asking for Basic Authntication?)

Post by macc » Wed, 22 Apr 2009 17:26:11

Just as an update,

I have managed to post the form data to the server and the response is
now a 302 Moved header where I can grab the two Forms-based
Authentication cookies, but when I redirect to the Exchange inbox and
pass the cookies in the HTTP headers, I'm still getting the HTTP/1.1
401 Unauthorized, WWW-Authentication: Basic.

Any help would be appreciated....

Anybody?

 
 
 

WebDAV connection using Forms Based Authentication Fails (Response asking for Basic Authntication?)

Post by macc » Thu, 23 Apr 2009 17:31:10


I have managed to post the form data to the server and the response is
now a 302 Moved header where I can grab the two Forms-based
Authentication cookies, but when I redirect to the Exchange inbox and
pass the cookies in the HTTP headers one of the following happens:

If I use the http://<ip removed>/exchange/

I get a HTTP/1.1 403 Forbidden
"The page must be viewed over a secure channel"

but if I use https:<ip removed>/exchange/
cURL just returns a boolean false (no response)

Any ideas?