3

我有一个 Outlook 网络邮件登录页面,其中包含用户名和密码字段,可让您进入由我的网站托管公司提供的收件箱。

我需要一种方法将这些字段放在我的主网站中(由 asp.net mvc 提供支持),然后使用输入的凭据将用户重定向到他的电子邮件收件箱?

这怎么可能(当然是以安全的方式)?

我尝试了以下从原始站点复制的 html 代码:

<html>
<body>
<form autocomplete="off" name="logonForm" method="POST" action="https://mail.moda.gov.sa/OWA/owaauth.dll">
<input type="hidden" value="https://mail.moda.gov.sa/OWA/" name="destination">
<input type="hidden" value="4" name="flags">
<input type="hidden" value="0" name="forcedownlevel">
<table cellspacing="0" cellpadding="0" align="center" id="tblMain">
    <tbody><tr>
        <td colspan="3">
            <table cellspacing="0" cellpadding="0" class="tblLgn">
            <tbody><tr>
                <td class="lgnTL"><img alt="" src="/owa/8.2.247.2/themes/base/lgntopl.gif"></td>
                <td class="lgnTM"></td>
                <td class="lgnTR"><img alt="" src="/owa/8.2.247.2/themes/base/lgntopr.gif"></td>
            </tr>
            </tbody></table>
        </td>
    </tr>
    <tr>
        <td id="mdLft">&nbsp;</td>
        <td id="mdMid">
            <table class="mid" id="tblMid">
                <tbody><tr>
                    <td class="expl" id="expltxt">

                    </td>
                </tr>
                <tr><td><hr></td></tr>
                <tr>
                    <td>
                        <table class="nonMSIE">
                        <colgroup><col>
                        <col class="w100">
                        </colgroup><tbody><tr id="trSec">
                            <td colspan="2">                                
                                Security 
                                    &lrm;(
                                    <a onclick="clkExp('lnkShwSec')" id="lnkShwSec" href="#">
                                    show explanation 
                                    </a>
                                    <a style="display:none" onclick="clkExp('lnkHdSec')" id="lnkHdSec" href="#">
                                    hide explanation 
                                    </a>
                                )&lrm;
                            </td>
                        </tr>                       
                        <tr>
                            <td><input type="radio" checked="" onclick="clkSec()" class="rdo" value="0" name="trusted" id="rdoPblc"></td>
                            <td><label for="rdoPblc">This is a public or shared computer</label></td>
                        </tr>
                        <tr style="display:none" class="expl" id="trPubExp">
                            <td></td>
                            <td>Select this option if you use Outlook Web Access on a public computer. Be sure to log off when you have finished using Outlook Web Access and close all windows to end your session.</td>
                        </tr>
                        <tr>
                            <td><input type="radio" onclick="clkSec()" class="rdo" value="4" name="trusted" id="rdoPrvt"></td>
                            <td><label for="rdoPrvt">This is a private computer</label></td>
                        </tr>
                        <tr style="display:none" class="expl" id="trPrvtExp">
                            <td></td>
                            <td>Select this option if you are the only person who uses this computer. Your server will allow a longer period of inactivity before logging you off.</td>
                        </tr>
                        <tr style="" class="wrng" id="trPrvtWrn">
                            <td></td>
                            <td>Warning:  By selecting this option, you confirm that this computer complies with your organization's security policy.</td>
                        </tr>
                        </tbody></table>
                    </td>
                </tr>
                <tr><td><hr></td></tr>
                <tr>
                    <td>
                        <table class="nonMSIE">
                            <colgroup><col>
                            <col class="w100">

                                </colgroup><tbody><tr>
                                    <td><input type="checkbox" checked="" disabled="" onclick="clkBsc();" class="rdo" id="chkBsc"></td>
                                    <td nowrap=""><label for="chkBsc">Use Outlook Web Access Light</label></td>
                                </tr>
                                <tr class="disBsc" id="trBscExp">
                                    <td></td>
                                    <td>The Light client provides fewer features and is sometimes faster. Use the Light client if you are on a slow connection or using a computer with unusually strict browser security settings. If you are using a browser other than Internet Explorer 6 or later, you can only use the Light client.</td>
                            </tr>

                        </tbody></table>
                    </td>
                </tr>
                <tr><td><hr></td></tr>
                <tr>
                    <td>
                        <table class="nonMSIE">
                            <colgroup><col class="nowrap">
                            <col class="w100">
                            <col>
                            </colgroup><tbody><tr>
                                <td nowrap=""><label for="username">User name:</label></td>
                                <td class="txtpad"><input type="text" class="txt" name="username" id="username"></td>
                            </tr>
                            <tr>
                                <td nowrap=""><label for="password">Password:</label></td>
                                <td class="txtpad"><input type="password" onfocus="g_fFcs=0" class="txt" name="password" id="password"></td>
                            </tr>
                            <tr>
                                <td align="right" class="txtpad" colspan="2">

                                    <input type="submit" onclick="clkLgn()" value="Log On" class="btn">

                                    <input type="hidden" value="1" name="isUtf8">
                                </td>
                            </tr>
                        </tbody></table>
                    </td>
                </tr>
                <tr><td><hr></td></tr>

                    <tr class="wrng" id="trInvCrd">
                    <td>The user name or password that you entered is not valid. Try entering it again.</td>
                </tr>

            </tbody></table>
            <table style="display:none" class="mid" id="tblMid2">
                <tbody><tr><td><hr></td></tr>
                <tr>
                    <td><br>Please enable cookies for this web site.<br><br>Cookies are currently disabled by your browser. Outlook Web Access requires that cookies be enabled. <br><br>If you are using Microsoft Internet Explorer 6 or later, open Internet Options from the Tools menu. Click the Privacy tab, and then click Sites. Type the address for Outlook Web Access into the field, click Allow, and then click OK to save your changes.<br><br><br></td>
                </tr>
                <tr><td><hr></td></tr>
                <tr>
                    <td align="right" class="txtpad">

                        <input type="button" onclick="clkRtry()" value="Retry" style="float: right" class="btn">

                    </td>
                </tr>
            </tbody></table>
            <table class="mid tblConn">
                <tbody><tr>
                    <td align="right" class="tdConnImg" rowspan="2"><img alt="" src="/owa/8.2.247.2/themes/base/lgnexlogo.gif" style="vertical-align:top"></td>
                    <td class="tdConn">Connected to Microsoft Exchange</td>
                </tr>
                <tr>
                    <td class="tdCopy">&copy; 2007 Microsoft Corporation. All rights reserved. </td>
                </tr>
            </tbody></table>
        </td>
        <td id="mdRt">&nbsp;</td>
    </tr>
    <tr>
        <td colspan="3">
            <table cellspacing="0" cellpadding="0" class="tblLgn">
            <tbody><tr>
                <td class="lgnBL"><img alt="" src="/owa/8.2.247.2/themes/base/lgnbotl.gif"></td>
                <td class="lgnBM"></td>
                <td class="lgnBR"><img alt="" src="/owa/8.2.247.2/themes/base/lgnbotr.gif"></td>
            </tr>
            </tbody></table>
        </td>
    </tr>
</tbody></table>
</form>
</body>
</html>
4

3 回答 3

4

这行得通吗?

<form action="https://mail.moda.gov.sa/OWA/auth/owaauth.dll" method="POST" name="logonForm" autocomplete="off">
    <input name="destination" value="https://mail.moda.gov.sa/OWA/" type="hidden">
    <input name="flags" value="0" type="hidden">
    <input name="forcedownlevel" value="0" type="hidden">

    <input id="rdoPblc" name="trusted" value="0" class="rdo" checked="checked" type="radio">
    <label for="rdoPblc">This is a public or shared computer</label><br />
    <input id="rdoPrvt" name="trusted" value="4" class="rdo" type="radio">
    <label for="rdoPrvt">This is a private computer</label><br /><br />

    <input id="chkBsc" class="rdo" checked="checked" type="checkbox"></td>
    <label for="chkBsc">Use Outlook Web Access Light</label><br /><br />

    <label for="username">User name:</label>
    <input id="username" name="username" class="txt" type="text"><br />
    <label for="password">Password:</label>
    <input id="password" name="password" class="txt" type="password"><br />
    <input class="btn" value="Log On" type="submit">
    <input name="isUtf8" value="1" type="hidden">
</form>

只要您的网站值得信赖,它就应该是安全的。

于 2011-05-31T01:41:59.757 回答
2

You could try to reverse-engineer the html-form that is used to login to your inbox. If you create the exact same form on your website, it might work. However, it isn't guaranteed to work, the website might check the referer or use some other checksum to see where the HTTP POST was originated from.

[edit after more information was given] Two remarks:

1) maybe this post can help you: Sending an OWA logon form from Java

2) try using Fiddler and compare the two requests (the official one and yours). See if there are any arguments missing. Did you copy all javascript etc..

于 2011-05-22T11:58:06.967 回答
0

一种简单的方法可能是在您的网站上设置一个链接到收件箱登录页面的 iFrame,但我想您已经考虑过这一点。

我在这里猜测,但也许您有一个用户登录的站点。但是,您将他们的电子邮件托管在另一个站点上,但您不希望他们必须登录两次才能访问他们的电子邮件。

Michiel 提出了一个很好的观点,即网站可能会检查 HTTP Post 的来源。如果他们确实检查,那么您将不得不与他们交谈。也许他们可以将您添加到已批准的 URL 列表中。

于 2011-06-03T08:48:15.350 回答