Monday, June 1, 2009

OWA-Sharepoint Integration- A tricky solution

Hi everyone, In my recent project I had to show mails, calendar and task from exchange server on sharepoint portal. I used OWA webparts to do the same. But the problem is- OWA webparts does not show the mails, calendar and tasks instead they were showing OWA login screen. After configuring Integrated window authentication on Exchange server the problem has been resolved but within the domain. when the user logs in from outside of the domain, it doesn't works. After spending few weeks on OWA-sharepoint integration and after experiencing every alternative, I came to some tricky solution by using the below blog-

http://blogs.msdn.com/tconte/archive/2007/01/17/owa-web-part-with-single-sign-on.aspx

I used Single-sign-on solution from this blog. In this an HTML file has been used which is using an IFRAME control for OWA login form and submitting the credential automatically to the OWA login form. To enable SSO, I used below blog.

http://www.thorprojects.com/blog/archive/2008/08/02/moss-single-sign-on-setup-step-by-step.aspx

With the help of network administrator I was able to enable the SSO on sharepoint server.As we are authenticating the user from AD, we need to put all the user credentials into SSO database once. later when u will update the credential from AD, it will automatically be updated in SSO database. The problem with this solution is-the credentials will be passed as clear text in querystring. to resolve this I wrote some custom encryption method. As here the encryption will me server side and the decryption will be on client side so I did not tried to use built-in encryption provided in .Net. Instead I followed custom encryption as below-

public string EncryptCredentials(string Cred)
{
try
{
string EncryptedCred = string.Empty;
string[] arr = new string[10];
for (int i = 0; i < Cred.Length; i++)
{
arr[i] = Cred.Substring(i, 1);
}
for (int i = 0; i < Cred.Length; i++)
{
switch (arr[i])
{
case "A":
{
arr[i] = "!@#$%";
break;
}
......... and so on.
}
}
}
}
Now we need to decrypt the credentials on client side to pass it on OWA login form. I wrote some javascript decryption code to decrypt the credentials as below-

function getPassword(pwd)
{
var len=pwd.toString().length;
var arr=new Array();
var i;
var ClearPwd="";
for(i=0;i < len;i+=5)
{
arr[i]=pwd.toString().substring(i,i+5);
}
for(i=0;i < len;i+=5)
{
switch (arr[i])
{
case "!@#$%":
{
arr[i] = "A";
break;
} .......
n so on
}
ClearPwd+=arr[i];
}
}
Here the encrypted credential has been taken into array of string each having length five. This will again decrypt the credentials and that will be passed to OWA login form. Now the credential is being decrypted and can be passed to login form of OWA. Also, it will not be visible to anyone as a clear text. Its done Now. you may use the webpart now. hopes it will help. :)

Regards
Deewaker

16 comments:

  1. Hi Deewakar,
    Thanks for the nice post. I have the same requirement and I am new to SharePoint. I would really appreciate if you provide me the steps for doing this like where I need to add the code.

    Thanks,
    Sam

    ReplyDelete
  2. Sam,
    If u could see the webpart which is using the single sign on.There is an HTML file and a .NET project. the Encryption method u will have to use in the cs file in .NET project as below-
    protected override void Render(System.Web.UI.HtmlTextWriter writer)
    {
    try
    {

    string login = Context.Request.ServerVariables["AUTH_USER"];
    string password = EncryptCredentials(Context.Request.ServerVariables["AUTH_PASSWORD"]);
    string src = "/_layouts/OWARedirect.htm?l=" + login + "&p=" + password;
    writer.Write("<iframe frameborder=\"0\" width=\"800\" height=\"600\" src=\"" + src + "\"/>");
    }
    catch
    {
    }
    }

    public string EncryptCredentials(string Cred)
    {
    //definition goes here
    }

    u can see I passed the password to string variable in encrypted format.

    Since we are using client side decryption, u can put this decryption function in html file.
    before submitting to login form, u will have to decrypt the password so use getPassword() function before submitting the form-

    logonForm.password.value = getPassword(getParameter(queryString, "p"));

    here getParameter() method will give u the encrypted password from the query string of the Iframe. u need to modify the definition of this function to get the exact encrypted password from querystring.

    Hopes It will help.
    Please let me know if u hv any query.
    dont forget to enable SSO on sharepoint server.

    ReplyDelete
  3. Thanks Deewakar for your prompt reply. I will test it and let you know.

    Sam.

    ReplyDelete
  4. If you are decrypting using client side script, one can easily understand and decrypt your information.

    ReplyDelete
  5. Yeah,

    The decryption will not help in this case.
    The client side scripting can be easily vulnerable.

    Anybody could solve this issue?

    Regards,
    Salim

    ReplyDelete
  6. salim
    ya u can say the same and u r right but this is the encryption/decryption method I followed. u may go ahead with some other secure decryption. there might be other way to decrypt the credentials but that time i could find only this solution. :)
    please let me know if u gets something.

    ReplyDelete
  7. Hi Deewakar,

    I've the same requirement.I configured the SSO as given in the second url(blog). What do i need to do still more..ie.,Do i need to write code or create a webpart. Exactly what would be the next step to proceed.

    Please help me.

    Thanks in advance

    ReplyDelete
  8. swjnys,

    its good that you have configured SSO. now you need to follow the first URL and create webpart for for SSO as mentioned in that blog. thereafter u will have to write encryption/decryption methods as I did.

    ReplyDelete
  9. Deewaker,

    The webpart created in first blog is using visual studio 2005.
    I am new to sharepoint and started with visualstudio2008 sharepoint>>webparts tempate where we build and deploy the webparts in our sites.
    In VS2005 solution, i didnt find the deploy option... when i build the solution and tried to add it to the sharepoint site... i can find on OWABasicwebpart but not OWASSOwebpart.

    so i created a new webpart in VS2008 based on the downloaded webpart, when i try to add OWASSOWebpart to site i'm getting the error
    "The "OWASSOWebPart" Web Part appears to be causing a problem. A call into SPS Single Sign-on failed. The error code returned was '-2140994416'."---wat could be the reason?

    And also as u said above "we need to put all the user credentials into SSO database "----how can we put our AD credentails to SSO dB(to which table).

    Please clarify .

    ReplyDelete
  10. And have to mention here, authetication used is Forms authentication.

    ReplyDelete
  11. Please check your SSO service account and see whether SSO is configured properly. The above methodology must also work for form authentication.

    ReplyDelete
  12. Hi Deewaker, great pleasure to meet you. i followed the same approach but web part gives error:"error: A call into SPS Single Sign-on failed. The error code returned was '-2140994416'. " i goggled for help but was unsuccessful. is there any hard/easy way to test if my SSO configuration is right? thanks in advance.

    ReplyDelete
  13. nevertheless to mention you Deewaker, i got a tremendous confidence on what i was doing after looking at your blog writing about successfulness implementation. thanks for your help.

    ReplyDelete
  14. Hi Naresh,
    can you please verify, SSO service account and enterprise application definition settings are configured properly or not. Also check from services if the logon account for SSO service is correct. It should work fine.

    ReplyDelete
  15. hello deewaker , could you please guide me how can i do this on share point 2010 with exchange 2010. I have added owa inbox webpart but it shows just owa login page . balusreekanth@gmail.com .. thsi is my id . actually it was urgent and i felt better to have your email id . thank you

    ReplyDelete
  16. Hi Deewaker,

    Could you please guide us how it can done for sharepoint 2010. so that we can resolve the prompting issue on outlook web part.

    Thanks,
    Somnath

    ReplyDelete