by Njål

Outlook Web App 2010 Auto login

Microsoft Exchange Server 2010

This one goes out to all my fans out there. A simple html page that automatically logs you in to Outlook Web App. Handy when webmail is the only thing you have access to, and you canstantly keep getting logged out (since your nazi sysadmin refuses to extend the session timeout period).

<html>
  <body style="display: none">
    <form action="https://exchangeserver.com/owa/auth/owaauth.dll" method="POST" name="logonForm" ENCTYPE="application/x-www-form-urlencoded" id="loginForm">
      <input type="hidden" name="destination" value="https://exchangeserver.com/owa/">
      <input type="hidden" name="username"  value="joe@scrotum.org" >
      <input type="hidden" name="password"  value="Balls_1234$">
      <input type="hidden" name="flags" value="4">
      <input type="hidden" name="forcedownlevel" value="0">
      <input type="radio"  name="trusted" value="4" class="rdo" checked>
      <input type="hidden" name="isUtf8"  value="1">
    </form>
    <script type="text/javascript">
      document.forms["logonForm"].submit();
    </script>
  </body>
</html>

Replace action, destination, username & password. Save this file to your desktop etc. and create a shortcut/bookmark to it. You’re done.

This can also be used to facilitate one-click login into OWA from an intranet etc.

 

  • Sølve

    Very good!
    Thanks a lot!

    Sølve

  • james

    fuckin brilliant

  • gushtiuck

    It’s working!
    Thanks

  • Roy

    This doesn’t work?
    I created a blank html page with the codes above and changed the things inside you mentioned yet the file created opens up blank. with the address (file:///C:/Documents%20and%20Settings/….0
    What’s the deal?
    Some more explanation would be appreciated.
    Regards,
    Roy

  • http://blog.degree.no/bloggere/ Njål

    Hi Roy

    I updated the javascript part now – could you please try again?

  • Familyman

    You ROCK man! Thanks a lot!

  • Roy

    Beautiful, updated code works like a charm :)
    Thank You!

  • Mark

    Hi,

    I have a similar problem to Roy’s – the link is displaying correctly in IE but with a blank page. In Firefox, it displays the link as ‘file:///……’ with a blank page. In Comodo Dragon, it opens the login page but with blank username/password fields.

    What might I be doing wrong

  • mythri

    Could you pls help me? able to access the inbox with html but unable to do through my dot net application and it gives 400 bad request. The application uses framework 2.0 and was working fine for Exchange 2003, now I need to do the same for 2010.

    Thanks in advance….

  • Mark

    Hi,

    This is a bit odd. Tried it again after last post above. Now works fine with Comodo Dragon, but still same problem with IE and Firefox!!

  • http://blog.degree.no/bloggere/ Njål

    Email me the html file you’re trying to run and I’ll have a look :) njal [a] degree . no

  • randallto

    For those getting 400 error using .net use this user agent.
    request.UserAgent = @”Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)”;

  • postmaster

    Hallo,

    it doesn’t work for me. i have an owa with this detail Mit Microsoft Exchange verbunden
    Geschützt durch Microsoft Forefront Threat Management Gateway
    © 2009 Microsoft Corporation. Alle Rechte vorbehalten.
    … nothing happens.. can u hlp me pls?

  • http://www.njdoorworks.com John B

    Using MS- Outlook 2010, POP-Server is hosted on GoDaddy….

    The script above appears to me (a non-script programmer) to solve an issue I have with (3) users sharing a single PC for email. By modifying the script’s user and password, and creating (3) ‘separate’ scripts one for each user, they would be able to log into the web secureserver.net and retrieve their ‘own’ email.

    Assuming I am correct, how do I execute the script, after the user logs into the single PC??

    I will create individual Window accounts for each of the users sharing the single PC.

    Thanks in advance,

    John B.

  • http://blog.degree.no/bloggere/ Njål

    John: This is possible, but I’m not sure if it is a good/secure solution.

    You can place a startup.bat file the users Startup folder which contains:

    C:Program Files (x86)Internet Exploreriexplore.exe c:logonfile.html

    Make sure the users dont have access to each others logonscript. You’ll also have a problem when a user changes his/hers password.

    I would rather install Outlook, Thunderbird or Live Mail. Each user would still have their own account, they can choose to remember their password. It’s more secure, and will result in a better user experience.

    /N

  • Mark

    Is Forms Authentication in IIS required because when I run this script, I keep getting a poup asking for a username and password. This poup is blank too.

    Thanks,
    Mark

  • http://blog.degree.no/bloggere/ Njål

    Mark: This is not required – and is caused by your IIS Settings. Check what user your App Pool is running under – and give this user access to the folder where OWA is running.

    /N

  • Oscar

    This is great! I had spent some time trying to do this for Exchange 2010. And this helped me a lot. Thank you!

  • http://N/A James

    What about following the forward from a 2010 CAS to a 2007 mailbox? This form doesn’t seem to work with that – anybody else found a solution to this issue? It appears to be dependent on some cookies and referrer URL’s in order for this to happen.

    Thanks!

  • Ben

    Hi, this seems awesome, but I’m having an issue running it.

    In the action section, I replaced your text with the login page for my school’s OWA. That url is https://email.uiowa.edu/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2femail.uiowa.edu%2fowa%2f. Then for the destination, I replaced you text with the url from when I am logged into my account. That one is https://email.uiowa.edu/owa/. This is not working with my username and password, it just takes me to the login page. Can you tell me if I’m using the wrong values for those?

    Thanks,
    Ben

  • http://blog.degree.no/bloggere/ Njål

    Hi Ben – try this:

    action: https://email.uiowa.edu/owa/auth/owaauth.dll
    destination: https://email.uiowa.edu/owa/

    Best regards, Njal

  • http://blog.degree.no/bloggere/ Njål

    Hi James – I haven’t tried that.

    Hit F12 in Chrome, inspect carefully the data/cookies that is sent – and try to replicate it. Good luck!

    Best regards, Njal

  • Ben

    Thanks Njål. It’s working perfectly now :)

  • Arif

    how to pass the public and private radio button values ?

  • Hebus

    Very good.
    Thanks Njål.

    I would like to encrypt/decrypt the couple username/password to improve security.
    Do you know how i could do this on exchange side server ?

  • http://blog.degree.no/bloggere/ Njål

    You can perhaps try to URL encode the password – but I don’t know if it will work.

    • Hebus

      That’s right but I need to decode it on exchange server side. And I don’t know where these data are managed. In which files on exchange server ? I don’t know asp coding anymore.

  • MikeD

    Awesome script, thank you:) … One request if anyone out there can help me out. Can I also make this html script create a new message with a name & recipient? I’m dealing with employee’s that are not very bright when it comes to computers (me not being an expert either..), and also don’t speak English very well, so the more I can minimize what they have to do, the better.

    Any help is appreciated!

  • CijTin

    Hi,

    We have a java based intranet application with a link to OWA. When clicking on the link we want to surpass the login screen and directly enter the mailbox. I tried using your code but its still taking me to the OWA login screen.

    • http://blog.degree.no/bloggere/ Njål

      Make sure you have all parameters set correctly – it works fine here.

  • CijTin

    Hi,

    Can you please review my below code. I used this code and gave the domain username and password but still it takes me to the OWA login screen

    <input type="hidden" name="username" value="” >
    <input type="hidden" name="password" value="”>

    document.forms[“logonForm”].submit();

  • CijTin

    Hi,
    sorry in the earlier comment the full code was not included:

    <input type="hidden" name="username" value="” >
    <input type="hidden" name="password" value="”>

    document.forms[“logonForm”].submit();

  • CijTin

    Hi,

    I am not able to post the complete code. Can you please send me the email address to which I can send the complete code?

  • CijTin

    Hi,

    Since I am not able to post complete the complete code, I will post the relevant portion:

    Is this because my url has /CookieAuth.dll instead of /owa/auth/owaauth.dll?

  • CijTin

    My action is “https://mail.mannai.com.qa/CookieAuth.dll?GetLogon?curl=Z2Fowa&reason=0&formdir=1”
    and destination value is https://mail.mannai.com.qa/OWA/

    • http://blog.degree.no/bloggere/ Njål

      I don’t have access to your intranet – so I am unable to help you debug/resolve this at this point (you have to make sure your urls are correct.)

      If you wish to hire our services in order to fix this – then email njal[a]degree.no

  • jose

    it not works when i use it don work it only works with IP not with alias

  • https://github.com/fiorix/ Alexandre Fiori

    I did this programatically from the Go programming language using this: https://gist.github.com/fiorix/dc241189cef2ab7d6b12

  • Jason

    Oh man you are a champ! Saved the day. Cheers.