Hugoware

The product of a web developer with a little too much caffeine

Posts Tagged ‘Website

Creating CustomWebmail.com – Part 1

with one comment

CustomWebmail.com is a website that allows you to to create a custom login page for your Outlook Web Access by making changes to the colors, logo and layout of the page. This is a series of blog posts that discuss some of the more interesting parts of developing this project.

The Key Parts Of CustomWebmail.com

In order to develop CustomWebmail.com I had solve a few problems…

  • What is the correct address to post logon attempts to?
  • How can I be reasonably certain that the address is correct?
  • How do I create their custom OWA page with the correct colors and logo?
  • What is the best way to convert an theme image into an actual HTML web page?
  • How can I package their content into a single .zip file?

For the next few weeks I’ll be going over all the steps I used to allow visitors to create custom Outlook Web Access pages with this site.

Determine The Correct Address

Now, this part is probably not close to perfect yet. As it turns out OWA isn’t standard across the board. I’m not just referring to OWA 2003 compared to OWA 2007 — but even matching versions can have different setups. With that said, the application still needs to come up with the correct postback URL to for the final rendered page.

Asking the visitor for the correct URL is probably not really a good idea. They might not understand where to look inside the form or what the address should look like. Instead, the application simply asks them for the address of the Outlook Web Access login page and then uses a series of HTTP calls to determine the rest.

string path = "http://webmail.example.com/exchange";
HttpWebRequest request = HttpWebRequest.Create(path) as HttpWebRequest;

request.UserAgent = USER_AGENT;
request.CookieContainer = result._Cookie;

//get the response from the requester
response = request.GetResponse() as HttpWebResponse;
using (StreamReader reader = new StreamReader(response.GetResponseStream())) {
    content = reader.ReadToEnd();
}

//use content to determine form related information
//...

This section of code tells us a few things…

  • Did a server respond to our request?
  • Were we redirected to a different URL?
  • Which level of security was used – http or https
  • If the server doesn’t respond was it really because nothing was there?
  • Does the content contain anything that looks like an Outlook Web Access page?
  • Are we sure that this address will accept our login attempts?

Yikes! Unfortunately those are all real problems that need to be solved in the code — and anything unsuccessful needs to be reported back to the user (or repaired on its own). I’ll skip over the first three since they are fairly easy to determine.

Exception With A Responding Server?

I’ve found that with the HttpWebRequest sometimes you get an exception even if the server is found because the certificate at the site isn’t valid. It throws you off quite a bit especially if you’re expecting a response and your code simply crashes.

As it turns out it isn’t hard to handle invalid certificates.

//Ignore bad certificates
// ** Use at your own risk **
ServicePointManager.ServerCertificateValidationCallback = (obj, cert, chain, ssl) => {
    return true;
};

In my case I’m not too worried if the server’s certificate is valid – I just want to know if it is responding to my requests. By adding in this line of code I can ignore anything invalid and move forward.

Just What Is This Page Anyways?

There are a few arguments you need to use when posting back to an Outlook Web Access login page. We wouldn’t want to accidentally create a login page if someone entered ‘google.com’ instead. By using a couple Regular Expressions we can check to see if the form looks like an Outlook Web Access page.

Here are some of the fields you can check for…

  • An input named username
  • An input named password
  • An hidden input named destination
  • An form action to something containing owaauth.dll

There are more fields you can use but these tend to be a fairly sufficient indicator if we’re looking at an Outlook Web Access form.

Testing The Login

At this point we’re fairly confident that the server we are looking at is an OWA login page but there is one more test we can try. In the final test we perform a fake login to the page to see if we get a password failed error response.

//test the target of the form that was found
HttpWebRequest request = WebRequest.Create(formTarget) as HttpWebRequest;

//create the standard postback information
string post = string.Format(
"username={0}&password={0}&forcedownlevel=0&trusted=0&flags=0&destination={1}&isUtf8=1",
    DateTime.Now.Ticks,
    HttpUtility.UrlEncode(this.Destination)
    );

//prepare the request
request.MaximumAutomaticRedirections = 10;
request.UserAgent = USER_AGENT;
request.Method = "POST";
request.Timeout = 15000;

//and add the content
using (StreamWriter writer = new StreamWriter(request.GetRequestStream())) {
    writer.Write(post);
}

//get the login attempt result
HttpWebResponse response = request.GetResponse() as HttpWebResponse;
response = request.GetResponse() as HttpWebResponse;

//check if a reason code was included
return Regex.IsMatch(response.ResponseUri.Query, @"(&|\?)?reason=\d", RegexOptions.IgnoreCase);

It is possible that we just happened to come across a random server that returns a response code but given all the other tests we can be fairly confident in the address we’re testing.

As a final option we present the user with a test login box that they can try to do a personal verification that the address works.

Advertisements

Written by hugoware

November 2, 2009 at 9:59 pm

New Hugoware.net Site

with 11 comments

For the longest time now Hugoware.net has basically been the home for jLinq. Lately, I’ve been working on a new version of my site — one that represents all of the stuff I do and not just one of my projects. After working on the site for about a week I’ve updated with a brand new look and grouped all of my projects together into one site.

I’d love to get some feedback — so use the ‘Contact Me’ section to tell me if you think something could be improved.


hugoware

And of course, there is my Twitter Bird (he’s open source as well :))

twit

There isn’t much to talk about with the new site. Basically it is an ASP.NET MVC site with personal information and projects on it.

However, I’m always interested in hearing feedback. If you think something about the site is missing or could be improved, please let me know!

Written by hugoware

August 14, 2009 at 2:53 am

Get Visitor Feedback – Without Asking For Their Help

leave a comment »

Do you track what visitors look at when they get to your site? Do you check things like the search phrase they used to get to your site? Do you track what gets downloaded the most? E-Mail comments sent directly to the administrator?

Most people I’ve ever met feel that feedback, like comments or e-mails, are the best/only way to gauge how your customer feels. They feel that unless you’re reading actual typed words from the customer, then you don’t know what they are looking for.

This last month, since jLinq and this blog came online, I’ve had about 620,000 hits. Want to take a guess how many e-mails with feedback I’ve gotten? 100? 200? 1000?

How about, 2…

Yep, just two e-mails with feedback. A little surprising since I know I’m not that good (if any good :)) at programming. Surely some people are at least a little confused on how jLinq works (or anything I’ve posted so far). I would have figured questions, suggestions and requests would come pouring in.

Feedback, Stealth Style

Despite the lack of “verbal” feedback, I’ve still managed to get interesting feedback from my site statistics, for example the pages that are viewed the most, the number of downloads for different versions and referrers to my site.

A good example of learning more about your website from site statistics alone is my own blog!

WordPress has quite a few awesome tracking features that tells you about your most viewed post, referrers to your site, search terms that led to your site and more. These stats tell you a lot of information about how people are finding your site. That’s really valuable information when you’re trying to figure out the best way to present your site when someone arrives.

On this blog I get my most traffic from a post that I did about changing HTML into a PDF. Definitely not my area of expertise, but a very hot topic for my blog. Knowing this it gives me incentive to work more on that project and make it better.

Another valuable piece of information has been seeing the search terms that help people make their way to this site. A great example of this was when I noticed people were getting to my site with the search terms of an exception that was found in jLinq. I realized that I didn’t have any documentation about the exceptions I had written and so the closest thing to help my visitors could find was this blog.

Are You Using Statistics?

It’s interesting that despite the ease that we can communicate over the web, feedback is still uncommon. CodingHorror.com I thought was always a great example of this. Anytime Jeff posts a blog entry he gets roughly 50 to 100 comments, and hot button issues around 300. That’s some really great numbers for feedback until you consider that he also has about 125K subscribed readers and who knows how many more that don’t use Feedburner (for example – myself).

My guess is that even on interesting topics, we’re in just too much of a hurry even to write a small comment. Maybe it’s that a large amount of feedback goes without a response. It could be that we’re constantly bombarded by websites telling us “your opinion matters” or “tell us what you think” that we just don’t even really care anymore unless it’s something we’re really passionate about.

But there is a great deal of knowledge to be harvested all without a single form. So, how are you using your website statistics?

Written by hugoware

June 1, 2009 at 1:51 am