Passing credentials into the SmarterMail 16.x login screen
Question asked by Rod Strumbel - July 24 at 5:46 AM
Answered
Have my company website built in asp.net and trying to pass login credentials from it into the SmarterMail login screen so users don't need to type in at least their username (email address).
 
In our other mail server (CGP) that is as simple as
Response.Redirect("http://ourmailserver.domain.dom/?username=rodsemail@domain.dom")
 
That doesn't work for the SmarterMail system (16.whatever the latest release is) as the path seems to get overwritten as the login page is loading.
 
Anybody have success in getting this to work ?
 
Rod

26 Replies

Reply to Thread
0
Andrea Rogers Replied
Employee Post
Hi Rod,
 
These are our instructions on Automating Login to SmarterMail. Will this work for you? 
 
 

Andrea Rogers
Communications Specialist
SmarterTools Inc.
(877) 357-6278

www.smartertools.com

0
Rod Strumbel Replied
Maybe... I'll give it a shot in the morning, thank you!
0
Rod Strumbel Replied
That example only works for Firefox and Chrome, not Edge nor IE.
For Edge and IE it never fills the data.

Plus, I am not trying to automatically LOGIN the user.

There MUST be a simpler way to simply pass the email address into the page and have it entered into the 'username' field. That's really all I need.
0
Matt Petty Replied
Employee Post
Rod, I wrote this up and it should do exactly as you want, fill in the fields and that's it. It's not the cleanest solution and feels hacky but it does work.
-check "Enable Custom Login Page HTML" in the general settings from a system admin.
-Turn off your MailService.exe
-Edit C:\Program Files (x86)\SmarterTools\SmarterMail\Service\companyInfo.xml
 
-Replace <LoginPageHtml></LoginPageHtml>
With the text below.
<LoginPageHtml>&lt;script&gt;
var params = window.location.href.slice(window.location.href.indexOf('?') + 1).split('&amp;');
for(var i = 0; i &lt; params.length; i++)
{
	param = params[i].split('=');
	if(param[0] == 'username') {
		$('#loginUsernameBox').val(param[1]);
		$('#loginUsernameBox').trigger('change');
	} else if(param[0] == 'password') {
		$('#loginPasswordBox').val(param[1]);
		$('#loginPasswordBox').trigger('change');
	}
}
&lt;/script&gt;</LoginPageHtml>
-Turn MailService back on.

In my tests I was using
http://localhost:9998/interface/root#/login?username=test&password=doot
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Matt Petty Replied
Employee Post
Sorry I marked this as resolved. However if you have any issues let me know and I can help you work through them.
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
1
Thomas Chapman Replied
Matt thank you but,  before We upgraded to v16 We had a simple HTML form on our home page for users. http colon //www dot bhosted dot net . The code is something like
<h1>WebMail Login</h1>
<form action="https colon //mail dot bhosted dot net/Login.aspx" method="post" name="frMailLogin"><input name="page" type="hidden" value="login" /></p>
<table id="table1" style="border-collapse: collapse;" border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="">
<span style="font-family: Arial; font-size: 14px;">E-mail Address</span></td>
<input id="email" name="email" size="16" type="text" value="" /></td>
<span style="font-family: Arial; font-size: 14px;">Password</span></td>
<input id="password" name="password" size="16" type="password" value="" /></td>
<input id="submit" height="20" name="submit" type="submit" value="submit" width="100" /></td>
and it would pass the credentials onto the server. I tried your code in the companyinfo.xml and see no change in the look or  function of the login page . even if i try to pass username and password https colon //mail dot bhosted dot net/interface/root#/login?username=test&password=doot I did change the user and pass in my test. 
Also the iframe code above that works but not is a small area like the front of our site. 
There must be a way to have a simple login area like the way it is on the front page of our site. 
http colon //www dot bhosted dot net not about to post hyperlinks
Longtime smartertools user since v5 2008. Thank you in advance.  Thomas Chapman 
0
Patrick Huss Replied
Hi Matt, thank you for this tip. I do however not really like the fact that the password will be sent in cleartext.
In the reference documentation there is an autologinURL mentionned:
mail.smartertools.com/documentation/api#/reference/SmarterMail.Web.Controllers.Api.AuthenticationController/AuthenticateUser
Any chance this might get available in SM16?
This would, to my understanding, allow us to do an authenicateUser, with our form data, via API and in the result of this API call we get an URL we can redirect the user to autoLogin.
THAT would be just perfect!
0
Rod Strumbel Replied
Will give it a try and let you know, sounds like Thomas had issues with it.

If it DOES work, is this something that will get overwritten when I do an uninstall/reinstall vesrion update ?

Thanks
0
Rod Strumbel Replied
So I downloaded the latest greatest SM (v16.3.6775) and installed it on my local machine.
Shut down the SmarterMail Service, and made the changes to the companyinfo.xml you specified and saved the changes. Re-enabled the service.
Went to http://localhost:9998/interface/root#/login?username=rod@strumbel.com

And... it didn't fill in the onscreen fields at all. the url now retains the parameters, but it is not applying them into the form.

Next option ?
0
Rod Strumbel Replied
For anyone following along, I uninstalled and reinstalled SmarterMail (per a normal update process) to try and answer my own question about whether that companyinfo.xml would get overwritten wiping out my changes. The good news here is NO, that file did not get overwritten, or if it did, it retained the custom changes in addition to anything the installation put into that file. I say that because the DATE/TIME MODIFIED on that file updated to the new installation time, so it tells me SOMETHING read/wrote that file and saved it.

However, the changes to the file still do not fill in the login form.

This included a system reboot during the uninstall / reinstall.

Looking for other options, anybody ?
0
Merle Wait Replied
good to know about the file... YES, I am looking for the same process... I simply want to authorize the user to get into smartermail . I can get the info from API call, or where-ever; but that doesn't help when trying to start the actual webmail session... So yes, am frustrated.... because I have no answer ... :(
0
Matt Petty Replied
Employee Post Marked As Answer
    My apologies, you will also need to check "Enable Custom Login Page HTML" in the general settings from a system admin. Also it's important to make sure to not save the code using the normal HTML window and to modify the file directly with script changes, as our current modal for saving the HTML will remove scripts, thus putting them directly into the file will bypass that.

Also if your going to be passing passwords around like this please make sure you are sending them to a secure login page (HTTPS). Sending passwords as a query parameter should be fine from a network security standpoint (As long as it's HTTPS) but just keep in mind that dodgy browser software and plugins can sniff URLs, so this isn't the best solution but it does match what you are asking for. 

SmarterMail now has a more secure instant login link that can be generated via the requesting server using the new API and it remains active for 15 minutes (I think, might be more). However, this is not documented yet and it is more complicated to setup. I will try and get more info about this API and include it in the thread.
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Rod Strumbel Replied
If my API calls are taking 15 minutes, I have bigger issues. :)

Will try the Enable Custom Login page thing in a few minutes.

Rod
0
Matt Petty Replied
Employee Post
[EDIT: I was not aware when I made this post that this was not in SmarterMail 16, currently this feature is only in SmarterMail 17 right now which is currently in Beta (As of 7/27/2018).]

Building on what the end of my last reply was talking about...
You will have to familiarize yourself with the new authentication flow.
 
Once you authenticate a system admin you should get out an access token which is then fed into the next API call as an "Authorization" header. 
Authorization: Bearer <The access token>
This is the documentation on the new API I was talking about. 
 
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Matt Petty Replied
Employee Post
Also as a note to keep in mind, It appears this API is going to specifically check for a PRIMARY System admin so make sure to use a primary admin token with that. Personally I'd like to see that change, since using the primary admin account to make API calls could be a security concern to some. It would make sense to use a specific system admin just for API calls, that isn't a primary.

But for now just make sure you use the primary admin.
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Rod Strumbel Replied
To clarify this a bit for others.

If you "Enable Custom Login Page HTML" when your changes are already in the companyInfo.xml, it will display them in the GUI, but when you go look in the actual file... they have been removed.

So, AFTER enabling the Custom Login Page HTML, then you must go in and enter your code into the companyinfo.xml.

That combination now works to meet my purpose.

Thank you very much Matt!

Rod

0
Matt Petty Replied
Employee Post
My information below contains a call (Currently only SmarterMail 17) that returns a URL that you send the user to and that should start a new webmail session. They click the link and they go straight to their inbox. The solution I provided here is very specifically for this use-case where it doesn't perform the actual login just fills the info. I'm not sure exactly what you mean by starting the webmail session. However, some slight adjustments could make this code work for your usecase likely too. I have no problem helping you out with that if that's what your aiming for.

I'll try and make sure you leave this thread happy Merle :)
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Matthew Kides Replied
Employee Post
Just to clarify on this more since this information is a little incorrect, on Authenticate-User,
https://mail.smartertools.com/Documentation/api#/reference/SmarterMail.Web.Controllers.Api.AuthenticationController/AuthenticateUser
you can pass in retrieveAutoLoginToken as true unauthenticated with the user's username and password and it will give you autoLoginUrl back which you can then follow.
Also to note these parameters are not in 16 and are only in 17 right now
Matthew Kides
Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Patrick Huss Replied
Thanks Matthew for the hint that this autoLoginURL feature is currently only available in SM17. Unfortunately we are still on SM16 .
This autoLoginURL is something we are really looking for for months.
We have multiple Smartemail servers and one common custom login screen for our customers.
With the email's domain we determine which server they are located on an redirect the user to the correct server, where the solution suggested by Andrea (in the first reply to the OP), after a lot of screen flickering, connects the users to their webmail most of the time. (but not every time, which creates us quite some support tickets)
The autoLoginURL seems to be the perfect solution for our use case. Any chances this could be available in SM16?
0
Thomas Chapman Replied
So let me get this straight, you take away the form login option that has been around for as long I have been using smartermail 2005, then don't have API info released when V16 comes out, now just trying to get a simple answer or simple example on how to replace the form that passes the users name and password onto mail server I get examples on of API code that isn't released for production yet and can't be used on V16 which is what this entire discussion is about?

OK, If anyone would like to make some quick money please give me an example of PHP code that I cam put on the front page of my PHP driven web page that my users can type in their credentials click on a logon button and forward them to the smartermail web interface. Please see the Bhosted dot net home page for an example of the old logon version. I can be reached at cooling @ bhosted dot net. Thank you in advance Thomas Chapman
0
Thomas Chapman Replied
This code is useless but thank you. It does work well if I want the user to go to a separate to login if i were going to do that I may as well just send them to the main smarter mail login . This code acts like an IFrame.
0
Shayne Embry Replied
Release notes for the latest version (16.3.6802) includes
Fixed: Auto login script could fail for a new user.

Which auto login script? Is there finally one that actually works?
0
Andrea Rogers Replied
Employee Post
Hi Shayne. Our Help Doc, Automating Login to SmarterMail, provides HTML code that demonstrates how you can make a text link on a website (e.g. "Log into your mail") that automatically logs a user in to the SmarterMail site or auto-fills their account credentials on the login screen. Feel free to check it out:

http://help.smartertools.com/SmarterMail/v16/Topics/SystemAdmin/Misc/AutoLogin.aspx

Andrea Rogers
Communications Specialist
SmarterTools Inc.
(877) 357-6278

www.smartertools.com

0
Shayne Embry Replied
No. No. No.
I have reported in the past that this does not work. See my next post.
0
Shayne Embry Replied
I have tried the Auto Login Script about 10 times over the past 3 months...always with the same results.
  1. In Firefox (and IE) it simply shows the SM login screen with blank fields in an iframe.
  2. In Chrome, it works sometimes. Often it simply redirects to the SM login page and spins.
0
Andrea Rogers Replied
Employee Post
Hi Shayne. I was able to find your other Community post. Apologies for not seeing that sooner. As far as I am aware, Edge is the only browser that is not supported. This is not expected behavior when using Firefox, IE or Chrome. I have heard other reports of successful logins with this script, so I would encourage you to submit a ticket to the Support Department so they can determine what's causing this issue.

If you would like, I'd be happy to submit one of your Email Tickets on your behalf. (Keeping in mind that the ticket will be refunded back to your account for future use if this issue is determined to be caused by SmarterMail or the script we've provided.)

Andrea Rogers
Communications Specialist
SmarterTools Inc.
(877) 357-6278

www.smartertools.com

Reply to Thread