Exchange 2010 Outlook Web App Authentication Settings

This guide shows you how to change the authentication method on OWA and ECP. Terminology used from Exchangeserverpro.com

 

EXCHANGE SERVER 2010 OUTLOOK WEB APP AUTHENTICATION TYPES:

There are four authentication methods available for Exchange Server 2010 OWA:

 

Integrated Authentication – This allows domain users who are logged on to domain computers to automatically logon to Outlook Web App.  This is useful for internal Outlook Web App access as it simplifies the logon process for domain users (they don’t need to logon once to the computer and then a second time for OWA).  However Integrated Authentication is not suitable for remote access by people using non-domain member computers, or people who are connecting via proxy servers.

 

Basic Authentication – This uses the HTTP protocol to send the logon credentials to the server.  Because the credentials are sent “in the clear” the use of SSL is highly recommended for securing them.  Also, because Basic Authentication credentials can be cached in web browsers it is recommended to use an additional authentication factor (eg a one-time password from a token) to prevent unauthorized access from public kiosk computers using the cached credentials.

 

Digest Authentication – This method solves the problem with Basic Authentication where credentials are sent “in the clear” by sending a hashed password instead.  Digest Authentication also works through a proxy server unlike Integrated Authentication.  However Digest Authentication does have some other configuration requirements, such as the use of reversible encryption for password storage in Active Directory.  These may make it an undesirable option for many organiztions.

 

Forms-Based Authentication – This method uses a sign-in webpage on the server to collect logon credentials.  As with Basic Authentication the use of SSL with Forms-Based Authentication is highly recommended to protect the user credentials.

 

Configure FBA (forms based authentication) for OWA:

fba1

  • Open up the Exchange 2010 Management Console.
  • Step 1 -> Expand Server Configuration and then click on Client Access.
  • Step 2 -> Select the CAS server.
  • Step 3 -> Click the Outlook Web App Tab. The owa(Default Web Site) config is displayed.

fba2

  • Double click owa (Default Web Site)

fba3

  • Click on the Authentication Tab.
  • Step 1 -> Select “Use forms-based authentication”
  • Step 2 -> Select the logon format: Domain\user name
  • Step 3 -> Click on Apply.
  • Step 4 -> Click on OK.

After you make this change you will be presented with a window saying you need to ensure that the ECP has the same settings as OWA.

Configure FBA (forms based authentication) for ECP:

fba4

  • Click on the Exchange Control Panel Tab.
  • Double click ecp (Default Web Site).

fba5

  • Step 1 -> Click the Authentication Tab.
  • Step 2 -> Select “Use forms-based authentication”
  • Step 3 -> Click on Apply
  • Step 4 -> Click on OK

After you have made both changes you need to perform an IISRESET from an elevated prompt.

Hope it helps.

Views All Time
Views All Time
Views Today
Views Today
Advertisements

Leave a Reply

Your email address will not be published. Required fields are marked *